SlideShare a Scribd company logo

SCIM presentation from CIS 2012

Twobo Technologies
Twobo Technologies

A presentation on System for Cross-domain Identity Management (SCIM) formerly Simple Cloud Identity Management presented at the Cloud Identity Summit (CIS) 2012 by Travis Spencer, CEO of Twobo Technologies, a consulting firm specializing in Identity and Access Management (IAM), cloud security, and mobile security

1 of 23
Downloaded 128 times
Intro to SCIM Travis Spencer, CEO Twobo Technologies
The Problem • Modern systems are massively distributed • Organizations need to automate user/group management across domain boundaries • Large cloud providers have their own APIs • Enterprise-to-enterprise is a dog’s dinner • Identity is the fly in the integration ointment
The Resulting Reality • Tactical, bespoke methods that can’t scale • Expensive integration work & custom development • Systems maintain isolated silos of user data • X-employees continue accessing resources • Solution is automation based on open standards
Banding Together to Solve this Problem • Salesforce, Google, UnboundID, Ping Identity, Sailpoint, Technology Nexus, etc. • Protocol drafted, tested, and released in 2011 Q1 – Initial draft of spec Q2 – Updated draft discussed at IIW Q3 – Consortium formed under OWF, interop tests at IIW Q4 – V. 1 agreed upon by consortium, submitted to IETF
SCIM, a Modern Standard for Automation • The spec formerly known as Simple Cloud… • Provisioning API to manage users & groups • Support bulk updates for ingest & sync • Low-tech barrier, easy w/ curl & JavaScript • Designed w/ mobile in mind • Goes hand-in-glove w/ federation • Secure access using OAuth 2 et. al
SCIM Specification Set REST API for CRUD Federation Binding • JSON & XML • SAML • Response codes • TBD: OpenID Connect Core Schema • User • Groups • Enterprise Extension • Config
Features of SCIM • Core schema – Models user, groups, etc. – Defines basic user attributes (name, address, etc.) • RESTful API – Defines CRUD to synchronize resources – JSON and XML data formats • Federation bindings – SAML, OIC – Supports JIT provisioning during SSO – Maps SCIM schema to federation protocols
Push Provisioning IdP Organization SP Organization CRUD of user object SCIM SCIM Client Server Status
JIT Provisioning IdP Organization SP Organization Create user on the fly IdP SP User data in federation message Browser
JIT + Pull IdP Organization SP Organization Create new user User object IdP / SCIM SP / SCIM Get User Server Client Access token in federation message Browser
Overview of API • RESTful • Specifies well known endpoints & HTTP methods for managing core resources – User and group resources correspond to /Users and /Groups, respectively • Responses are returned in the body of the HTTP messages in JSON or XML format
Authentication and Security • Spec does not mandate a particular authentication scheme • OAuth 2 is recommended, but others are not precluded (e.g., HTTP basic) • Client and server must exchange data over SSL/TLS
Supported HTTP Verbs Verb Meaning GET Retrieves a resource POST Creates a new resource PUT Completely update a resource PATCH Partially update a resource DELETE Delete a resource
Controlling Responses • Filter (i.e., search) – Find specific resources – Request a subset of attributes • Sorting – Sort by – Sort order • Pagination – Client maintains offset and count – No server-side cursors (v. 2 probably)
Extensible Schema • Protocol defines core schema used to represent resources of various types – Modeled after POCO & others – Also stipulates how to extend • Defines enterprise extensions – Adds manager, department, organization, etc. • Others can be created at will
Includes Mapping from Active Directory Active Directory SCIM userPrincipalName userName mail email.value@type=work givenName name.givenName sn name.familyName whenCreated meta.whenCreated userPassword password cn displayName
Retrieving User Data GET request = GET /Users/2819c223-7f76-453a-919d-413861904646 read Host: example.com Accept: application/json User ID Authorization: Bearer h480djs93hd8 Return JSON HTTP/1.1 200 OK Attributes are Content-Type: application/json in JSON format 200 = successful Location: response https://example.com/v1/Users/2819c223-7f76- 453a-919d-413861904646 ETag: W/"f250dd84f0671c3" Same User ID { ... "name":{ "formatted":"Ms. Barbara J Jensen III", "familyName":"Jensen", Attributes "givenName":"Barbara" }, "userName":"bjensen",
Updating a Group with a new Member PATCH /Groups/acbf3ae7-8463-4692-b4fd- PATCH = only 9b4da3f908ce update what’s Host: example.com Secure access changed Accept: application/json using OAuth 2 Authorization: Bearer h480djs93hd8 ETag: W/"a330bc54f0671c9" { "schemas": ["urn:scim:schemas:core:1.0"], "members": [ { "display": "Babs Jensen", New group "value": "2819c223-7f76-453a…" member; others } are unchanged ] }
SCIM vis-à-vis UserInfo Endpoint in OIC User Agent 1. Get a token AS Client RS 3. Use a token 2. Read a token User- SCIM Info OIC SCIM API Base OAuth
What’s Next for SCIM? • More and more implementations! • PingOne and UnboundID’s synchronization server are already in the market • Major SaaS providers are launching this year • Other IAM vendors releasing soon • IETF working group has been formed – Date of completion projected for 2014 – V. 1 is available today
Support SCIM • SaaS and IdM vendors must implement SCIM for it to solve anything • Demand standards-based automation of identity; demand SCIM  • Join IETF mailing list; attend WG meetings
Thank You and More Info • @travisspencer • @pingidentity • simplecloud.info • travisspencer.com • 2botech.com • pingidentity.com
SCIM presentation from CIS 2012
Ad

Recommended

SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
Kelly Grizzle
 
DevSecOps : de la théorie à la pratique
DevSecOps : de la théorie à la pratiqueDevSecOps : de la théorie à la pratique
DevSecOps : de la théorie à la pratique
bertrandmeens
 
AWS Cloud Adoption Framework and Workshops
AWS Cloud Adoption Framework and WorkshopsAWS Cloud Adoption Framework and Workshops
AWS Cloud Adoption Framework and Workshops
Tom Laszewski
 
Webinar future dataintegration-datamesh-and-goldengatekafka
Webinar future dataintegration-datamesh-and-goldengatekafkaWebinar future dataintegration-datamesh-and-goldengatekafka
Webinar future dataintegration-datamesh-and-goldengatekafka
Jeffrey T. Pollock
 
AWS Tagging Strategy
AWS Tagging StrategyAWS Tagging Strategy
AWS Tagging Strategy
Shiva Narayanaswamy
 
Highlights of WSO2 API Manager 4.0.0
Highlights of WSO2 API Manager 4.0.0Highlights of WSO2 API Manager 4.0.0
Highlights of WSO2 API Manager 4.0.0
WSO2
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access Management
DLT Solutions
 
Azure data factory
Azure data factoryAzure data factory
Azure data factory
David Giard
 
Pipelines and Packages: Introduction to Azure Data Factory (DATA:Scotland 2019)
Pipelines and Packages: Introduction to Azure Data Factory (DATA:Scotland 2019)Pipelines and Packages: Introduction to Azure Data Factory (DATA:Scotland 2019)
Pipelines and Packages: Introduction to Azure Data Factory (DATA:Scotland 2019)
Cathrine Wilhelmsen
 
DMS와 SCT를 활용한 Oracle에서 Open Source DB로의 전환
DMS와 SCT를 활용한 Oracle에서 Open Source DB로의 전환DMS와 SCT를 활용한 Oracle에서 Open Source DB로의 전환
DMS와 SCT를 활용한 Oracle에서 Open Source DB로의 전환
Amazon Web Services Korea
 
1. 아키텍쳐 설계 프로세스
1. 아키텍쳐 설계 프로세스1. 아키텍쳐 설계 프로세스
1. 아키텍쳐 설계 프로세스
Terry Cho
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
Abhishek Koserwal
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting Started
Taswar Bhatti
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and Management
Allen Brokken
 
Identity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibilityIdentity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibility
Ryan Dawson
 
Azure purview
Azure purviewAzure purview
Azure purview
Shafqat Turza
 
Standardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIMStandardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIM
WSO2
 
SOA vs Microservices vs SBA
SOA vs Microservices vs SBASOA vs Microservices vs SBA
SOA vs Microservices vs SBA
Michael Sukachev
 
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Timothy McAliley
 
[2018] 고객 사례를 통해 본 클라우드 전환 전략
[2018] 고객 사례를 통해 본 클라우드 전환 전략[2018] 고객 사례를 통해 본 클라우드 전환 전략
[2018] 고객 사례를 통해 본 클라우드 전환 전략
NHN FORWARD
 
池澤あやかと学ぼう!: はじめてのOAuthとOpenID Connect - JICS 2014
池澤あやかと学ぼう!: はじめてのOAuthとOpenID Connect - JICS 2014池澤あやかと学ぼう!: はじめてのOAuthとOpenID Connect - JICS 2014
池澤あやかと学ぼう!: はじめてのOAuthとOpenID Connect - JICS 2014
Nov Matake
 
アイデンティティ管理の基礎~Fim adfsアーキテクチャ
アイデンティティ管理の基礎~Fim adfsアーキテクチャアイデンティティ管理の基礎~Fim adfsアーキテクチャ
アイデンティティ管理の基礎~Fim adfsアーキテクチャ
Naohiro Fujie
 
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트) IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
Amazon Web Services Korea
 
Data Orchestration for AI, Big Data, and Cloud
Data Orchestration for AI, Big Data, and CloudData Orchestration for AI, Big Data, and Cloud
Data Orchestration for AI, Big Data, and Cloud
Alluxio, Inc.
 
