1
2
“Connectors are killing me!”
3
Carlton’s situation
Homegrown
IAM System
4
ERP
CRM
HR
Expenses
Project Management
Vacation Management
Survey Tools
Carlton’s situation
Homegrown
IAM System
5
“I can’t do this anymore!”
6
New
rules
7
“We’ve reached the tipping point.”
8
What is SCIM?
System for Cross Domain Identity Management
SCIM is a standard that defines a
Schema and API for managing ...
9
What is SCIM?
SCIM handles provisioning and deprovisioning
access, and provides a way to read identity
information.
C R ...
10
11
When a user leaves…
On-Premises
Applications
EmployeeHR
SaaS
Applications
12
User is deprovisioned!
On-Premises
Applications
SaaS
Applications
13
Provisioning Evolution – Prehistoric (1999)
14
Provisioning Evolution – Age of Connectors
15
Provisioning Evolution – SCIM
one
16
2.01.1
TODAY
17
SCIM Interop
18
“Carlton, SCIM Can Help!”
19
SCIM – A Better Way
20
¡Viva La Revolución!
Upcoming SlideShare
Loading in …5
×

SCIM Smackdown Catalyst 2013

627 views

Published on

My slides for SCIM at the San Diego Identity Standards Smackdown at Gartner Catalyst 2013. Fast and furious - 20 slides that auto-advance every 15 seconds.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
627
On SlideShare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Thanks Ian. A few weeks ago I was up in Napa at the Cloud Identity Summit … which btw, is a great place to visit … HORRIBLEplace for a conference.  Being in the middle of the wine country I only remember half of the conversations I had.But … I vividly remember two of them because they were almost identical. 
  • I was talking with two really smart, forward-thinking guys that are responsible for the identity side of the IT infrastructure at their companies and they both told me the exact same thing.  They said: “Kelly, connectors are killing me!!!”
  • One of them, Carlton, told me that his company – with over 82,000 employees - has a home grown identity management system that talks to 3500 target systems.  3500!!! 
  • Any time a group starts using a new application, it has to get tied into his infrastructure.  ERP, CRM, HR systems, expense tracking, project management… EVERY freaking system has an identity associated with it.
  • So Carlton told his consumers… “I can’t do this anymore!! Connectors are killing me. In this new world of bring your own application (BYOA), I can’t keep up with bringing all of your applications into my infrastructure.”  So he drew a line in the sand. 
  • He laid down some new rules, he said:“We’ll continue to support any application that we currently support … however… going forward if you want to tie into our identity infrastructure, your application must be able to talk SCIM.  If it doesn’t, you’re going to be stuck holding the bag to get it connected.”
  • These new friends of mine from Napa aren’t alone. We have finally hit the tipping point.  It’s too expensive to keep writing or buyingconnectors to every system that your end users want to use.  You still need to be able to manage them to keep some sort of governance controls over them.
  • That’s where SCIM can help. The System for Cross-domain Identity Management – is a standard that defines a Schema and API for managing identities…. all built using REST and JSON.
  • Unlike the other standards on stage that handle authentication and authorization…SCIM handles provisioning and deprovisioning access, and provides a way to read identity and group information.Your basic CRUD – create, read, update, delete.
  • For you geeks out there … if you’re like me your brain thinks in code. If this makes your eyes glaze over … just look away.  This is a SCIM request to read a user named Barbara Jensen.  You see curl doing an HTTP GET to read the user.  To get rid of the user, just change this to a DELETE.
  • Let’s quickly review the evolution of provisioning starting with a termination use case. An employee is terminated effective immediately due to <insert your favorite HR violation> HR escorts the employee out the door that day.
  • but all of his accounts to these applications still exist. It’s your job as the identity guy to make sure that his access is shut off immediately and all of his entitlements are effectively removed.How do you do this??
  • In the early days of provisioning…people knew that they had to manage identities but…they lacked the right tools.So what did they do? They used what they had – EMAIL! This came with obvious problems … latency, human error, forgotten/orphaned accounts…
  • In 2000, identity management vendors starting popping up to help solve this problem. How? With CONNECTORS!! They started developing connectors for every type of application out there. What’s the problem? COST – somebody is paying for all those custom connectors.
  • Now we’ve realized that we’re trying to reinvent the wheel. All of these connectors do basically the same thing, just in different ways. If all applications spoke the same language, you would only need one connector!If all applications spoke SCIM, it would be simple to just plug them together.
  • AdoptionSo … where does SCIM stand today? Last July, the SCIM 1.1 spec was finalized and many companies already have (or are in the process of) implementing it.We’re working on the 2.0 spec to clean up some of the loose endsAnd hope to have it ready in 6 months. [There are 14 known SCIM 1.1 implementations.]
  • InteropBack in Napa, eight products –including Salesforce, SailPoint, and Ping – participated in a SCIM interop eventshowcasing manyprovisioning use cases. SailPoint was pulling identitiesfrom Salesforce and syncing joiner, mover, leaver, and password events to Ping.
  • Connectors are killing you…So let's return to my friend, Carlton, being suffocated by connectors. In a world of wide-spread SCIM adoption, here's how his life would be different. Instead of spending all of his time writing connectors or making existing applications speak SCIM, he can focus on real business problems …
  • …like determining who are the riskiest usersensuring that everyone has the appropriate access … not too much, not too little automating the business processes around the identity lifecycle or giving his users a friendly portal where they can request changes.
  • It’s time to free ourselves from the bondage of the past 15 years. …and, kill the connector.Tell your vendors to support SCIM or you won’t play ball. Join the Revolution,visit the SCIM site at www.simplecloud.info Thanks!
  • SCIM Smackdown Catalyst 2013

    1. 1. 1
    2. 2. 2 “Connectors are killing me!”
    3. 3. 3 Carlton’s situation Homegrown IAM System
    4. 4. 4 ERP CRM HR Expenses Project Management Vacation Management Survey Tools Carlton’s situation Homegrown IAM System
    5. 5. 5 “I can’t do this anymore!”
    6. 6. 6 New rules
    7. 7. 7 “We’ve reached the tipping point.”
    8. 8. 8 What is SCIM? System for Cross Domain Identity Management SCIM is a standard that defines a Schema and API for managing identities REST JSON
    9. 9. 9 What is SCIM? SCIM handles provisioning and deprovisioning access, and provides a way to read identity information. C R U D
    10. 10. 10
    11. 11. 11 When a user leaves… On-Premises Applications EmployeeHR SaaS Applications
    12. 12. 12 User is deprovisioned! On-Premises Applications SaaS Applications
    13. 13. 13 Provisioning Evolution – Prehistoric (1999)
    14. 14. 14 Provisioning Evolution – Age of Connectors
    15. 15. 15 Provisioning Evolution – SCIM one
    16. 16. 16 2.01.1 TODAY
    17. 17. 17 SCIM Interop
    18. 18. 18 “Carlton, SCIM Can Help!”
    19. 19. 19 SCIM – A Better Way
    20. 20. 20 ¡Viva La Revolución!

    ×