SCIM in the Real World: Adoption is Growing
-
Upload
kelly-grizzle -
Category
Software
-
view
283 -
download
5
Transcript of SCIM in the Real World: Adoption is Growing
![Page 1: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/1.jpg)
SCIM in the Real WorldKelly Grizzle
Software Architect – SailPoint
![Page 2: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/2.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 2
Overview
• What is SCIM?• Trends in SCIM Usage• Who are you and what’s your problem?
- Identity Gurus- Service Providers
• Case Studies• Where is SCIM today and where is it going?
![Page 3: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/3.jpg)
What is SCIM?System for Cross-Domain Identity Management
![Page 4: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/4.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 4
Identity Management+
REST=
![Page 5: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/5.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 5
Identity Management + REST = SCIM
• REST is just architectural pattern- SCIM defines an identity management profile for it
• SCIM provides…- Standard definitions for User and Group- Standard operations
• Create, Read, Update, Delete, Search, Partial Update, Bulk
- Extensibility• Add more attributes to existing object types or define new object
types
![Page 6: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/6.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 6
Example – Retrieve User Request
GET /Users/2819c223-7f76-453a-919d-413861904646Host: example.comAccept: application/scim+jsonAuthorization: Bearer h480djs93hd8
![Page 7: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/7.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 7
Example – Retrieve User ResponseHTTP/1.1 200 OK
Content-Type: application/scim+json
Location: https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646{
"schemas":["urn:ietf:params:scim:schemas:core:2.0:User"],
"id": "2819c223-7f76-453a-919d-413861904646",
"name": {
"formatted": "Ms. Barbara J Jensen III",
"familyName": "Jensen",
"givenName": "Barbara“
},
"meta": {
"resourceType": "User",
"created": "2011-08-01T18:29:49.793Z",
...
}
}
Self-describingpayload
Single-valuedattribute
Complexattribute
Manydata types
![Page 8: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/8.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 8
CRUD Operations
POST /UsersPUT /Users/2819c223-7f76-453a-919d-413861904646PATCH /Users/2819c223-7f76-453a-919d-413861904646DELETE /Users/2819c223-7f76-453a-919d-413861904646
GET /Users?startIndex=10&count=5&filter=userName sw “J”GET /Users/2819c223-7f76-453a-919d-413861904646
![Page 9: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/9.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 9
Server Configuration Operations
GET /ResourceTypes- Return the types of resources that are supported- Endpoint URL, schema, etc…
GET /Schemas/- Return the schema definitions- Attributes names and types, etc…
GET /ServiceProviderConfigs- Return info about what is supported by the server- Authn methods, optional features, etc…
![Page 10: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/10.jpg)
Trends in SCIM Usage
![Page 11: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/11.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 11
Trends
• Enterprises are using SCIM Gateways to communicate between internal systems
• Service providers use SCIM for directory access- Store extended information, but often not visible externally
• IAM and IDaaS vendors provide SCIM Servers to expose identity information and use SCIM Clients to read/write external systems
• Common threads in custom password extensions• SCIM is seen as the identity management API
![Page 12: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/12.jpg)
Who are you?
![Page 13: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/13.jpg)
IAM Gurus!
![Page 14: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/14.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 14
99 problems and identity is #1I GOT 99 PROBLEMS
AND IDENTITY IS #1!
![Page 15: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/15.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 15
Problem!!! Bob needs a new account
SCIM Solution: Provision
![Page 16: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/16.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 16
Problem!!! Bob can’t login!
SCIM Solution: Password reset
* Alternate Solution: Single sign-on … but this isn’t a SAML / OIDC workshop.
![Page 17: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/17.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 17
Problem!!! Bob can’t read the financials
SCIM Solution: Add him to a group orgive him some entitlements
![Page 18: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/18.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 18
Problem!!! I need to know Bob’s access
SCIM Solution: Read User and Group Data
![Page 19: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/19.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 19
Problem!!! Bob has been a bad boy
SCIM Solution: Deprovision
![Page 20: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/20.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 20
Problem!! Apps team needs to r/w identity
SCIM Solution: Standard but extensible API
CAN I PLEASE STORE…
THESE ATTRIBUTESIN YOUR DIRECTORY?
