Sunday, February 12, 2012

SCIM - To overcome identity provisioning nightmares...

Identity provisioning is a key aspect of any Identity Management Solution.

In simple terms, it is to create, maintain and delete user accounts and related identities in one or more systems or applications in response to business processes which are initiated either by humans directly or by automated tasks.

Today the enterprise solutions adopt products and services from multiple cloud providers in order to accomplish various business requirements. Hence it is no longer sufficient to maintain user identities only in corporate LDAP.

In most cases, SaaS providers also need dedicated user accounts created for the cloud service users, which raises the need of proper identity provisioning mechanisms to be in place.

Currently, different cloud vendors expose non-standard provisioning APIs which makes it a nightmare for the enterprises to develop and maintain proprietary connectors to integrate with multiple SaaS providers.
For an example, Google exposes Google Provisioning API for provisioning user accounts in Google Apps Domain.

When enterprise IT systems consist of distributed, heterogeneous components from multiple vendors and from both in house and from cloud, it is key to have an open standard that all agree upon, in order to achieve interoperability and simplicity while getting rid of multiple connectors to perform the same thing.

Simple Cloud Identity Management is an emerging open standard which defines a comprehensive REST API along with a platform neutral schema and a SAML binding to facilitate the user management operations across SaaS applications; placing specific emphasis on simplicity and interoperability as well.

SCIM specification is in its version 1 and the cloud directory working group is  working on submitting it to IETF. You can get subscribed to cloud-directory@googlegroups.com and get updated with the latest happenings w.r.t SCIM spec.

Following embedded presentation which was used in a webinar, illustrates how some of the common use cases encountered in an enterprise identity management solution are achieved with SCIM.

We also identify the key characteristics of SCIM which makes it preferable over the other existing provisioning standards. Highlights of the overall SCIM specification -which is currently consisted of three normative parts, is also included in the slides.

1 comment:

  1. Hi,

    SAML 2.0 binding for scim is still usable or is it expired ?

    ReplyDelete

Note: Only a member of this blog may post a comment.