Overview#

System for Cross-domain Identity Management Use cases is part of SCIM 2.0 and defined in RFC 7642

Terminology#

• COI - Community of Interest
• CRM - Customer Relationship Management
• CRUD - Create, Read, Update, Delete
• CSP- Cloud Service Provider
• CSU - Cloud Service User
• ECS - Enterprise Cloud Subscriber
• IaaS - Infrastructure as a Service
• JIT - Just In Time
• PaaS - Platform as a Service
• SaaS - Software as a Service
• SAML - Security Assertion Markup Language
• SCIM - System for Cross-domain Identity Management
• SSO - Single Sign-On

SCIM Model Concepts#

Triggers#

Quite simply, triggers are actions or activities that start SCIM flows. Triggers may not be relevant at the protocol level or the schema level; they really serve to help identify the type or activity that resulted in a SCIM protocol exchange. Triggers make use of the traditional provisioning CRUD (Create, Read, Update, Delete) operations but add additional use-case contexts like SSO (Single Sign-On) as it is designed to capture a class of use case that makes sense to the actor requesting it rather than to describe a protocol operation.

Actors#

                           +---------------------+
                           |   Cloud Service     |
                           |   Provider (CSP)    |
                           +---------------------+
                                      |
                    +--------------------------------+
                    |                                |
                    v                                v
            +----------------+              +----------------+
            |Enterprise Cloud|              |Enterprise Cloud|
            |Subscriber (ECS)|              |Subscriber (ECS)|
            +----------------+              +----------------+
                    |                                |
            +----------------+              +----------------+
            |                |              |                |
            v                v              v                v
    +-------------+ +-------------+   +-------------+ +-------------+
    |Cloud Service| |Cloud Service|   |Cloud Service| |Cloud Service|
    |  User (CSU) | |  User (CSU) |   |  User (CSU) | |  User (CSU) |
    +-------------+ +-------------+   +-------------+ +-------------+

Flows from Cloud Service Provider to Cloud Service Provider (CSP->CSP)#

These scenarios represent flows between two Cloud Service Providers (CSPs). It is assumed that each CSP maintains an Identity Data Store for its Cloud Service Users (CSUs). These scenarios address various joiner, mover, leaver, and JIT triggers, resulting in push and pull data exchanges between the CSPs.

Flows from Cloud Service Provider to Cloud Service Provider (CSP->CSP)#

These scenarios represent flows between two Cloud Service Providers (CSPs). It is assumed that each CSP maintains an Identity Data Store for its Cloud Service Users (CSUs).

These scenarios address various joiner, mover, leaver, and JIT triggers, resulting in push and pull data exchanges between the CSPs.

More Information#

There might be more information for this subject on one of the following:

• SCIM 2.0
• System for Cross-domain Identity Management