![Page 21: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/21.jpg)
Case StudyFortune 100 Chip Maker
![Page 22: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/22.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 22
The Setup
• Started considering options between a failed Oracle Identity Manager project and “the next thing”
• Needed a façade- Prevent IAM vendor lock-in- Needed co-existence between old and new IAM systems
• Extensibility was crucial!• “We wanted a 20 year solution.” –IAM Guru
![Page 23: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/23.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 23
The Solution
Create a SCIM gateway to serve as a central identity hub
SCIM Gateway Cluster
Legacy Apps
IAM System SSO
Directory Server
![Page 24: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/24.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 24
The Interesting Parts
• Extended user schema to hold custom information• Extended endpoints to support many additional features
- Email verification• POST /EmailVerificationTokens to create a token• POST /EmailVerification to verify email using token
- Password reset• POST /PasswordResetTokens to create a token• POST /PasswordChanges to change password using token
- Security token management for SSO• POST /SecurityTokens to create authenticated session token• DELETE /SecurityTokens to invalidate
![Page 25: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/25.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 25
More Interesting Parts
• More extended endpoints…- Notifications (email or SMS)
• POST /Notifications to send a notification with user information merged in (welcome email, forgot login ID, etc…)
- Role management• PATCH /Roles to change membership for a role
![Page 26: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/26.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 26
The Benefits
• Ability to add new information and features without breaking existing clients
- If there is anything in JSON that you don't recognize, throw it away
“SCIM has been critical and program-saving. It is exactly what we needed at exactly the right time, and fills a crucial role in our environment."
--IAM Guru
![Page 27: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/27.jpg)
Case StudyFortune 500 Pharmaceuticals
![Page 28: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/28.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 28
The Setup
• Need to support identity on a large portfolio of applications- Not all application teams are resourced equally
• Wanted an abstraction of provisioning from specific implementations
- Allow for seamless upgrades of IAM system- Ease cost of implementation for smaller applications
![Page 29: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/29.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 29
The Solution
Create a SCIM gateway to serve as a central identity hub
SCIM SOA Gateway
On-prem Apps
IAM System Cloud Apps
Directory Server
DO YOU SEEA TREND HERE?
![Page 30: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/30.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 30
The Benefits
• SCIM gives agility in adopting new versions of IAM system• SCIM isolates IAM system if a SaaS vendor changes their
identity model- Connector continues to work with an updated schema- Important for SaaS vendors that can update at any time
• If an application vendor is small it's not worth it to write a custom connector
- Small vendors are very willing to implement SCIM as their standard identity API
![Page 31: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/31.jpg)
Who are you?
![Page 32: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/32.jpg)
Service Providers!!
![Page 33: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/33.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 33
99 problems and identity is #1WE ALSO GOT
99 IDENTITY PROBLEMS!
![Page 34: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/34.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 34
Problem!!! I need to expose a directory!!
SCIM Solution: Read and write with SCIM
![Page 35: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/35.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 35
Problem!!! I need an API between my own products!
SCIM Solution: Everything identity is SCIM
![Page 36: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/36.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 36
Problem!! My mobile app needs identities!
SCIM Solution: Light-weight REST API
![Page 37: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/37.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 37
Problem!!! I need to get identities from my customer’s directory into my cloud app!
SCIM Solution: To the cloud with SCIM!
![Page 38: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/38.jpg)
Case StudyFortune 100 Networking
![Page 39: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/39.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 39
The Setup
• Needed a consistent identity API that can be used:- By partners- By customers- Internally between products- To communicate with IdPs and other SaaS vendors
![Page 40: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/40.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 40
The Solution
SCIM Identity Service
DirectoryClients
Internal SystemsPartners &
IdPs
IdentitySync Client
r/w
r/w
r/w
read only
Mobile Appr/
w
![Page 41: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/41.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 41
The Interesting Parts
• Additional endpoints- /Devices- /Tenants
• Only available internally• Password policy is configured on tenant
• Core schemas have been extended- Positive extensions: New attributes (mainly internal info)- Negative extensions: Attributes in SCIM spec that aren’t
supported
• Legacy APIs forward requests on to SCIM
![Page 42: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/42.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 42
The Benefits
• Single API for everything identity• Mobile application has a light-weight API to use• SCIM clients are easy to write
- Have seen no need to write a toolkit
![Page 43: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/43.jpg)
Case StudyFortune 1000 Networking
![Page 44: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/44.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 44
The Setup
• Needed a consistent identity API that can be used:- By customers- Internally between products- To communicate with IdPs
![Page 45: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/45.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 45
The Solution
SCIM Identity Service
CustomClients
Internal Systems IdPs
ADSync Client
r/w
r/w
r/w
r/w
DOES THISLOOK FAMILIAR?
