SlideShare a Scribd company logo

Scim overview

Download as PPTX, PDF
M
Morteza Ansari

Slides presented at the Bay Area Identity Developers meetup in June 2014. Covers an overview of SCIM, its history, the schema, and protocol semantics.

Technology
1 of 28
1© 2014 Cisco and/or its affiliates. All rights reserved. Morteza Ansari June 23, 2014
© 2014 Cisco and/or its affiliates. All rights reserved. 2 • History • Use Cases • Schema • Protocol • References
© 2014 Cisco and/or its affiliates. All rights reserved. 3 • Started 2010 • Really started May 2011 • 12 Companies participated under OWF ADP, BCP Soft, Canarie, Cisco, Courion, Id Machines, Ping Identity, Nexux, Sailpoint, SalesForce, UnboundID, WSO2 • 1.0 was published Dec. 2011 • 12 independent implementations • Frequent interop events at IIW, CIS, and one at IETF • IETF BOF Mar. 2012 • IETF WG Jul. 2012
© 2014 Cisco and/or its affiliates. All rights reserved. 4 • How do I provision a user account for service X? • How do I de-provision a user account from service X? • How do I update an existing account for service X? • How do I keep my organization’s users in sync with service X? • How do I manage groups? • How do I cross-provision across cloud services?
© 2014 Cisco and/or its affiliates. All rights reserved. 5 • User/Group provisioning from Enterprise to Cloud
© 2014 Cisco and/or its affiliates. All rights reserved. 6 • User/Group provisioning from Enterprise to Cloud • User/Group provisioning from cloud service to cloud service
© 2014 Cisco and/or its affiliates. All rights reserved. 7 • User/Group provisioning from Enterprise to Cloud • User/Group provisioning from cloud service to cloud service • Is used in many many more cases today Enterprise provisioning/cross provisioning Identity access Many new endpoints: machines, contacts, tenants, devices, …
© 2014 Cisco and/or its affiliates. All rights reserved. 8 dn: cn=HomeJSimpson,o=domain-name cn: HomerJSimpson objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson mail: HJSimpson@burnsco.com givenname: Homer sn: Simpson postalAddress: 742 Evergreen Terrace l: Springfield st: Kentsouri postalCode: 01234 telephoneNumber: (888) 555-1111 jpegPhoto: http://www.simpsons.com/homer.jpg … Homer J. Simpson Springfield Nuclear Plant Safety Inspector (888) 555-1111 Work (123) 666-1111 Home HJSimpson@burnsco.com 742 Evergreen Terrace Springfield, Kentsouri 01234 h p://www.simpsons.com
© 2014 Cisco and/or its affiliates. All rights reserved. 9 • OASIS Standard (1.0 – 2003; 2.0 – 2006) • No core Schema • Complex – real or perceived • Some traction within enterprises, none for cloud services • Limited support - few tools/products “Built it, nobody came!”
© 2014 Cisco and/or its affiliates. All rights reserved. 10 • Set of pre-defined schema – Users & Groups • RESTful API definition • CRUD • Bulk operations • Search • Discovery • Extension semantics (basic in 1.x) • Support for complex data models • SIMPLE!!!
© 2014 Cisco and/or its affiliates. All rights reserved. 11 • Rich information model • XML & JSON data models • Concrete artifacts Users & Groups • Usage semantics MTI & recommended • Extensibility Enterprise User
© 2014 Cisco and/or its affiliates. All rights reserved. 12 • Resource is an attribute container • An attribute is Simple or Complex Single value or Plural • Extensible • Data type added in 2.0 { "schemas": ["urn:scim:schemas:core:1.0"], "id": "2819c223-7f76-453a-919d-413861904646", "externalId": "701984", "userName": "bjensen@example.com", "name": { "formatted": "Ms. Barbara J Jensen III", "familyName": "Jensen", "givenName": "Barbara", "middleName": "Jane", "honorificPrefix": "Ms.", "honorificSuffix": "III" }, "displayName": "Babs Jensen", "nickName": "Babs", "profileUrl": "https://login.example.com/bjensen", "emails": [ { "value": "bjensen@example.com", "type": "work", "primary": true }, { "value": "babs@jensen.org", "type": "home" } ], "meta": { "created": "2010-01-23T04:56:22Z", "lastModified": "2011-05-13T04:42:34Z", "version": "W/"a330bc54f0671c9"", "location": "https://example.com/v1/Users/2819c223-7f76" } }
© 2014 Cisco and/or its affiliates. All rights reserved. 13 { "schemas": ["urn:scim:schemas:core:1.0"], "id": "2819c223-7f76-453a-919d-413861904646", "externalId": "bjensen", "meta": { "created": "2011-08-01T18:29:49.793Z", "lastModified": "2011-08-01T18:29:49.793Z", "location": "https://example.com/v1/Users/2819c223...", "version": "W/"f250dd84f0671c3" }, "name": { "formatted": "Ms. Barbara J Jensen III", "familyName": "Jensen", "givenName": "Barbara" }, "userName": "bjensen", "phoneNumbers": [ { "value": "555-555-8377", "type": "work" } ] } Required Complex Simple Complex multi-valued
© 2014 Cisco and/or its affiliates. All rights reserved. 14 { "schemas": ["urn:scim:schemas:core:1.0", "urn:scim:schemas:extension:enterprise:1.0"], "id": "2819c223-7f76-453a-919d-413861904646", "externalId": "bjensen", "userName": "bjensen", "urn:scim:schemas:extension:enterprise:1.0": { "employeeNumber": "701984", "costCenter": "4130", "organization": "Universal Studios", "division": "Theme Park", "department": "Tour Operations", "manager": { "managerId": "26118915-6090-4610-87e4-49d8ca9f808d", "displayName": "John Smith“ } } } Declaration Use
