LDAPWiki: System for Cross-domain Identity Management

Overview[1]#

System for Cross-domain Identity Management (SCIM) are IETF specifications was created to simplify user management in the cloud by defining a schema for representing users and groups and a REST API for all the necessary CRUD operations.

System for Cross-domain Identity Management specifications are published as publications by the Internet Engineering Taskforce (IETF) as RFC 7643 and RFC 7644.

The System for Cross-domain Identity Management specification suite seeks to build upon experience with existing schemas and deployments, placing specific emphasis on simplicity of development and integration, while applying existing authentication, authorization, and privacy models.

System for Cross-domain Identity Management intent is to reduce the cost and complexity of Identity Lifecycle Management operations by providing a common user schema and extension model, as well as binding documents to provide patterns for exchanging this schema using standard protocols. In essence: make it fast, cheap, and easy to move users in to, out of, and around the cloud.

System for Cross-domain Identity Management data can be encoded as a SCIM Object in JSON or XML encoding both defined within the specification.

Service Provisioning Markup Language (SPML) was an XML-based framework that was approved in 2003 that addressed the same issues. However the difficulties in implementations led to low adoption of the standard. System for Cross-domain Identity Management was created to address some of the SPML issues and uses REST and JSON

System for Cross-domain Identity Management protocol is a client-server model protocol. A SCIM Client initiates a communication to a SCIM Server which then modifies the target user store as required.

A given Entity could be either a SCIM Client or a SCIM Server for any given transaction; however, the same entity could be both a SCIM Client AND a SCIM Server depending on who initiates the transaction.

What is SCIM?[2]#

Enterprises are extremely distributed — applications and data are sent and stored all over the place, from cloud servers, parter systems, to internal servers. Throughout a scattered environment, it’s easy to lose control of where the data is. But as data privacy becomes more and more a heated issue, regaining control of identity is a top priority

System for Cross-domain Identity Management has been created as a way to standardize how companies create, update, and delete identity data — a standard for the life cycle management of online identity by allowing a standard method for exchanging identity to other partners or systems.

SCIM is a lightweight provisioning protocol that specifically defines two things:

Scheme - the identity profile could be a user, group, machine, or other resource entity. SCIM defines what those resources look like and how they are structured.
Protocol - the method of transport; how do we send user data to different systems?

Standardized by the Internet Engineering Task Force (IETF), contributors and/or implementation to the for System for Cross-domain Identity Management include organizations like:

It seems like the System for Cross-domain Identity Management standard is getting the hype and involvement it deserves, indicating a roadmap to future ubiquity.

SCIM 2.0 #

SCIM 2.0 as RFC 7643 (SCIM Core Schema) and RFC 7644 (SCIM Protocol) as well as SCIM Use Cases as RFC 7642.

Why SCIM?#

Why It’s (SCIM) More Important, and More Simple, Than You Think

System for Cross-domain Identity Management Endpoints #

More Information#

There might be more information for this subject on one of the following: