Open Standard Based identity Provisioning System for Cloud

1,284 views

Published on

Open Standard Based identity Provisioning System for Cloud @ Identity.Next 2012 - Netherlands.

Published in: Education
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,284
On SlideShare
0
From Embeds
0
Number of Embeds
14
Actions
Shares
0
Downloads
34
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Open Standard Based identity Provisioning System for Cloud

  1. 1. Prabath Siriwardena (@prabath)Senior Software Architect
  2. 2. 2012  :  SCIM  1.1   2011  :  SCIM  1.0   2011  :  RESTPML   2010  :  SCIM  community   2006  :  SPML  2.0  2003  :  SPML  1.0   2003  :  WS-­‐Provisioning   2001  :  OASIS  PS  TC  
  3. 3. /Users   SCIM  Service   Provider  SCIM  Consumer   /Groups  
  4. 4. add-­‐user.json     {    "schemas":[],    "name":{"familyName":”siriwardena","givenName":”prabath"},    "userName":”prabath","password":”prabath123",    "emails":[{"primary":true,"value":”prabath@yahoo.com","type":"home"},          {"value":”prabath@wso2.com","type":"work"}]   }  curl  command  curl  -­‐v  -­‐k  -­‐-­‐user  admin:admin  -­‐d  @add-­‐user.json  -­‐-­‐header  "Content-­‐Type:application/json"  https://localhost:9443/wso2/scim/Users  
  5. 5. add-­‐group.json     {      "schemas":  ["urn:scim:schemas:core:1.0"],      "id":  "idnext",      "displayName":  "IdentityNext",   }  curl  command  curl  -­‐v  -­‐k  -­‐-­‐user  admin:admin  -­‐d  @add-­‐group.json  -­‐-­‐header  "Content-­‐Type:application/json"  https://localhost:9443/wso2/scim/Groups  
  6. 6. Domain  A   Provisioning Service Provisioning Provider Service Provider Domain  B   Provisioning Service SCIM  Consumer   Provider Domain  C   One    way  provisioning  
  7. 7. Domain  A   Provisioning Service Provisioning Provider Service Provider Domain  B   Provisioning SCIM  Consumer   Service Provider Domain  C   One  way  provisioning  with  broker  mode  
  8. 8. Domain  A   Provisioning SCIM  Consumer   Service Provisioning Provider Service Provider Domain  B   Provisioning SCIM  Consumer   Service Provider Domain  C   SCIM  Consumer   Bi-­‐directional  provisioning  
  9. 9. Domain  A   Provisioning SCIM  Consumer   Service Provisioning Provider Service Provider Provisioning Service Provider Domain  B   Provisioning SCIM  Consumer   Service Provider Domain  C   SCIM  Consumer   Multi-­‐directional  provisioning  with  a  centralized  PSP  
  10. 10. Domain  A   Provisioning 3 SAML2 IdP Service Provider 24 1 Domain  B   Just-­‐in-­‐time  provisioning  with  SAML2  
  11. 11. Domain  A   4 Provisioning 3 SAML2 IdP Service Provider 25 1 Domain  B   Just-­‐in-­‐time  provisioning  with  SAML2  
  12. 12. Provisioning Service Provider facilelogin.com   wso2.com   SCIM  Consumer  (wso2.com)  SCIM  Consumer  (facilelogin.com)  
  13. 13. OAuth 2.0 Authorization Server Bearer  Token   Provisioning Service ProviderSCIM  Consumer    
  14. 14. OAuth 2.0 Authorization Server Validate()   Bearer  Token   Provisioning Service ProviderSCIM  Consumer    
  15. 15. Resource     Action   Resource   Owner   Client   Scope   Provisioning Service ProviderSCIM  Consumer    
  16. 16. OAuth 2.0 Authorization Server Validate()   XACML   Request   Permit/ Provisioning Deny/…   Service ProviderSCIM  Consumer     XACML PDP

×