© 2014 Cisco and/or its affiliates. All rights reserved. 15 { "schemas": ["urn:scim:schemas:core:1.0"], "id": "2819c223-7f76-453a-919d-413861904646", "displayName": "Tour Guides", "members": [ { "value": "2819c223-7f76-453a-919d-413861904646", "displayName": "Babs Jensen", "type": "User" }, { "value": ”4769c303-ab76-673a-769d-413867987436", "displayName": "Mandy Pepperidge", "type": "User" } ] } Type (User|Group) Optional & Read-only
© 2014 Cisco and/or its affiliates. All rights reserved. 16 • HTTP/REST • CRUD • Bulk • Search • Discovery • Simple MTI, Complex optional • Extensible • Versioned • “cURL” friendly
© 2014 Cisco and/or its affiliates. All rights reserved. 17 • Discovery • Create = POST https://example.com/{v}/{resource} • Read = GET https://example.com/{v}/{resource}/{id} • Update = PUT https://example.com/{v}/{resource}/{id} • Delete = DELETE https://example.com/{v}/{resource}/{id} • Update = PATCH https://example.com/{v}/{resource}/{id} • Search = https://example.com/{v}/{resource}? filter={attribute} {op} {value} & sortBy={attributeName} & sortOrder={ascending|descending} • Bulk
© 2014 Cisco and/or its affiliates. All rights reserved. 18 • GET /Schemas Introspect resources and attribute extensions • GET /ServiceProviderConfigs Spec compliance Support for bulk, patch, etc… Authentication schemes OAuth, HTTP basic, etc… Data formats Support XML
© 2014 Cisco and/or its affiliates. All rights reserved. 19 POST /v1/Users HTTP/1.1 Host: example.com Accept: application/json Authorization: Bearer h480djs93hd8 { "schemas": ["urn:scim:schemas:core:1.0"], "externalId": "bjensen", "userName":"bjensen", "name": { "familyName": "Jensen", "givenName": "Barbara" } } Operation Resource Type Format AuthZ “User” Payload
© 2014 Cisco and/or its affiliates. All rights reserved. 20 HTTP/1.1 201 Created Content-Type: application/json Location: https://example.com/v1/Users/281... ETag: W/"e180ee84f0671b1" {` "schemas": ["urn:scim:schemas:core:1.0"], "id": "2819c223-7f76-453a-919d-413861904646", "externalId": "bjensen", "meta": { "created": "2011-08-01T21:32:44.882Z", "lastModified": "2011-08-01T21:32:44.882Z", "location": "https://example.com/v1/Users/281...", "version": "W/"e180ee84f0671b1"" }, "name":{ "familyName":"Jensen", "givenName":"Barbara" }, "userName":"bjensen" } Result code Format “Permalink” SP generated ID
© 2014 Cisco and/or its affiliates. All rights reserved. 21 GET /v1/Users/2819c223-7f76-453a-919d-413861904646.json Host: example.com Authorization: Bearer h480djs93hd8 Operation Resource Type Stable ID Format
© 2014 Cisco and/or its affiliates. All rights reserved. 22 HTTP/1.1 200 OK Content-Type: application/json Location: https://example.com/v1/Users/281... ETag: W/"e180ee84f0671b1" { "schemas": ["urn:scim:schemas:core:1.0"], "id": "2819c223-7f76-453a-919d-413861904646", "externalId": "bjensen", "meta": { "created": "2011-08-01T21:32:44.882Z", "lastModified": "2011-08-01T21:32:44.882Z", "location": "https://example.com/v1/Users/281...", "version": "W/"e180ee84f0671b1"" }, "name":{ "familyName":"Jensen", "givenName":"Barbara" }, "userName":"bjensen" } Result code Format “Permalink” SP ID
© 2014 Cisco and/or its affiliates. All rights reserved. 23 GET /v1/Users?filter=title pr and userType eq "Employee" &sortBy=title &sortOrder=ascending &attributes=title,username &startIndex=11 &count=10 Host: example.com Accept: application/json Authorization: Bearer h480djs93hd8 Operation Resource Type URL encoded filter Sorting Partial results Index-based pagination
© 2014 Cisco and/or its affiliates. All rights reserved. 24 { "schemas": ["urn:scim:schemas:core:1.0"], "totalResults": 2, "Resources": [ { "id": "c3a26dd3-27a0-4dec-a2ac-ce211e105f97", "title": "Assistant VP", "userName": "bjensen" }, { "id": "a4a25dd3-17a0-4dac-a2ac-ce211e125f57", "title": "VP", "userName": "jsmith" } ] } Pagination Users SP ID ever present
© 2014 Cisco and/or its affiliates. All rights reserved. 25 • PATCH Allows providing partial updates to resources May be important if modifying a large multi-valued attribute on a resource (eg – group members) • Bulk Allows performing many operations at once Useful for synchronizing data into a service provider • Both are optional
© 2014 Cisco and/or its affiliates. All rights reserved. 26 • TLS MTI • Standard HTTP considerations apply • Authentication is discoverable, OAuth bearer token recommended • HTTP basic is commonly implemented for interoperability • Authorization attributes are *VERY* loosely defined Roles, groups, and entitlements
© 2014 Cisco and/or its affiliates. All rights reserved. 27 { "id": "2819c223-7f76-453a-919d-413861904646", "externalId": "bjensen", "name": { "familyName": "Jensen", "givenName": "Barbara" }, "userName": "bjensen", "password": "maybe_plaintext", "roles": [ { "value": "RA" } ], "groups": [ { "value": "2819c223-7f76-453a-919d-982763095", "display": "Student" } ], "entitlements": [ { "value": "delete users" } ] } Password AuthZ
© 2014 Cisco and/or its affiliates. All rights reserved. 28 • http://www.simplecloud.info • SCIMv1.1 http://www.simplecloud.info/specs/draft-scim-core-schema-01.html http://www.simplecloud.info/specs/draft-scim-api-01.html • SCIMv2.0 http://tools.ietf.org/html/draft-ietf-scim-core-schema http://tools.ietf.org/html/draft-ietf-scim-api http://tools.ietf.org/html/draft-ietf-scim-use-cases • IETF SCIM WG http://tools.ietf.org/wg/scim/ • mailto: scim@ietf.org • Credit for slides: IETF WG, Trey Drake & Kelly Grizzle