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
Identity Days
 
SCIM in the Real World: Adoption is Growing
SCIM in the Real World: Adoption is GrowingSCIM in the Real World: Adoption is Growing
SCIM in the Real World: Adoption is Growing
Kelly Grizzle
 
Disaster Recovery Using Azure Services
Disaster Recovery Using Azure ServicesDisaster Recovery Using Azure Services
Disaster Recovery Using Azure Services
Adil Arif
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architecture
Karl Ots
 
Interfacing Banner BEIS With Identity Management - Summit 2012
Interfacing Banner BEIS With Identity Management - Summit 2012Interfacing Banner BEIS With Identity Management - Summit 2012
Interfacing Banner BEIS With Identity Management - Summit 2012
joelavery
 
Incentive Compatible Privacy Preserving Data Analysis
Incentive Compatible Privacy Preserving Data AnalysisIncentive Compatible Privacy Preserving Data Analysis
Incentive Compatible Privacy Preserving Data Analysis
rupasri mupparthi
 
Ad

More Related Content

What's hot (20)

Pipelines and Packages: Introduction to Azure Data Factory (DATA:Scotland 2019)
Pipelines and Packages: Introduction to Azure Data Factory (DATA:Scotland 2019)Pipelines and Packages: Introduction to Azure Data Factory (DATA:Scotland 2019)
Pipelines and Packages: Introduction to Azure Data Factory (DATA:Scotland 2019)
Cathrine Wilhelmsen
 
DMS와 SCT를 활용한 Oracle에서 Open Source DB로의 전환
DMS와 SCT를 활용한 Oracle에서 Open Source DB로의 전환DMS와 SCT를 활용한 Oracle에서 Open Source DB로의 전환
DMS와 SCT를 활용한 Oracle에서 Open Source DB로의 전환
Amazon Web Services Korea
 
1. 아키텍쳐 설계 프로세스
1. 아키텍쳐 설계 프로세스1. 아키텍쳐 설계 프로세스
1. 아키텍쳐 설계 프로세스
Terry Cho
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
Abhishek Koserwal
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting Started
Taswar Bhatti
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and Management
Allen Brokken
 
Identity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibilityIdentity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibility
Ryan Dawson
 
Azure purview
Azure purviewAzure purview
Azure purview
Shafqat Turza
 
Standardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIMStandardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIM
WSO2
 
SOA vs Microservices vs SBA
SOA vs Microservices vs SBASOA vs Microservices vs SBA
SOA vs Microservices vs SBA
Michael Sukachev
 
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Timothy McAliley
 
[2018] 고객 사례를 통해 본 클라우드 전환 전략
[2018] 고객 사례를 통해 본 클라우드 전환 전략[2018] 고객 사례를 통해 본 클라우드 전환 전략
[2018] 고객 사례를 통해 본 클라우드 전환 전략
NHN FORWARD
 
池澤あやかと学ぼう!: はじめてのOAuthとOpenID Connect - JICS 2014
池澤あやかと学ぼう!: はじめてのOAuthとOpenID Connect - JICS 2014池澤あやかと学ぼう!: はじめてのOAuthとOpenID Connect - JICS 2014
池澤あやかと学ぼう!: はじめてのOAuthとOpenID Connect - JICS 2014
Nov Matake
 
アイデンティティ管理の基礎~Fim adfsアーキテクチャ
アイデンティティ管理の基礎~Fim adfsアーキテクチャアイデンティティ管理の基礎~Fim adfsアーキテクチャ
アイデンティティ管理の基礎~Fim adfsアーキテクチャ
Naohiro Fujie
 
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트) IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
Amazon Web Services Korea
 
Data Orchestration for AI, Big Data, and Cloud
Data Orchestration for AI, Big Data, and CloudData Orchestration for AI, Big Data, and Cloud
Data Orchestration for AI, Big Data, and Cloud
Alluxio, Inc.
 
