could scim become lingua franca of identity provisioning
play

Could SCIM become lingua franca of Identity Provisioning - PowerPoint PPT Presentation

Jun 02, 2023 •269 likes •460 views

Could SCIM become lingua franca of Identity Provisioning (Un)conference on Open Source Identity and Access Management, Vienna 18.02.2020 Peter Gietz, DAASI International Agenda Why Standards in Open Source Short Introduction into SCIM

  1. Could SCIM become lingua franca of Identity Provisioning (Un)conference on Open Source Identity and Access Management, Vienna 18.02.2020 Peter Gietz, DAASI International

  2. Agenda ● Why Standards in Open Source ● Short Introduction into SCIM ● Deployment examples ● SCIM lingua franca for identity provisioning Folie 2 von 18

  3. Why standards in Open Source ● OSS is not only about open source but also about interoperability and work division – No attempt to create golden cages – Rather it is important to interact with other products ● Reference implementations of standards are mostly if not always OSS ● In OSS clients and servers often are from different developers ● Open Culture with open standards vs. closed source and proprietary protocols Folie 3 von 18

  4. SCIM ● Originally “Simple Cloud Identity Management” – thus designed as provisioning standard for the cloud ● Then renamed to “System for Cross-domain Identity Management” – Thus a generalisation for any provisioning between different domains – “the open API for managing identities” – JSON and RESTful based lightweight approach to identity provisioning ● Version 1.0 (Dezember 2011), Version 1.1 (Juli 2012) ● Version 2.0 (September 2015) – Definitions, Overview, Concepts, and Requirements: RFC7642 – Core schema: RFC7643 – Protocol: RFC7644 Folie 4 von 18

  5. Extensions not (yet?) RFCs ● Soft delete of Users – draft-ansari-scim-soft-delete-00, Expires: September 10, 2015 ● Hub change notification service – Draft-hunt-scim-notify-00, Expires: September 9, 2015 ● Password and account status extensions for managing passwords and password usage – Draft-hunt-scim-password-mgmt-00, Expires: September 30, 2015 ● Just-in-time provisioning patterns in a protocol (such as SAML) – draft-wahl-scim-jit-profile-00.txt, Expires: August 2013 ● Mapping between SCIM and vCard – Draft-greevenbosch-scim-vcard-mapping-03, Expires: August 16, 2014 ● Privileged Access Management – Draft-grizzle-scim-pam-ext-01, Expires: April 21, 2018 Folie 5 von 18

  6. SCIM Implementations ● http://www.simplecloud.info lists 45 implementations of SCIM 2.0 by – Apache Foundation, Atlassian, Beta Systems, Centrify, GitHub Inc, Gluu, Microsoft, Okta, Omada, One Identity, Oracle, Ping Identity, SailPoint, Salesforce, WSO2 Inc, and many others – 18 of these are open source Folie 6 von 18

  7. SCIM in a nutshell ● SCIM “is designed to manage user identity in cloud-based applications and services in a standardized way to enable interoperability, security, and scalability.” (RFC 7642) ● “SCIM's intent is to reduce the cost and complexity of user management operations by providing a common user schema, an extension model, and a service protocol” (RFC 7644) ● SCIM “provides a platform-neutral schema and extension model for representing users and groups and other resource types in JSON format. This schema is intended for exchange and use with cloud service providers.” (RFC 7643) Folie 7 von 18

  8. SCIM Actors +---------------------+ | Cloud Service | | Provider (CSP) | +---------------------+ | +------------------------------------------+ | | v v +-------------------+ +--------------------+ |Enterprise Cloud | |Enterprise Cloud | |Subscriber (ECS) | |Subscriber (ECS) | +--------------------+ +--------------------+ | | +----------------+ +-------------------+ | | | | v v v v +-------------+ +-------------+ +-------------+ +---------------+ |Cloud Service| |Cloud Service| |Cloud Service| |Cloud Service| | User (CSU) | | User (CSU) | | User (CSU) | | User (CSU) | +-------------+ +-------------+ +-------------+ +----------------+ Folie 8 von 18