Recommended

SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014Kelly Grizzle
 
SAML Protocol Overview
SAML Protocol OverviewSAML Protocol Overview
SAML Protocol OverviewMike Schwartz
 
SCIM presentation from CIS 2012
SCIM presentation from CIS 2012SCIM presentation from CIS 2012
SCIM presentation from CIS 2012Twobo Technologies
 
Single sign on using SAML
Single sign on using SAML Single sign on using SAML
Single sign on using SAML Programming Talents
 
なぜOpenID Connectが必要となったのか、その歴史的背景
なぜOpenID Connectが必要となったのか、その歴史的背景なぜOpenID Connectが必要となったのか、その歴史的背景
なぜOpenID Connectが必要となったのか、その歴史的背景Tatsuo Kudo
 
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014Nov Matake
 
SCIM in the Real World: Adoption is Growing
SCIM in the Real World: Adoption is GrowingSCIM in the Real World: Adoption is Growing
SCIM in the Real World: Adoption is GrowingKelly Grizzle
 
SIngle Sign On with Keycloak
SIngle Sign On with KeycloakSIngle Sign On with Keycloak
SIngle Sign On with KeycloakJulien Pivotto
 

Recommended

SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014Kelly Grizzle
 
SAML Protocol Overview
SAML Protocol OverviewSAML Protocol Overview
SAML Protocol OverviewMike Schwartz
 
SCIM presentation from CIS 2012
SCIM presentation from CIS 2012SCIM presentation from CIS 2012
SCIM presentation from CIS 2012Twobo Technologies
 
Single sign on using SAML
Single sign on using SAML Single sign on using SAML
Single sign on using SAML Programming Talents
 
なぜOpenID Connectが必要となったのか、その歴史的背景
なぜOpenID Connectが必要となったのか、その歴史的背景なぜOpenID Connectが必要となったのか、その歴史的背景
なぜOpenID Connectが必要となったのか、その歴史的背景Tatsuo Kudo
 
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014Nov Matake
 
SCIM in the Real World: Adoption is Growing
SCIM in the Real World: Adoption is GrowingSCIM in the Real World: Adoption is Growing
SCIM in the Real World: Adoption is GrowingKelly Grizzle
 
SIngle Sign On with Keycloak
SIngle Sign On with KeycloakSIngle Sign On with Keycloak
SIngle Sign On with KeycloakJulien Pivotto
 
NIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO AuthenticationNIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO AuthenticationFIDO Alliance
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2Aaron Parecki
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_securityMarco Morana
 
KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019
KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019
KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019Amazon Web Services Korea
 
Amazon DynamoDB Advanced Design Pattern
Amazon DynamoDB Advanced Design PatternAmazon DynamoDB Advanced Design Pattern
Amazon DynamoDB Advanced Design PatternAmazon Web Services Japan
 
FIWARE の ID 管理、アクセス制御、API 管理
FIWARE の ID 管理、アクセス制御、API 管理FIWARE の ID 管理、アクセス制御、API 管理
FIWARE の ID 管理、アクセス制御、API 管理fisuda
 
FIDOのキホン
FIDOのキホンFIDOのキホン
FIDOのキホンYahoo!デベロッパーネットワーク
 
Amazon Cognito使って認証したい?それならSpring Security使いましょう!
Amazon Cognito使って認証したい?それならSpring Security使いましょう!Amazon Cognito使って認証したい?それならSpring Security使いましょう!
Amazon Cognito使って認証したい?それならSpring Security使いましょう!Ryosuke Uchitate
 
NGINXをBFF (Backend for Frontend)として利用した話
NGINXをBFF (Backend for Frontend)として利用した話NGINXをBFF (Backend for Frontend)として利用した話
NGINXをBFF (Backend for Frontend)として利用した話Hitachi, Ltd. OSS Solution Center.
 
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인Amazon Web Services Korea
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuthDan Brinkmann
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0Mika Koivisto
 
SSRF対策としてAmazonから発表されたIMDSv2の効果と破り方
SSRF対策としてAmazonから発表されたIMDSv2の効果と破り方SSRF対策としてAmazonから発表されたIMDSv2の効果と破り方
SSRF対策としてAmazonから発表されたIMDSv2の効果と破り方Hiroshi Tokumaru
 
ここから始めるAWSセキュリティ
ここから始めるAWSセキュリティここから始めるAWSセキュリティ
ここから始めるAWSセキュリティAmazon Web Services Japan
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect Nat Sakimura
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An OverviewPat Patterson
 
[오픈소스컨설팅] 스카우터 사용자 가이드 2020
[오픈소스컨설팅] 스카우터 사용자 가이드 2020[오픈소스컨설팅] 스카우터 사용자 가이드 2020
[오픈소스컨설팅] 스카우터 사용자 가이드 2020Ji-Woong Choi
 
Implementing OAuth
Implementing OAuthImplementing OAuth
Implementing OAuthleahculver
 
AWSメンテナンス ElastiCache編
AWSメンテナンス ElastiCache編AWSメンテナンス ElastiCache編
AWSメンテナンス ElastiCache編Serverworks Co.,Ltd.
 
