Lessons learned from the design of the SCIM API
-
Upload
erik-wahlstroem -
Category
Technology
-
view
361 -
download
2
Transcript of Lessons learned from the design of the SCIM API
Erik Wahlström
Technology Strategist
9/19/20133
Todays topics
What is SCIM?
What problems does it solve?
Lessons learned.
Erik Wahlström
Technology Strategist
9/19/20134
System for Cross-domain Identity Management
Enterprises are distributed.
Life cycle management.
Move users in and out of the cloud.
Erik Wahlström
Technology Strategist
9/19/20135
What does it do?
Lightweight provisioning protocol.
Defines a schema and a protocol.
Developed by Salesforce, Google, Cisco, UnboundID, Ping
Identity, Sailpoint, neXus, Microsoft, VMWare, Oracle etc.
Erik Wahlström
Technology Strategist
9/19/20136
The SCIM players
One server that need or creates data.
Another server that stores data.
A high level of trust between them.
In Sweden, remember PuL (Personuppgiftslagen).
User consents in Germany.
Erik Wahlström
Technology Strategist
9/19/201310
Before SCIM
Everybody rolled there own
Provisioning plugins
SPML
Erik Wahlström
Technology Strategist
9/19/201311
neXus + SCIM = true
Control of our users.
Simplified single sign on.
Important step for the cloud.
Important step for privacy.
Erik Wahlström
Technology Strategist
9/19/201313
ResourceServiceProviderConfigs
User
Group
EnterpriseUser
Schema
Erik Wahlström
Technology Strategist
9/19/201315
API
REST based protocol
cURL friendly
Firewall friendly
OAuth2 recommended
SSL/TLS
Erik Wahlström
Technology Strategist
9/19/201316
API Endpoints and HTTP verbs
What End point Verb
User /Users GET, POST, PUT, PATCH, DELETE
Group /Groups GET, POST, PUT, PATCH, DELETE
Service Provider Configuration /ServiceProviderConfigs GET
Schema /Schemas GET
Bulk /Bulk POST
Erik Wahlström
Technology Strategist
9/19/201321
Other features in the API
Filtering, paging and sorting
User storages can be huge
Filter language
Discovery
Schemas
Service provider configurations
Erik Wahlström
Technology Strategist
9/19/201325
Versioning of API and schema
/v1/Users/erikw
/v2/Users/erikw
"schemas": ["urn:scim:schemas:core:1.0"],
"schemas": ["urn:scim:schemas:core:2.0:User"]
Erik Wahlström
Technology Strategist
9/19/201330
Changed and worked on in 2.0
Reference resources
Search using only identifier
Search using POST
A hum to drop XML.
Integrations with OpenID Connect and SAML
Erik Wahlström
Technology Strategist
9/19/201331
More info and thanks.
http://www.simplecloud.info
https://tools.ietf.org/wg/scim/
@erik_wahlstrom