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
Identity Days
 
SCIM in the Real World: Adoption is Growing
SCIM in the Real World: Adoption is GrowingSCIM in the Real World: Adoption is Growing
SCIM in the Real World: Adoption is Growing
Kelly Grizzle
 
Disaster Recovery Using Azure Services
Disaster Recovery Using Azure ServicesDisaster Recovery Using Azure Services
Disaster Recovery Using Azure Services
Adil Arif
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architecture
Karl Ots
 
Pipelines and Packages: Introduction to Azure Data Factory (DATA:Scotland 2019)
Pipelines and Packages: Introduction to Azure Data Factory (DATA:Scotland 2019)Pipelines and Packages: Introduction to Azure Data Factory (DATA:Scotland 2019)
Pipelines and Packages: Introduction to Azure Data Factory (DATA:Scotland 2019)
Cathrine Wilhelmsen
 
DMS와 SCT를 활용한 Oracle에서 Open Source DB로의 전환
DMS와 SCT를 활용한 Oracle에서 Open Source DB로의 전환DMS와 SCT를 활용한 Oracle에서 Open Source DB로의 전환
DMS와 SCT를 활용한 Oracle에서 Open Source DB로의 전환
Amazon Web Services Korea
 
1. 아키텍쳐 설계 프로세스
1. 아키텍쳐 설계 프로세스1. 아키텍쳐 설계 프로세스
1. 아키텍쳐 설계 프로세스
Terry Cho
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
Abhishek Koserwal
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting Started
Taswar Bhatti
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and Management
Allen Brokken
 
Identity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibilityIdentity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibility
Ryan Dawson
 
Azure purview
Azure purviewAzure purview
Azure purview
Shafqat Turza
 
Standardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIMStandardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIM
WSO2
 
SOA vs Microservices vs SBA
SOA vs Microservices vs SBASOA vs Microservices vs SBA
SOA vs Microservices vs SBA
Michael Sukachev
 
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Timothy McAliley
 
[2018] 고객 사례를 통해 본 클라우드 전환 전략
[2018] 고객 사례를 통해 본 클라우드 전환 전략[2018] 고객 사례를 통해 본 클라우드 전환 전략
[2018] 고객 사례를 통해 본 클라우드 전환 전략
NHN FORWARD
 
池澤あやかと学ぼう!: はじめてのOAuthとOpenID Connect - JICS 2014
池澤あやかと学ぼう!: はじめてのOAuthとOpenID Connect - JICS 2014池澤あやかと学ぼう!: はじめてのOAuthとOpenID Connect - JICS 2014
池澤あやかと学ぼう!: はじめてのOAuthとOpenID Connect - JICS 2014
Nov Matake
 
アイデンティティ管理の基礎~Fim adfsアーキテクチャ
アイデンティティ管理の基礎~Fim adfsアーキテクチャアイデンティティ管理の基礎~Fim adfsアーキテクチャ
アイデンティティ管理の基礎~Fim adfsアーキテクチャ
Naohiro Fujie
 
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트) IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
Amazon Web Services Korea
 
Data Orchestration for AI, Big Data, and Cloud
Data Orchestration for AI, Big Data, and CloudData Orchestration for AI, Big Data, and Cloud
Data Orchestration for AI, Big Data, and Cloud
Alluxio, Inc.
 
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
Identity Days
 
SCIM in the Real World: Adoption is Growing
SCIM in the Real World: Adoption is GrowingSCIM in the Real World: Adoption is Growing
SCIM in the Real World: Adoption is Growing
Kelly Grizzle
 
Disaster Recovery Using Azure Services
Disaster Recovery Using Azure ServicesDisaster Recovery Using Azure Services
Disaster Recovery Using Azure Services
Adil Arif
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architecture
Karl Ots
 

Viewers also liked (20)

Interfacing Banner BEIS With Identity Management - Summit 2012
Interfacing Banner BEIS With Identity Management - Summit 2012Interfacing Banner BEIS With Identity Management - Summit 2012
Interfacing Banner BEIS With Identity Management - Summit 2012
joelavery
 
Incentive Compatible Privacy Preserving Data Analysis
Incentive Compatible Privacy Preserving Data AnalysisIncentive Compatible Privacy Preserving Data Analysis
Incentive Compatible Privacy Preserving Data Analysis
rupasri mupparthi
 
Beveiliging en REST services
Beveiliging en REST servicesBeveiliging en REST services
Beveiliging en REST services
Maurice De Beijer [MVP]
 