  9. SCIM Schema Folie 9 von 18

  10. SCIM Schema Folie 10 von 18

  11. Minimal representation of a user { "schemas": ["urn:scim:schemas:core:2.0:User"], "id": "2819c223-7f76-453a-919d-413861904646", "userName": "bjensen@example.com", "meta": { "resourceType": "User", "created": "2010-01-23T04:56:22Z", "lastModified": "2011-05-13T04:42:34Z", "version": "W\/\"3694e05e9dff590\"", "location": "https://example.com/v2/Users/ 2819c223-7f76-453a-919d-413861904646" } } Folie 11 von 18

  12. Only standardised extension enterprise user { "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:enter prise:2.0:User"], "id": "2819c223-7f76-453a-919d-413861904646", "externalId": "701984", "userName": "bjensen@example.com", "name": { "formatted": "Ms. Barbara J Jensen, III", "familyName": "Jensen", "givenName": "Barbara", "middleName": "Jane", "honorificPrefix": "Ms.", "honorificSuffix": "III" }, ... Folie 12 von 18

  13. Only standardised extension enterprise user employeeNumber costCenter organization division department manager Folie 13 von 18

  14. Deployment examples S C Gluu SCIM midPoint I ICF Connector M Gluu midPoint LDAP LDAP ICF Connector Folie 14 von 18

  15. Deployment examples SCIM midPoint SCIM Client API Overlay Folie 15 von 18

  16. Deployment examples Didmos ETL Folie 16 von 18

  17. Why a lingua franca ● SCIM is supported by many vendors and developers ● SCIM has an extension mechanism – Different schema, same REST protocol ● In didmos2 we defined some internal extensions – Could be standardized ● SCIM can be used to integrate different open source products ● LDIF → DSML → SCIM JSON Folie 17 von 18

  18. Thanks! Contact me at peter.gietz@daasi.de Folie 18 von 18

Recommend

The 11 th International Conference of English as a lingua franca Daisuke Kimura ALESS/A Program

The 11 th International Conference of English as a lingua franca Daisuke Kimura ALESS/A Program

The 11 th International Conference of English as a lingua franca Daisuke Kimura ALESS/A Program Center for Global Communication Strategies Presented at TIME TO TALK session October 25, 2018 Outline Introduction to English as a lingua

165 views • 13 slides
Vocabulary: lingua franca (n) : a common language used by speakers of different languages

Vocabulary: lingua franca (n) : a common language used by speakers of different languages

Vocabulary: lingua franca (n) : a common language used by speakers of different languages culture (n) : a set of share understandings about the world and how to get things done in it; all the socially transmitted behavior patterns, arts,

443 views • 27 slides
English as the academic lingua franca: looking back in anger and looking forward Ann

English as the academic lingua franca: looking back in anger and looking forward Ann

English as the academic lingua franca: looking back in anger and looking forward Ann Torday Gulden Project Coordinator EAP AnnTorday.Gulden @hioa.no Oslo and Akershus University College of Applied Sciences has four faculties This

976 views • 15 slides
First Steps towards a Lingua Franca for Computing: Rule-based Approaches in CHR Thom Fr uhwirth

First Steps towards a Lingua Franca for Computing: Rule-based Approaches in CHR Thom Fr uhwirth

First Steps towards a Lingua Franca for Computing: Rule-based Approaches in CHR Thom Fr uhwirth | July 2009 | CHR 2009, Pasadena, CA, USA Page 2 Rule-based Approaches in CHR | Motivation The success of Constraint Handling Rules CHR - an

900 views • 44 slides
Rich Identity Provisioning Agenda Introduction Research questions Related work RIP

Rich Identity Provisioning Agenda Introduction Research questions Related work RIP

Rich Identity Provisioning Agenda Introduction Research questions Related work RIP architecture Open source components Conclusion UvA-SNE-RP2 presentation 1 Rich Identity Provisioning introduction: trigger Digital