Security in Practice
Security in PracticeSecurity in Practice
Security in PracticePrabath Siriwardena
 
Lessons learned from the design of the SCIM API
Lessons learned from the design of the SCIM APILessons learned from the design of the SCIM API
Lessons learned from the design of the SCIM APIErik Wahlström
 

More Related Content

What's hot

NIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO AuthenticationNIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO AuthenticationFIDO Alliance
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2Aaron Parecki
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_securityMarco Morana
 
KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019
KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019
KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019Amazon Web Services Korea
 
FIWARE の ID 管理、アクセス制御、API 管理
FIWARE の ID 管理、アクセス制御、API 管理FIWARE の ID 管理、アクセス制御、API 管理
FIWARE の ID 管理、アクセス制御、API 管理fisuda
 
Amazon Cognito使って認証したい?それならSpring Security使いましょう!
Amazon Cognito使って認証したい?それならSpring Security使いましょう!Amazon Cognito使って認証したい?それならSpring Security使いましょう!
Amazon Cognito使って認証したい?それならSpring Security使いましょう!Ryosuke Uchitate
 
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인Amazon Web Services Korea
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0Mika Koivisto
 
SSRF対策としてAmazonから発表されたIMDSv2の効果と破り方
SSRF対策としてAmazonから発表されたIMDSv2の効果と破り方SSRF対策としてAmazonから発表されたIMDSv2の効果と破り方
SSRF対策としてAmazonから発表されたIMDSv2の効果と破り方Hiroshi Tokumaru
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect Nat Sakimura
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An OverviewPat Patterson
 
[오픈소스컨설팅] 스카우터 사용자 가이드 2020
[오픈소스컨설팅] 스카우터 사용자 가이드 2020[오픈소스컨설팅] 스카우터 사용자 가이드 2020
[오픈소스컨설팅] 스카우터 사용자 가이드 2020Ji-Woong Choi
 
Implementing OAuth
Implementing OAuthImplementing OAuth
Implementing OAuthleahculver
 
AWSメンテナンス ElastiCache編
AWSメンテナンス ElastiCache編AWSメンテナンス ElastiCache編
AWSメンテナンス ElastiCache編Serverworks Co.,Ltd.
 

What's hot (20)

NIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO AuthenticationNIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO Authentication
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_security
 
KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019
KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019
KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019
 
Amazon DynamoDB Advanced Design Pattern
Amazon DynamoDB Advanced Design PatternAmazon DynamoDB Advanced Design Pattern
Amazon DynamoDB Advanced Design Pattern
 
FIWARE の ID 管理、アクセス制御、API 管理
FIWARE の ID 管理、アクセス制御、API 管理FIWARE の ID 管理、アクセス制御、API 管理
FIWARE の ID 管理、アクセス制御、API 管理
 
FIDOのキホン
FIDOのキホンFIDOのキホン
FIDOのキホン
 
Amazon Cognito使って認証したい?それならSpring Security使いましょう!
Amazon Cognito使って認証したい?それならSpring Security使いましょう!Amazon Cognito使って認証したい?それならSpring Security使いましょう!
Amazon Cognito使って認証したい?それならSpring Security使いましょう!
 
NGINXをBFF (Backend for Frontend)として利用した話
NGINXをBFF (Backend for Frontend)として利用した話NGINXをBFF (Backend for Frontend)として利用した話
NGINXをBFF (Backend for Frontend)として利用した話
 
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuth
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0
 
SSRF対策としてAmazonから発表されたIMDSv2の効果と破り方
SSRF対策としてAmazonから発表されたIMDSv2の効果と破り方SSRF対策としてAmazonから発表されたIMDSv2の効果と破り方
SSRF対策としてAmazonから発表されたIMDSv2の効果と破り方
 
ここから始めるAWSセキュリティ
ここから始めるAWSセキュリティここから始めるAWSセキュリティ
ここから始めるAWSセキュリティ
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An Overview
 
[오픈소스컨설팅] 스카우터 사용자 가이드 2020
[오픈소스컨설팅] 스카우터 사용자 가이드 2020[오픈소스컨설팅] 스카우터 사용자 가이드 2020
[오픈소스컨설팅] 스카우터 사용자 가이드 2020
 
Implementing OAuth
Implementing OAuthImplementing OAuth
Implementing OAuth
 
AWSメンテナンス ElastiCache編
AWSメンテナンス ElastiCache編AWSメンテナンス ElastiCache編
AWSメンテナンス ElastiCache編
 

Viewers also liked

Lessons learned from the design of the SCIM API
Lessons learned from the design of the SCIM APILessons learned from the design of the SCIM API
Lessons learned from the design of the SCIM APIErik Wahlström
 
Master IAM in the Cloud with SCIM v2.0
Master IAM in the Cloud with SCIM v2.0Master IAM in the Cloud with SCIM v2.0
Master IAM in the Cloud with SCIM v2.0Kelly Grizzle
 
Jan19 scim webinar-04
Jan19 scim webinar-04Jan19 scim webinar-04
Jan19 scim webinar-04Paul Madsen
 
Open Standard Based identity Provisioning System for Cloud
Open Standard Based identity Provisioning System for CloudOpen Standard Based identity Provisioning System for Cloud
Open Standard Based identity Provisioning System for CloudPrabath Siriwardena
 