Transforming organizations into platforms
Transforming organizations into platformsTransforming organizations into platforms
Transforming organizations into platforms
Twobo Technologies
 
Synergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All TogetherSynergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All Together
Twobo Technologies
 
Designing an API
Designing an APIDesigning an API
Designing an API
Twobo Technologies
 
Incorporating OAuth
Incorporating OAuthIncorporating OAuth
Incorporating OAuth
Twobo Technologies
 
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldNordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Twobo Technologies
 
#dd12 OAuth for Domino Developers
#dd12 OAuth for Domino Developers#dd12 OAuth for Domino Developers
#dd12 OAuth for Domino Developers
Dominopoint - Italian Lotus User Group
 
Final ppt
Final pptFinal ppt
Final ppt
Dhiraj Sriram
 
Incorporating OAuth: How to integrate OAuth into your mobile app
Incorporating OAuth: How to integrate OAuth into your mobile appIncorporating OAuth: How to integrate OAuth into your mobile app
Incorporating OAuth: How to integrate OAuth into your mobile app
Nordic APIs
 
Twobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFS
Twobo Technologies
 
Introduction to OAuth2.0
Introduction to OAuth2.0Introduction to OAuth2.0
Introduction to OAuth2.0
Oracle Corporation
 
Neo-security Stack
Neo-security StackNeo-security Stack
Neo-security Stack
Twobo Technologies
 
The JSON-based Identity Protocol Suite
The JSON-based Identity Protocol SuiteThe JSON-based Identity Protocol Suite
The JSON-based Identity Protocol Suite
Twobo Technologies
 
Project book on WINDS OF CHANGE:FROM VENDOR LOCK-IN TO THE META CLOUD
Project book on WINDS OF CHANGE:FROM VENDOR LOCK-IN TO THE META CLOUDProject book on WINDS OF CHANGE:FROM VENDOR LOCK-IN TO THE META CLOUD
Project book on WINDS OF CHANGE:FROM VENDOR LOCK-IN TO THE META CLOUD
NAWAZ KHAN
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
CA API Management
 
SCIM 2.0 - Choose your own identity adventure
SCIM 2.0 - Choose your own identity adventureSCIM 2.0 - Choose your own identity adventure
SCIM 2.0 - Choose your own identity adventure
Kelly Grizzle
 
Nordic APIs - Building a Secure API
Nordic APIs - Building a Secure APINordic APIs - Building a Secure API
Nordic APIs - Building a Secure API
Twobo Technologies
 
OAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for MicroservicesOAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for Microservices
Twobo Technologies
 
Interfacing Banner BEIS With Identity Management - Summit 2012
Interfacing Banner BEIS With Identity Management - Summit 2012Interfacing Banner BEIS With Identity Management - Summit 2012
Interfacing Banner BEIS With Identity Management - Summit 2012
joelavery
 
Incentive Compatible Privacy Preserving Data Analysis
Incentive Compatible Privacy Preserving Data AnalysisIncentive Compatible Privacy Preserving Data Analysis
Incentive Compatible Privacy Preserving Data Analysis
rupasri mupparthi
 
Beveiliging en REST services
Beveiliging en REST servicesBeveiliging en REST services
Beveiliging en REST services
Maurice De Beijer [MVP]
 
Transforming organizations into platforms
Transforming organizations into platformsTransforming organizations into platforms
Transforming organizations into platforms
Twobo Technologies
 
Synergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All TogetherSynergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All Together
Twobo Technologies
 
Designing an API
Designing an APIDesigning an API
Designing an API
Twobo Technologies
 
Incorporating OAuth
Incorporating OAuthIncorporating OAuth
Incorporating OAuth
Twobo Technologies
 
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldNordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Twobo Technologies
 
#dd12 OAuth for Domino Developers
#dd12 OAuth for Domino Developers#dd12 OAuth for Domino Developers
#dd12 OAuth for Domino Developers
Dominopoint - Italian Lotus User Group
 
Final ppt
Final pptFinal ppt
Final ppt
Dhiraj Sriram
 
Incorporating OAuth: How to integrate OAuth into your mobile app
Incorporating OAuth: How to integrate OAuth into your mobile appIncorporating OAuth: How to integrate OAuth into your mobile app
Incorporating OAuth: How to integrate OAuth into your mobile app
Nordic APIs
 
Twobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFS
Twobo Technologies
 
Introduction to OAuth2.0
Introduction to OAuth2.0Introduction to OAuth2.0
Introduction to OAuth2.0
Oracle Corporation
 
Neo-security Stack
Neo-security StackNeo-security Stack
Neo-security Stack
Twobo Technologies
 
