SCIM 2.0

From MgmtWiki
Jump to: navigation, search

Full Title or Meme

System for Cross-domain Identity Management is a means to enable flows of User Private Information from one Web Site to another.

Context

SCIM is a specification designed to reduce the complexity of user management operations by providing a common user schema and the patterns for exchanging such schema using HTTP in a platform-neutral fashion. The aim of SCIM is achieving interoperability, security, and scalability in the context of identity management.[1]

Developers can think of SCIM merely as a REST API with endpoints exposing CRUD functionality (create, read, update and delete).

The standard is governed by the following IETF documents: RFC 7642, RFC 7643, and RFC 7644.

Problems

Clearly, this API must not be anonymously accessed. However, the basic SCIM standard does not define a specific mechanism to prevent unauthorized requests to endpoints. There are just a few guidelines in section 2 of RFC 7644 concerned with authentication and authorization.

Solutions

This is old style Identity Management where flows of data like that envisioned in the GDPR regulations apply. There appear to be better models for users to control access to their private data today.

References

  1. Pamela Dingle, Provisioning with SCIM – getting started Microsoft 2019-10-03 https://techcommunity.microsoft.com/t5/security-compliance-and-identity/provisioning-with-scim-getting-started/ba-p/880010