WSO2 Charon
WSO2 CharonWSO2 Charon
WSO2 CharonHasiniG
 
SCIM 2.0 - Choose your own identity adventure
SCIM 2.0 - Choose your own identity adventureSCIM 2.0 - Choose your own identity adventure
SCIM 2.0 - Choose your own identity adventureKelly Grizzle
 

Viewers also liked (7)

Security in Practice
Security in PracticeSecurity in Practice
Security in Practice
 
Lessons learned from the design of the SCIM API
Lessons learned from the design of the SCIM APILessons learned from the design of the SCIM API
Lessons learned from the design of the SCIM API
 
Master IAM in the Cloud with SCIM v2.0
Master IAM in the Cloud with SCIM v2.0Master IAM in the Cloud with SCIM v2.0
Master IAM in the Cloud with SCIM v2.0
 
Jan19 scim webinar-04
Jan19 scim webinar-04Jan19 scim webinar-04
Jan19 scim webinar-04
 
Open Standard Based identity Provisioning System for Cloud
Open Standard Based identity Provisioning System for CloudOpen Standard Based identity Provisioning System for Cloud
Open Standard Based identity Provisioning System for Cloud
 
WSO2 Charon
WSO2 CharonWSO2 Charon
WSO2 Charon
 
SCIM 2.0 - Choose your own identity adventure
SCIM 2.0 - Choose your own identity adventureSCIM 2.0 - Choose your own identity adventure
SCIM 2.0 - Choose your own identity adventure
 

Similar to Scim overview

Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610Cisco DevNet
 
Programming with Azure Active Directory
Programming with Azure Active DirectoryProgramming with Azure Active Directory
Programming with Azure Active DirectoryJoonas Westlin
 
OpenStack: Everything You Need To Know to Get Started (ATO2014)
OpenStack: Everything You Need To Know to Get Started (ATO2014)OpenStack: Everything You Need To Know to Get Started (ATO2014)
OpenStack: Everything You Need To Know to Get Started (ATO2014)Mark Voelker
 
SharePoint and Office 365 Development Workshop
SharePoint and Office 365 Development WorkshopSharePoint and Office 365 Development Workshop
SharePoint and Office 365 Development WorkshopEric Shupps
 
Learning the basics of Apache NiFi for iot OSS Europe 2020
Learning the basics of Apache NiFi for iot OSS Europe 2020Learning the basics of Apache NiFi for iot OSS Europe 2020
Learning the basics of Apache NiFi for iot OSS Europe 2020Timothy Spann
 
cv hatem elewa new(1)
cv hatem elewa new(1)cv hatem elewa new(1)
cv hatem elewa new(1)Hatem Elewa
 
API Deep Dive: APIC EM Rest API
API Deep Dive: APIC EM Rest API API Deep Dive: APIC EM Rest API
API Deep Dive: APIC EM Rest API Cisco DevNet
 
SharePoint Saturday Ottawa 2014 - Microsoft Azure : Central component of your...
SharePoint Saturday Ottawa 2014 - Microsoft Azure : Central component of your...SharePoint Saturday Ottawa 2014 - Microsoft Azure : Central component of your...
SharePoint Saturday Ottawa 2014 - Microsoft Azure : Central component of your...PimpMySharePoint
 
Grokking Engineering - Data Analytics Infrastructure at Viki - Huy Nguyen
Grokking Engineering - Data Analytics Infrastructure at Viki - Huy NguyenGrokking Engineering - Data Analytics Infrastructure at Viki - Huy Nguyen
Grokking Engineering - Data Analytics Infrastructure at Viki - Huy NguyenHuy Nguyen
 
Connect(); 2016 한시간 총정리
Connect(); 2016 한시간 총정리Connect(); 2016 한시간 총정리
Connect(); 2016 한시간 총정리명신 김
 
Introduction to Apache NiFi 1.11.4
Introduction to Apache NiFi 1.11.4Introduction to Apache NiFi 1.11.4
Introduction to Apache NiFi 1.11.4Timothy Spann
 
Kraken
KrakenKraken
KrakenPayPal
 
Webex Teams Widgets Technical Drill down - Cisco Live Orlando 2018 - DEVNET-3891
Webex Teams Widgets Technical Drill down - Cisco Live Orlando 2018 - DEVNET-3891Webex Teams Widgets Technical Drill down - Cisco Live Orlando 2018 - DEVNET-3891
Webex Teams Widgets Technical Drill down - Cisco Live Orlando 2018 - DEVNET-3891Cisco DevNet
 
The Server Side of Responsive Web Design
The Server Side of Responsive Web DesignThe Server Side of Responsive Web Design
The Server Side of Responsive Web DesignDave Olsen
 
Tracking crime as it occurs with apache phoenix, apache hbase and apache nifi
Tracking crime as it occurs with apache phoenix, apache hbase and apache nifiTracking crime as it occurs with apache phoenix, apache hbase and apache nifi
Tracking crime as it occurs with apache phoenix, apache hbase and apache nifiTimothy Spann
 
CIS14: SCIM: Why It’s More Important, and More Simple, Than You Think
CIS14: SCIM: Why It’s More Important, and More Simple, Than You ThinkCIS14: SCIM: Why It’s More Important, and More Simple, Than You Think
CIS14: SCIM: Why It’s More Important, and More Simple, Than You ThinkCloudIDSummit
 
OpenStack: Everything You Need to Know To Get Started
OpenStack: Everything You Need to Know To Get StartedOpenStack: Everything You Need to Know To Get Started
OpenStack: Everything You Need to Know To Get StartedAll Things Open
 