The JSON-based Identity Protocol Suite
The JSON-based Identity Protocol SuiteThe JSON-based Identity Protocol Suite
The JSON-based Identity Protocol Suite
Twobo Technologies
 
Project book on WINDS OF CHANGE:FROM VENDOR LOCK-IN TO THE META CLOUD
Project book on WINDS OF CHANGE:FROM VENDOR LOCK-IN TO THE META CLOUDProject book on WINDS OF CHANGE:FROM VENDOR LOCK-IN TO THE META CLOUD
Project book on WINDS OF CHANGE:FROM VENDOR LOCK-IN TO THE META CLOUD
NAWAZ KHAN
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
CA API Management
 
SCIM 2.0 - Choose your own identity adventure
SCIM 2.0 - Choose your own identity adventureSCIM 2.0 - Choose your own identity adventure
SCIM 2.0 - Choose your own identity adventure
Kelly Grizzle
 
Nordic APIs - Building a Secure API
Nordic APIs - Building a Secure APINordic APIs - Building a Secure API
Nordic APIs - Building a Secure API
Twobo Technologies
 
OAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for MicroservicesOAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for Microservices
Twobo Technologies
 
Ad

Similar to SCIM presentation from CIS 2012 (20)

Building IAM for OpenStack
Building IAM for OpenStackBuilding IAM for OpenStack
Building IAM for OpenStack
Steve Martinelli
 
Jan19 scim webinar-04
Jan19 scim webinar-04Jan19 scim webinar-04
Jan19 scim webinar-04
Paul Madsen
 
Building APIs in an easy way using API Platform
Building APIs in an easy way using API PlatformBuilding APIs in an easy way using API Platform
Building APIs in an easy way using API Platform
Antonio Peric-Mazar
 
MongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day OneMongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day One
MongoDB
 
Take the spaghetti out of windows azure – an insight for it pro techies part 2
Take the spaghetti out of windows azure – an insight for it pro techies part 2Take the spaghetti out of windows azure – an insight for it pro techies part 2
Take the spaghetti out of windows azure – an insight for it pro techies part 2
Microsoft TechNet - Belgium and Luxembourg
 
IBM Spectrum Scale Authentication for Protocols
IBM Spectrum Scale Authentication for ProtocolsIBM Spectrum Scale Authentication for Protocols
IBM Spectrum Scale Authentication for Protocols
Sandeep Patil
 
MongoDB.local Dallas 2019: Pissing Off IT and Delivery: A Tale of 2 ODS's
MongoDB.local Dallas 2019: Pissing Off IT and Delivery: A Tale of 2 ODS'sMongoDB.local Dallas 2019: Pissing Off IT and Delivery: A Tale of 2 ODS's
MongoDB.local Dallas 2019: Pissing Off IT and Delivery: A Tale of 2 ODS's
MongoDB
 
Pinterest like site using REST and Bottle
Pinterest like site using REST and Bottle Pinterest like site using REST and Bottle
Pinterest like site using REST and Bottle
Gaurav Bhardwaj
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OpenIDFoundation
 
Introduction to Shib 2.0 (Chad La Joie)
Introduction to Shib 2.0 (Chad La Joie)Introduction to Shib 2.0 (Chad La Joie)
Introduction to Shib 2.0 (Chad La Joie)
JISC.AM
 
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Michael Collier
 
Master IAM in the Cloud with SCIM v2.0
Master IAM in the Cloud with SCIM v2.0Master IAM in the Cloud with SCIM v2.0
Master IAM in the Cloud with SCIM v2.0
Kelly Grizzle
 
BanDADE
BanDADEBanDADE
BanDADE
cerverojj
 
Null talk
Null talkNull talk
Null talk
Agam Jain
 
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio TavillaOpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
Lorenzo Carnevale
 
Asp.net membership anduserroles_ppt
Asp.net membership anduserroles_pptAsp.net membership anduserroles_ppt
Asp.net membership anduserroles_ppt
Shivanand Arur
 
Enterprise Integration Patterns - Spring way
Enterprise Integration Patterns - Spring wayEnterprise Integration Patterns - Spring way
Enterprise Integration Patterns - Spring way
Dragan Gajic
 
Microsoft graph and power platform champ
Microsoft graph and power platform champMicrosoft graph and power platform champ
Microsoft graph and power platform champ
Kumton Suttiraksiri
 
Scim2012 q1update chrisphillips
Scim2012 q1update chrisphillipsScim2012 q1update chrisphillips
Scim2012 q1update chrisphillips
Chris Phillips
 
