Difference between revisions of "SCIM 2.0"
(→Context) |
(→Context) |
||
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
==Full Title or Meme== | ==Full Title or Meme== | ||
| − | System for Cross-domain Identity Management is a means to enable flows of [[User Private Information]] from one [[Web Site]] to another. | + | System for Cross-domain [[Identity Management]] is a means to enable flows of [[User Private Information]] from one [[Web Site]] to another. |
==Context== | ==Context== | ||
| − | SCIM is a specification designed to reduce the complexity of user management operations by providing a common user schema and the patterns for exchanging such schema using HTTP in a platform-neutral fashion. The aim of SCIM is achieving interoperability, security, and scalability in the context of identity management. | + | SCIM is a specification designed to reduce the complexity of user management operations by providing a common user schema and the patterns for exchanging such schema using HTTP in a platform-neutral fashion. The aim of SCIM is achieving interoperability, security, and scalability in the context of identity management.<ref>Pamela Dingle, ''Provisioning with SCIM – getting started'' Microsoft 2019-10-03 https://techcommunity.microsoft.com/t5/security-compliance-and-identity/provisioning-with-scim-getting-started/ba-p/880010</ref> |
Developers can think of SCIM merely as a REST API with endpoints exposing CRUD functionality (create, read, update and delete). | Developers can think of SCIM merely as a REST API with endpoints exposing CRUD functionality (create, read, update and delete). | ||
The standard is governed by the following IETF documents: RFC 7642, RFC 7643, and RFC 7644. | The standard is governed by the following IETF documents: RFC 7642, RFC 7643, and RFC 7644. | ||
| − | |||
| − | |||
==Problems== | ==Problems== | ||
| Line 16: | Line 14: | ||
==Solutions== | ==Solutions== | ||
| − | + | This is old style [[Identity Management]] where flows of data like that envisioned in the [[GDPR]] regulations apply. There appear to be better models for users to control access to their private data today. | |
==References== | ==References== | ||
Latest revision as of 11:46, 9 October 2023
Full Title or Meme
System for Cross-domain Identity Management is a means to enable flows of User Private Information from one Web Site to another.
Context
SCIM is a specification designed to reduce the complexity of user management operations by providing a common user schema and the patterns for exchanging such schema using HTTP in a platform-neutral fashion. The aim of SCIM is achieving interoperability, security, and scalability in the context of identity management.[1]
Developers can think of SCIM merely as a REST API with endpoints exposing CRUD functionality (create, read, update and delete).
The standard is governed by the following IETF documents: RFC 7642, RFC 7643, and RFC 7644.
Problems
Clearly, this API must not be anonymously accessed. However, the basic SCIM standard does not define a specific mechanism to prevent unauthorized requests to endpoints. There are just a few guidelines in section 2 of RFC 7644 concerned with authentication and authorization.
Solutions
This is old style Identity Management where flows of data like that envisioned in the GDPR regulations apply. There appear to be better models for users to control access to their private data today.
References
- ↑ Pamela Dingle, Provisioning with SCIM – getting started Microsoft 2019-10-03 https://techcommunity.microsoft.com/t5/security-compliance-and-identity/provisioning-with-scim-getting-started/ba-p/880010