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!Harry McLaren
 
Webex APIs for Administrators - DEVNET_2610 - Cisco Live 2019
Webex APIs for Administrators - DEVNET_2610 - Cisco Live 2019Webex APIs for Administrators - DEVNET_2610 - Cisco Live 2019
Webex APIs for Administrators - DEVNET_2610 - Cisco Live 2019Cisco DevNet
 

Similar to Scim overview (20)

Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
 
Programming with Azure Active Directory
Programming with Azure Active DirectoryProgramming with Azure Active Directory
Programming with Azure Active Directory
 
OpenStack: Everything You Need To Know to Get Started (ATO2014)
OpenStack: Everything You Need To Know to Get Started (ATO2014)OpenStack: Everything You Need To Know to Get Started (ATO2014)
OpenStack: Everything You Need To Know to Get Started (ATO2014)
 
SharePoint and Office 365 Development Workshop
SharePoint and Office 365 Development WorkshopSharePoint and Office 365 Development Workshop
SharePoint and Office 365 Development Workshop
 
Learning the basics of Apache NiFi for iot OSS Europe 2020
Learning the basics of Apache NiFi for iot OSS Europe 2020Learning the basics of Apache NiFi for iot OSS Europe 2020
Learning the basics of Apache NiFi for iot OSS Europe 2020
 
cv hatem elewa new(1)
cv hatem elewa new(1)cv hatem elewa new(1)
cv hatem elewa new(1)
 
API Deep Dive: APIC EM Rest API
API Deep Dive: APIC EM Rest API API Deep Dive: APIC EM Rest API
API Deep Dive: APIC EM Rest API
 
SharePoint Saturday Ottawa 2014 - Microsoft Azure : Central component of your...
SharePoint Saturday Ottawa 2014 - Microsoft Azure : Central component of your...SharePoint Saturday Ottawa 2014 - Microsoft Azure : Central component of your...
SharePoint Saturday Ottawa 2014 - Microsoft Azure : Central component of your...
 
Grokking Engineering - Data Analytics Infrastructure at Viki - Huy Nguyen
Grokking Engineering - Data Analytics Infrastructure at Viki - Huy NguyenGrokking Engineering - Data Analytics Infrastructure at Viki - Huy Nguyen
Grokking Engineering - Data Analytics Infrastructure at Viki - Huy Nguyen
 
Connect(); 2016 한시간 총정리
Connect(); 2016 한시간 총정리Connect(); 2016 한시간 총정리
Connect(); 2016 한시간 총정리
 
Introduction to Apache NiFi 1.11.4
Introduction to Apache NiFi 1.11.4Introduction to Apache NiFi 1.11.4
Introduction to Apache NiFi 1.11.4
 
Kraken
KrakenKraken
Kraken
 
Webex Teams Widgets Technical Drill down - Cisco Live Orlando 2018 - DEVNET-3891
Webex Teams Widgets Technical Drill down - Cisco Live Orlando 2018 - DEVNET-3891Webex Teams Widgets Technical Drill down - Cisco Live Orlando 2018 - DEVNET-3891
Webex Teams Widgets Technical Drill down - Cisco Live Orlando 2018 - DEVNET-3891
 
The Server Side of Responsive Web Design
The Server Side of Responsive Web DesignThe Server Side of Responsive Web Design
The Server Side of Responsive Web Design
 
Framework for IoT Interoperability
Framework for IoT InteroperabilityFramework for IoT Interoperability
Framework for IoT Interoperability
 
Tracking crime as it occurs with apache phoenix, apache hbase and apache nifi
Tracking crime as it occurs with apache phoenix, apache hbase and apache nifiTracking crime as it occurs with apache phoenix, apache hbase and apache nifi
Tracking crime as it occurs with apache phoenix, apache hbase and apache nifi
 
CIS14: SCIM: Why It’s More Important, and More Simple, Than You Think
CIS14: SCIM: Why It’s More Important, and More Simple, Than You ThinkCIS14: SCIM: Why It’s More Important, and More Simple, Than You Think
CIS14: SCIM: Why It’s More Important, and More Simple, Than You Think
 
OpenStack: Everything You Need to Know To Get Started
OpenStack: Everything You Need to Know To Get StartedOpenStack: Everything You Need to Know To Get Started
OpenStack: Everything You Need to Know To Get Started
 
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
 
Webex APIs for Administrators - DEVNET_2610 - Cisco Live 2019
Webex APIs for Administrators - DEVNET_2610 - Cisco Live 2019Webex APIs for Administrators - DEVNET_2610 - Cisco Live 2019
Webex APIs for Administrators - DEVNET_2610 - Cisco Live 2019
 

Recently uploaded

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Recently uploaded (20)