ASP.NET Lecture 5
ASP.NET Lecture 5ASP.NET Lecture 5
ASP.NET Lecture 5
Julie Iskander
 
Building IAM for OpenStack
Building IAM for OpenStackBuilding IAM for OpenStack
Building IAM for OpenStack
Steve Martinelli
 
Jan19 scim webinar-04
Jan19 scim webinar-04Jan19 scim webinar-04
Jan19 scim webinar-04
Paul Madsen
 
Building APIs in an easy way using API Platform
Building APIs in an easy way using API PlatformBuilding APIs in an easy way using API Platform
Building APIs in an easy way using API Platform
Antonio Peric-Mazar
 
MongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day OneMongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day One
MongoDB
 
Take the spaghetti out of windows azure – an insight for it pro techies part 2
Take the spaghetti out of windows azure – an insight for it pro techies part 2Take the spaghetti out of windows azure – an insight for it pro techies part 2
Take the spaghetti out of windows azure – an insight for it pro techies part 2
Microsoft TechNet - Belgium and Luxembourg
 
IBM Spectrum Scale Authentication for Protocols
IBM Spectrum Scale Authentication for ProtocolsIBM Spectrum Scale Authentication for Protocols
IBM Spectrum Scale Authentication for Protocols
Sandeep Patil
 
MongoDB.local Dallas 2019: Pissing Off IT and Delivery: A Tale of 2 ODS's
MongoDB.local Dallas 2019: Pissing Off IT and Delivery: A Tale of 2 ODS'sMongoDB.local Dallas 2019: Pissing Off IT and Delivery: A Tale of 2 ODS's
MongoDB.local Dallas 2019: Pissing Off IT and Delivery: A Tale of 2 ODS's
MongoDB
 
Pinterest like site using REST and Bottle
Pinterest like site using REST and Bottle Pinterest like site using REST and Bottle
Pinterest like site using REST and Bottle
Gaurav Bhardwaj
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OpenIDFoundation
 
Introduction to Shib 2.0 (Chad La Joie)
Introduction to Shib 2.0 (Chad La Joie)Introduction to Shib 2.0 (Chad La Joie)
Introduction to Shib 2.0 (Chad La Joie)
JISC.AM
 
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Michael Collier
 
Master IAM in the Cloud with SCIM v2.0
Master IAM in the Cloud with SCIM v2.0Master IAM in the Cloud with SCIM v2.0
Master IAM in the Cloud with SCIM v2.0
Kelly Grizzle
 
BanDADE
BanDADEBanDADE
BanDADE
cerverojj
 
Null talk
Null talkNull talk
Null talk
Agam Jain
 
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio TavillaOpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
Lorenzo Carnevale
 
Asp.net membership anduserroles_ppt
Asp.net membership anduserroles_pptAsp.net membership anduserroles_ppt
Asp.net membership anduserroles_ppt
Shivanand Arur
 
Enterprise Integration Patterns - Spring way
Enterprise Integration Patterns - Spring wayEnterprise Integration Patterns - Spring way
Enterprise Integration Patterns - Spring way
Dragan Gajic
 
Microsoft graph and power platform champ
Microsoft graph and power platform champMicrosoft graph and power platform champ
Microsoft graph and power platform champ
Kumton Suttiraksiri
 
Scim2012 q1update chrisphillips
Scim2012 q1update chrisphillipsScim2012 q1update chrisphillips
Scim2012 q1update chrisphillips
Chris Phillips
 
ASP.NET Lecture 5
ASP.NET Lecture 5ASP.NET Lecture 5
ASP.NET Lecture 5
Julie Iskander
 
Ad

Recently uploaded (20)

UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 

SCIM presentation from CIS 2012

  • 1. Intro to SCIM Travis Spencer, CEO Twobo Technologies
  • 2. The Problem • Modern systems are massively distributed • Organizations need to automate user/group management across domain boundaries • Large cloud providers have their own APIs • Enterprise-to-enterprise is a dog’s dinner • Identity is the fly in the integration ointment
  • 3. The Resulting Reality • Tactical, bespoke methods that can’t scale • Expensive integration work & custom development • Systems maintain isolated silos of user data • X-employees continue accessing resources • Solution is automation based on open standards
  • 4. Banding Together to Solve this Problem • Salesforce, Google, UnboundID, Ping Identity, Sailpoint, Technology Nexus, etc. • Protocol drafted, tested, and released in 2011 Q1 – Initial draft of spec Q2 – Updated draft discussed at IIW Q3 – Consortium formed under OWF, interop tests at IIW Q4 – V. 1 agreed upon by consortium, submitted to IETF
  • 5. SCIM, a Modern Standard for Automation • The spec formerly known as Simple Cloud… • Provisioning API to manage users & groups • Support bulk updates for ingest & sync • Low-tech barrier, easy w/ curl & JavaScript • Designed w/ mobile in mind • Goes hand-in-glove w/ federation • Secure access using OAuth 2 et. al
  • 6. SCIM Specification Set REST API for CRUD Federation Binding • JSON & XML • SAML • Response codes • TBD: OpenID Connect Core Schema • User • Groups • Enterprise Extension • Config
  • 7. Features of SCIM • Core schema – Models user, groups, etc. – Defines basic user attributes (name, address, etc.) • RESTful API – Defines CRUD to synchronize resources – JSON and XML data formats • Federation bindings – SAML, OIC – Supports JIT provisioning during SSO – Maps SCIM schema to federation protocols
  • 8. Push Provisioning IdP Organization SP Organization CRUD of user object SCIM SCIM Client Server Status
  • 9. JIT Provisioning IdP Organization SP Organization Create user on the fly IdP SP User data in federation message Browser
  • 10. JIT + Pull IdP Organization SP Organization Create new user User object IdP / SCIM SP / SCIM Get User Server Client Access token in federation message Browser
  • 11. Overview of API • RESTful • Specifies well known endpoints & HTTP methods for managing core resources – User and group resources correspond to /Users and /Groups, respectively • Responses are returned in the body of the HTTP messages in JSON or XML format
  • 12. Authentication and Security • Spec does not mandate a particular authentication scheme • OAuth 2 is recommended, but others are not precluded (e.g., HTTP basic) • Client and server must exchange data over SSL/TLS
  • 13. Supported HTTP Verbs Verb Meaning GET Retrieves a resource POST Creates a new resource PUT Completely update a resource PATCH Partially update a resource DELETE Delete a resource
  • 14. Controlling Responses • Filter (i.e., search) – Find specific resources – Request a subset of attributes • Sorting – Sort by – Sort order • Pagination – Client maintains offset and count – No server-side cursors (v. 2 probably)
  • 15. Extensible Schema • Protocol defines core schema used to represent resources of various types – Modeled after POCO & others – Also stipulates how to extend • Defines enterprise extensions – Adds manager, department, organization, etc. • Others can be created at will
  • 16. Includes Mapping from Active Directory Active Directory SCIM userPrincipalName userName mail email.value@type=work givenName name.givenName sn name.familyName whenCreated meta.whenCreated userPassword password cn displayName
  • 17. Retrieving User Data GET request = GET /Users/2819c223-7f76-453a-919d-413861904646 read Host: example.com Accept: application/json User ID Authorization: Bearer h480djs93hd8 Return JSON HTTP/1.1 200 OK Attributes are Content-Type: application/json in JSON format 200 = successful Location: response https://example.com/v1/Users/2819c223-7f76- 453a-919d-413861904646 ETag: W/"f250dd84f0671c3" Same User ID { ... "name":{ "formatted":"Ms. Barbara J Jensen III", "familyName":"Jensen", Attributes "givenName":"Barbara" }, "userName":"bjensen",
  • 18. Updating a Group with a new Member PATCH /Groups/acbf3ae7-8463-4692-b4fd- PATCH = only 9b4da3f908ce update what’s Host: example.com Secure access changed Accept: application/json using OAuth 2 Authorization: Bearer h480djs93hd8 ETag: W/"a330bc54f0671c9" { "schemas": ["urn:scim:schemas:core:1.0"], "members": [ { "display": "Babs Jensen", New group "value": "2819c223-7f76-453a…" member; others } are unchanged ] }
  • 19. SCIM vis-à-vis UserInfo Endpoint in OIC User Agent 1. Get a token AS Client RS 3. Use a token 2. Read a token User- SCIM Info OIC SCIM API Base OAuth
  • 20. What’s Next for SCIM? • More and more implementations! • PingOne and UnboundID’s synchronization server are already in the market • Major SaaS providers are launching this year • Other IAM vendors releasing soon • IETF working group has been formed – Date of completion projected for 2014 – V. 1 is available today
  • 21. Support SCIM • SaaS and IdM vendors must implement SCIM for it to solve anything • Demand standards-based automation of identity; demand SCIM  • Join IETF mailing list; attend WG meetings
  • 22. Thank You and More Info • @travisspencer • @pingidentity • simplecloud.info • travisspencer.com • 2botech.com • pingidentity.com