![Page 46: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/46.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 46
The Interesting Parts
• Exploring an “organizational unit” extension to facility multi-tenancy in API
• Exploring a pub/sub SCIM model- Client subscribes to be notified of changes- SCIM server sends out notifications
![Page 47: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/47.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 47
The Benefits
• Single API for everything identity• No need to provide documentation
- Just point developers at the spec
• Easy to implement
![Page 48: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/48.jpg)
Case Studiesin brief
![Page 49: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/49.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 49
PaaS – CloudFoundry
• CloudFoundry is an open platform-as-a-service (PaaS)• Identity APIs leverage standards
- SCIM, OAuth2, and OpenID Connect
• Benefits- Use existing open API rather than reinventing the wheel- Use SCIM extensions for some non-identity APIs
![Page 50: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/50.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 50
IDaaS and IAM Vendors
• IDaaS and IAM vendors need to:- Allow external access to their identity store- Provision/read identities and groups to/from other applications
• SCIM server provides external access• SCIM client provides provisioning to other applications• Benefits
- Standardized API makes external integration easy- Applications that support SCIM can be integrated immediately
• No custom connector is required• No product upgrade required to support new apps
SailPoint, Salesforce, Ping, VMWare, neXus, Oracle, UnboundID
![Page 51: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/51.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 51
Higher Education
• Higher education is largely focused on federation- Need to propagate minimum amount of identity data- Authorization data (group memberships) are very important- Federation attribute payload works well for Just In Time (JIT)
provisioning- SCIM enables more robust record propagation when JIT is not
good enough• For example, email account provisioning often must occur before
first login
Federations that need attribute exchange
![Page 52: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/52.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 52
Higher Education
• VOOT is an identity/group protocol built on top of SCIM- Adds more features around group membership
• Grouper is a user/group management tool developed by Internet2
- SCIM integration allows writing to down-stream endpoints
http://openvoot.org/
https://spaces.internet2.edu/display/Grouper/Grouper+SCIM+Integration
VOOT and Grouper
![Page 53: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/53.jpg)
Case StudyneXusInternet of Things
![Page 54: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/54.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 54
The Setup
• IoT provider needed:- A registry of devices associated with a user- Information about the device (bluetooth address, etc…)- A mobile app that can
• Authenticate• Retrieve user information (including devices)• Communicate with devices
- Devices that can send status updates
![Page 55: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/55.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 55
The Solution
SCIM Server
Mobile App
GET /me(as authenticated user)
{ “id”: “89723-83703”, “devices”: [{ “name”: “Tesla”, “bluetoothAddress”: “000A3A58F310”, “deviceType”: “electricCar”, “batteryLife”: 58, … }, …}
BluetoothStart A/C
PATCH /Cars/89723-83703{ “batteryLife”: 57, “location”: { “lat”: 30.4045541, “long”: -97.8489572 }}
![Page 56: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/56.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 56
The Benefits
• Extended user schema to show which devices belong to each user
• New endpoints for devices to read/write device information- Example: /Cars, /Vacuums
• Extensible schema allows new device types to be imported via JSON files
• Extremely light-weight SCIM clients on mobile app and devices
- This is very important for constrained devices
![Page 57: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/57.jpg)
Where is SCIM?
![Page 58: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/58.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 58
Current Status
• 2.0 API, Core Schema, and Use Cases docs are complete- Will become official RFCs in the next couple months
• IETF working group will continue to work on SCIM extensions
- Passwords: http://datatracker.ietf.org/doc/draft-hunt-scim-password-mgmt/
- Notify: http://datatracker.ietf.org/doc/draft-hunt-scim-notify/
- Soft Delete: http://datatracker.ietf.org/doc/draft-ansari-scim-soft-delete/
- Others TBD
![Page 59: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/59.jpg)
Wrapping it up…
![Page 60: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/60.jpg)
![Page 61: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/61.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 61
Adoption is growing…
“The SCIM interface will have parity other APIs and will be a first-class citizen.”
--Ian Glazer, Salesforce
“I’m also proud to say Oracle’s Amit Jasuja announced at last year’s OpenWorld that Oracle IDM’s key REST API for Identity will be SCIM…”
--Phil Hunt, Oracle
![Page 62: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/62.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 62
Adoption is growing…
“SCIM works perfectly for constrained devices.”--Erik Wahlström, neXus
“SCIM is simple to implement.”--Haavar Valeur, Citrix
![Page 63: SCIM in the Real World: Adoption is Growing](https://reader031.fdocuments.in/reader031/viewer/2022020307/55cac728bb61eb212f8b474f/html5/thumbnails/63.jpg)
Copyright © SailPoint Technologies, Inc. 2015 All rights reserved. 63
[email protected]@kelly_grizzle
http://simplecloud.info