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Scim overview

  • 1. 1© 2014 Cisco and/or its affiliates. All rights reserved. Morteza Ansari June 23, 2014
  • 2. © 2014 Cisco and/or its affiliates. All rights reserved. 2 • History • Use Cases • Schema • Protocol • References
  • 3. © 2014 Cisco and/or its affiliates. All rights reserved. 3 • Started 2010 • Really started May 2011 • 12 Companies participated under OWF ADP, BCP Soft, Canarie, Cisco, Courion, Id Machines, Ping Identity, Nexux, Sailpoint, SalesForce, UnboundID, WSO2 • 1.0 was published Dec. 2011 • 12 independent implementations • Frequent interop events at IIW, CIS, and one at IETF • IETF BOF Mar. 2012 • IETF WG Jul. 2012
  • 4. © 2014 Cisco and/or its affiliates. All rights reserved. 4 • How do I provision a user account for service X? • How do I de-provision a user account from service X? • How do I update an existing account for service X? • How do I keep my organization’s users in sync with service X? • How do I manage groups? • How do I cross-provision across cloud services?
  • 5. © 2014 Cisco and/or its affiliates. All rights reserved. 5 • User/Group provisioning from Enterprise to Cloud
  • 6. © 2014 Cisco and/or its affiliates. All rights reserved. 6 • User/Group provisioning from Enterprise to Cloud • User/Group provisioning from cloud service to cloud service
  • 7. © 2014 Cisco and/or its affiliates. All rights reserved. 7 • User/Group provisioning from Enterprise to Cloud • User/Group provisioning from cloud service to cloud service • Is used in many many more cases today Enterprise provisioning/cross provisioning Identity access Many new endpoints: machines, contacts, tenants, devices, …
  • 8. © 2014 Cisco and/or its affiliates. All rights reserved. 8 dn: cn=HomeJSimpson,o=domain-name cn: HomerJSimpson objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson mail: HJSimpson@burnsco.com givenname: Homer sn: Simpson postalAddress: 742 Evergreen Terrace l: Springfield st: Kentsouri postalCode: 01234 telephoneNumber: (888) 555-1111 jpegPhoto: http://www.simpsons.com/homer.jpg … Homer J. Simpson Springfield Nuclear Plant Safety Inspector (888) 555-1111 Work (123) 666-1111 Home HJSimpson@burnsco.com 742 Evergreen Terrace Springfield, Kentsouri 01234 h p://www.simpsons.com
  • 9. © 2014 Cisco and/or its affiliates. All rights reserved. 9 • OASIS Standard (1.0 – 2003; 2.0 – 2006) • No core Schema • Complex – real or perceived • Some traction within enterprises, none for cloud services • Limited support - few tools/products “Built it, nobody came!”
  • 10. © 2014 Cisco and/or its affiliates. All rights reserved. 10 • Set of pre-defined schema – Users & Groups • RESTful API definition • CRUD • Bulk operations • Search • Discovery • Extension semantics (basic in 1.x) • Support for complex data models • SIMPLE!!!
  • 11. © 2014 Cisco and/or its affiliates. All rights reserved. 11 • Rich information model • XML & JSON data models • Concrete artifacts Users & Groups • Usage semantics MTI & recommended • Extensibility Enterprise User
  • 12. © 2014 Cisco and/or its affiliates. All rights reserved. 12 • Resource is an attribute container • An attribute is Simple or Complex Single value or Plural • Extensible • Data type added in 2.0 { "schemas": ["urn:scim:schemas:core:1.0"], "id": "2819c223-7f76-453a-919d-413861904646", "externalId": "701984", "userName": "bjensen@example.com", "name": { "formatted": "Ms. Barbara J Jensen III", "familyName": "Jensen", "givenName": "Barbara", "middleName": "Jane", "honorificPrefix": "Ms.", "honorificSuffix": "III" }, "displayName": "Babs Jensen", "nickName": "Babs", "profileUrl": "https://login.example.com/bjensen", "emails": [ { "value": "bjensen@example.com", "type": "work", "primary": true }, { "value": "babs@jensen.org", "type": "home" } ], "meta": { "created": "2010-01-23T04:56:22Z", "lastModified": "2011-05-13T04:42:34Z", "version": "W/"a330bc54f0671c9"", "location": "https://example.com/v1/Users/2819c223-7f76" } }
  • 13. © 2014 Cisco and/or its affiliates. All rights reserved. 13 { "schemas": ["urn:scim:schemas:core:1.0"], "id": "2819c223-7f76-453a-919d-413861904646", "externalId": "bjensen", "meta": { "created": "2011-08-01T18:29:49.793Z", "lastModified": "2011-08-01T18:29:49.793Z", "location": "https://example.com/v1/Users/2819c223...", "version": "W/"f250dd84f0671c3" }, "name": { "formatted": "Ms. Barbara J Jensen III", "familyName": "Jensen", "givenName": "Barbara" }, "userName": "bjensen", "phoneNumbers": [ { "value": "555-555-8377", "type": "work" } ] } Required Complex Simple Complex multi-valued
  • 14. © 2014 Cisco and/or its affiliates. All rights reserved. 14 { "schemas": ["urn:scim:schemas:core:1.0", "urn:scim:schemas:extension:enterprise:1.0"], "id": "2819c223-7f76-453a-919d-413861904646", "externalId": "bjensen", "userName": "bjensen", "urn:scim:schemas:extension:enterprise:1.0": { "employeeNumber": "701984", "costCenter": "4130", "organization": "Universal Studios", "division": "Theme Park", "department": "Tour Operations", "manager": { "managerId": "26118915-6090-4610-87e4-49d8ca9f808d", "displayName": "John Smith“ } } } Declaration Use