272 views • 13 slides
the OPTLS protocol and TLS 1.3 Hugo Krawczyk IBM Hoeteck Wee ENS . . . . . . . . TLS =

the OPTLS protocol and TLS 1.3 Hugo Krawczyk IBM Hoeteck Wee ENS . . . . . . . . TLS =

the OPTLS protocol and TLS 1.3 Hugo Krawczyk IBM Hoeteck Wee ENS . . . . . . . . TLS = lingua franca of crypto on the Internet HTTPS, 802.1x, VPNs, email, VoIP, ... . . . . . . . . cannot inject forged data into the stream (

606 views • 46 slides
Agenda Identity & Access management About company midPoint Clients &

Agenda Identity & Access management About company midPoint Clients &

Agenda Identity & Access management About company midPoint Clients & partners Conclusion Identity management System Requester Users admin Approver Application Application Provisioning system Identity A

826 views • 45 slides
Starting Skype conversations: Pragmatic features and strategies in

Starting Skype conversations: Pragmatic features and strategies in

Starting Skype conversations: Pragmatic features and strategies in an English as a Lingua Franca context Marie-Louise Brunner, Stefan Diemer & Selina

392 views • 25 slides
Preparatory Course in Computer Science Course at D-ITET at ETH Zurich Autumn 2019 ((BTW: Lino

Preparatory Course in Computer Science Course at D-ITET at ETH Zurich Autumn 2019 ((BTW: Lino

Mathematics used to be the lingua franca of the natural sciences on all universities. Today this is computer science. Lino Guzzella, president of ETH Zurich 2015-2018, NZZ Online, 1.9.2017 Malte Schwerhoff Preparatory Course in Computer Science

251 views • 9 slides
Lingua Inglese 1 2019-20 Corso di Laurea Triennale in Scienze Internazionali e Diplomatiche

Lingua Inglese 1 2019-20 Corso di Laurea Triennale in Scienze Internazionali e Diplomatiche

Lingua Inglese 1 2019-20 Corso di Laurea Triennale in Scienze Internazionali e Diplomatiche Contents Practical information (email, rooms, Moodle, lettorato etc) The two exam options for Lingua Inglese 1 How this course differs from

349 views • 30 slides
Resource provisioning requirements are very diverse Existing resource provisioning solutions

Resource provisioning requirements are very diverse Existing resource provisioning solutions

Resource provisioning requirements are very diverse Existing resource provisioning solutions tend to be specialized for specific scenarios. There is no resource provisioning model that supports all of these usage scenarios simultaneously

397 views • 14 slides
The QoE Provisioning-Delivery- g y -- Hysteresis and its Importance for Service Provisioning

The QoE Provisioning-Delivery- g y -- Hysteresis and its Importance for Service Provisioning

NGI 2011 The QoE Provisioning-Delivery- g y -- Hysteresis and its Importance for Service Provisioning in the F t Future Internet I t t Tobias Hofeld, Markus Fiedler and Thomas Zinner Hysteresis Hysteresis Hysteresis refers to

251 views • 10 slides
De-provisioning - necessity even in proxy IdP/SP architecture Slvek Licehammer

De-provisioning - necessity even in proxy IdP/SP architecture Slvek Licehammer

De-provisioning - necessity even in proxy IdP/SP architecture Slvek Licehammer slavek@ics.muni.cz EGI Conference 2019 06. 05. 2019 AARC Blueprint Architecture 2 Proxy architecture Easy way to connect services Persistent identity

169 views • 12 slides
BGP and the Rule of Custom Caleb James DeLisle @cjd@mastodon.social @cjd:matrix.org

BGP and the Rule of Custom Caleb James DeLisle @cjd@mastodon.social @cjd:matrix.org

BGP and the Rule of Custom Caleb James DeLisle @cjd@mastodon.social @cjd:matrix.org cjd@cjdns.fr What is BGP Mesh protocol Used by all internet routers when communicating across organizational boundaries, the lingua franca of the

504 views • 14 slides
SCIM Refresh Presented by Paul Mortimer Asset Management Policy Advisor paulmortimer@nhs.net 1

SCIM Refresh Presented by Paul Mortimer Asset Management Policy Advisor paulmortimer@nhs.net 1

SCIM Refresh Presented by Paul Mortimer Asset Management Policy Advisor paulmortimer@nhs.net 1 Why a Refresh? 2 What Boards say: The guidance isnt always easy to follow Expectations of information requirements and format is