  • 15. © 2014 Cisco and/or its affiliates. All rights reserved. 15 { "schemas": ["urn:scim:schemas:core:1.0"], "id": "2819c223-7f76-453a-919d-413861904646", "displayName": "Tour Guides", "members": [ { "value": "2819c223-7f76-453a-919d-413861904646", "displayName": "Babs Jensen", "type": "User" }, { "value": ”4769c303-ab76-673a-769d-413867987436", "displayName": "Mandy Pepperidge", "type": "User" } ] } Type (User|Group) Optional & Read-only
  • 16. © 2014 Cisco and/or its affiliates. All rights reserved. 16 • HTTP/REST • CRUD • Bulk • Search • Discovery • Simple MTI, Complex optional • Extensible • Versioned • “cURL” friendly
  • 17. © 2014 Cisco and/or its affiliates. All rights reserved. 17 • Discovery • Create = POST https://example.com/{v}/{resource} • Read = GET https://example.com/{v}/{resource}/{id} • Update = PUT https://example.com/{v}/{resource}/{id} • Delete = DELETE https://example.com/{v}/{resource}/{id} • Update = PATCH https://example.com/{v}/{resource}/{id} • Search = https://example.com/{v}/{resource}? filter={attribute} {op} {value} & sortBy={attributeName} & sortOrder={ascending|descending} • Bulk
  • 18. © 2014 Cisco and/or its affiliates. All rights reserved. 18 • GET /Schemas Introspect resources and attribute extensions • GET /ServiceProviderConfigs Spec compliance Support for bulk, patch, etc… Authentication schemes OAuth, HTTP basic, etc… Data formats Support XML
  • 19. © 2014 Cisco and/or its affiliates. All rights reserved. 19 POST /v1/Users HTTP/1.1 Host: example.com Accept: application/json Authorization: Bearer h480djs93hd8 { "schemas": ["urn:scim:schemas:core:1.0"], "externalId": "bjensen", "userName":"bjensen", "name": { "familyName": "Jensen", "givenName": "Barbara" } } Operation Resource Type Format AuthZ “User” Payload
  • 20. © 2014 Cisco and/or its affiliates. All rights reserved. 20 HTTP/1.1 201 Created Content-Type: application/json Location: https://example.com/v1/Users/281... ETag: W/"e180ee84f0671b1" {` "schemas": ["urn:scim:schemas:core:1.0"], "id": "2819c223-7f76-453a-919d-413861904646", "externalId": "bjensen", "meta": { "created": "2011-08-01T21:32:44.882Z", "lastModified": "2011-08-01T21:32:44.882Z", "location": "https://example.com/v1/Users/281...", "version": "W/"e180ee84f0671b1"" }, "name":{ "familyName":"Jensen", "givenName":"Barbara" }, "userName":"bjensen" } Result code Format “Permalink” SP generated ID
  • 21. © 2014 Cisco and/or its affiliates. All rights reserved. 21 GET /v1/Users/2819c223-7f76-453a-919d-413861904646.json Host: example.com Authorization: Bearer h480djs93hd8 Operation Resource Type Stable ID Format
  • 22. © 2014 Cisco and/or its affiliates. All rights reserved. 22 HTTP/1.1 200 OK Content-Type: application/json Location: https://example.com/v1/Users/281... ETag: W/"e180ee84f0671b1" { "schemas": ["urn:scim:schemas:core:1.0"], "id": "2819c223-7f76-453a-919d-413861904646", "externalId": "bjensen", "meta": { "created": "2011-08-01T21:32:44.882Z", "lastModified": "2011-08-01T21:32:44.882Z", "location": "https://example.com/v1/Users/281...", "version": "W/"e180ee84f0671b1"" }, "name":{ "familyName":"Jensen", "givenName":"Barbara" }, "userName":"bjensen" } Result code Format “Permalink” SP ID
  • 23. © 2014 Cisco and/or its affiliates. All rights reserved. 23 GET /v1/Users?filter=title pr and userType eq "Employee" &sortBy=title &sortOrder=ascending &attributes=title,username &startIndex=11 &count=10 Host: example.com Accept: application/json Authorization: Bearer h480djs93hd8 Operation Resource Type URL encoded filter Sorting Partial results Index-based pagination
  • 24. © 2014 Cisco and/or its affiliates. All rights reserved. 24 { "schemas": ["urn:scim:schemas:core:1.0"], "totalResults": 2, "Resources": [ { "id": "c3a26dd3-27a0-4dec-a2ac-ce211e105f97", "title": "Assistant VP", "userName": "bjensen" }, { "id": "a4a25dd3-17a0-4dac-a2ac-ce211e125f57", "title": "VP", "userName": "jsmith" } ] } Pagination Users SP ID ever present
  • 25. © 2014 Cisco and/or its affiliates. All rights reserved. 25 • PATCH Allows providing partial updates to resources May be important if modifying a large multi-valued attribute on a resource (eg – group members) • Bulk Allows performing many operations at once Useful for synchronizing data into a service provider • Both are optional
  • 26. © 2014 Cisco and/or its affiliates. All rights reserved. 26 • TLS MTI • Standard HTTP considerations apply • Authentication is discoverable, OAuth bearer token recommended • HTTP basic is commonly implemented for interoperability • Authorization attributes are *VERY* loosely defined Roles, groups, and entitlements
  • 27. © 2014 Cisco and/or its affiliates. All rights reserved. 27 { "id": "2819c223-7f76-453a-919d-413861904646", "externalId": "bjensen", "name": { "familyName": "Jensen", "givenName": "Barbara" }, "userName": "bjensen", "password": "maybe_plaintext", "roles": [ { "value": "RA" } ], "groups": [ { "value": "2819c223-7f76-453a-919d-982763095", "display": "Student" } ], "entitlements": [ { "value": "delete users" } ] } Password AuthZ
  • 28. © 2014 Cisco and/or its affiliates. All rights reserved. 28 • http://www.simplecloud.info • SCIMv1.1 http://www.simplecloud.info/specs/draft-scim-core-schema-01.html http://www.simplecloud.info/specs/draft-scim-api-01.html • SCIMv2.0 http://tools.ietf.org/html/draft-ietf-scim-core-schema http://tools.ietf.org/html/draft-ietf-scim-api http://tools.ietf.org/html/draft-ietf-scim-use-cases • IETF SCIM WG http://tools.ietf.org/wg/scim/ • mailto: scim@ietf.org • Credit for slides: IETF WG, Trey Drake & Kelly Grizzle