681 views • 27 slides
TERENA TERENA End-to-End (E2E) Provisioning Workshop End to End (E2E) Provisioning Workshop

TERENA TERENA End-to-End (E2E) Provisioning Workshop End to End (E2E) Provisioning Workshop

GLIF Tech Winter meeting Hong-Kong, China 24 February, 2011 Peter Szegedi, PDO szegedi@terena.org www terena org www.terena.org TERENA TERENA End-to-End (E2E) Provisioning Workshop End to End (E2E) Provisioning Workshop series About

587 views • 25 slides
Can R Speak Your Language? R uses English for its keywords and its (several thousand) built-in

Can R Speak Your Language? R uses English for its keywords and its (several thousand) built-in

Languages The lingua franca of computing is (American) English. Can R Speak Your Language? R uses English for its keywords and its (several thousand) built-in functions. However, the data used in computing can be in any human language (or none).

59 views • 5 slides
Provisioning Hardware for Cluster Applications 2 Friday, February 17, 12 Provisioning Hardware

Provisioning Hardware for Cluster Applications 2 Friday, February 17, 12 Provisioning Hardware

scc : Cluster Storage Provisioning Informed by Application Characteristics and SLAs Harsha V. Madhyastha*, John C. McCullough , George Porter, Rishi Kapoor, Stefan Savage, Alex C. Snoeren, and Amin Vahdat UC Riverside* and UC San Diego Bourns

1.26k views • 96 slides
Latin by Shideh Almasian History of Latin Originated -> From Latium Romance Languages ->

Latin by Shideh Almasian History of Latin Originated -> From Latium Romance Languages ->

Latin by Shideh Almasian History of Latin Originated -> From Latium Romance Languages -> descended from Latin Latin was lingua franca* -> later replaced by French (18th) -> then English (19th) official language of church and Vatican

682 views • 12 slides
Black Hat Europe 2009 Hijacking Mobile Data Connections 1 Mobile Security Lab Provisioning

Black Hat Europe 2009 Hijacking Mobile Data Connections 1 Mobile Security Lab Provisioning

Black Hat Europe 2009 Hijacking Mobile Data Connections 1 Mobile Security Lab Provisioning & WAP primer Forging Messages Demo: Remote provisioning Provisioning: Process and Issues Attack scenario and exploiting Final

713 views • 59 slides
Data, Data everywhere with French N+N meeting, DTI, London Prof. Malcolm Atkinson Director

Data, Data everywhere with French N+N meeting, DTI, London Prof. Malcolm Atkinson Director

Data, Data everywhere with French N+N meeting, DTI, London Prof. Malcolm Atkinson Director www.nesc.ac.uk www.ogsadai.org.uk 3 rd November 2003 Contents Data: The Lingua Franca of e-Science Data: The Challenge for e-Science OGSA-DAI

459 views • 29 slides
Identity Theft Identity Theft Identity theft occurs when your personal information is stolen

Identity Theft Identity Theft Identity theft occurs when your personal information is stolen

Identity Theft Identity Theft Identity theft occurs when your personal information is stolen and used without your knowledge to commit fraud or other crimes Identity theft can cost you time and money. Tips for Preventing Identity Theft

322 views • 10 slides
BUSINESS ENGLISH 2 Academic year 2019/20 summer semester Course holder: Sanda Katavi -

BUSINESS ENGLISH 2 Academic year 2019/20 summer semester Course holder: Sanda Katavi -

BUSINESS ENGLISH 2 Academic year 2019/20 summer semester Course holder: Sanda Katavi - aui , MSc ELF English is now the lingua franca. Thats how it is. You have to speak English if you want to act and move GLOBISH in

673 views • 40 slides
Identity and Access Management Using Identity Management and Identity Governance to increase

Identity and Access Management Using Identity Management and Identity Governance to increase

Identity and Access Management Using Identity Management and Identity Governance to increase Automation and Security. Identity Management (IAM, IdM) defining and managing the roles and access privileges of individual network users, and the

2.89k views • 13 slides

More recommend