The document provides an overview of the System for Cross-domain Identity Management (SCIM) standard. SCIM aims to simplify user provisioning across cloud applications by defining common schemas and protocols for exchanging user identity data. It builds on existing schemas like LDAP and is designed to be lightweight. SCIM provides endpoints and schemas for resources like users and groups. While still evolving, SCIM offers a consistent approach to provisioning that is flexible, extensible, and designed to reduce integration complexity.
Slides for a discussion about Cloud Computing organised by the Isle of Man Branch of the BCS in September 2012. These slides introduce Cloud Computing, delve into some detail on Mcirosoft Azue and Amazon Web Services and pose some questions as to suitability, consideration and risks to be discussed. This talk was presented by Arron Clague from Synapse Consulting and Owen Cutajar from Intelligence Ltd
Slides for a discussion about Cloud Computing organised by the Isle of Man Branch of the BCS in September 2012. These slides introduce Cloud Computing, delve into some detail on Mcirosoft Azue and Amazon Web Services and pose some questions as to suitability, consideration and risks to be discussed. This talk was presented by Arron Clague from Synapse Consulting and Owen Cutajar from Intelligence Ltd
- Problems with traditional data centers.
- Cloud computing definition, deployment, and services models.
- Essential characteristics of cloud services.
- IaaS examples.
- PaaS examples.
- SaaS examples.
- Cloud enabling technologies such as grid computing, utility computing, service oriented architecture (SOA), The Internet, Multi-tenancy, Web 2.0, Automation and Virtualization.
Cloud computing means storing and accessing data and programs over the Internet instead of your computer's hard drive.In computer networking, cloud computing is a phrase used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication network such as the Internet.
Secure and Govern Integration between the Enterprise & the CloudCA API Management
Secure, govern and mediate integrations between enterprise applications and Cloud services
Overview
For Best Buy, the public Cloud provides a strategic way to dynamically scale consumer and partner-facing Web and API assets. The Cloud lets Best Buy accommodate peaks in demand without overbuilding, while isolating sensitive data from the public.
Best Buy also needs a consistent way to control what information is shared with applications in the Cloud, while simultaneously insulating development teams from the vagaries of security, management and mediation challenges that arise when implementing a hybrid Cloud solution.
This Webinar, presented by Best Buy, Amazon Web Services and Layer 7 Technologies, looks at a specific example of the Best Buy API Developer Portal and share best practices for security, governance and mediation of enterprise services with applications in the Cloud.
The Netflix recipe for migrating your organization from building a datacenter based product to a cloud based product. First presented at the Silicon Valley Cloud Computing Meetup "Speak Cloudy to Me" on Saturday April 30th, 2011
- Problems with traditional data centers.
- Cloud computing definition, deployment, and services models.
- Essential characteristics of cloud services.
- IaaS examples.
- PaaS examples.
- SaaS examples.
- Cloud enabling technologies such as grid computing, utility computing, service oriented architecture (SOA), The Internet, Multi-tenancy, Web 2.0, Automation and Virtualization.
Cloud computing means storing and accessing data and programs over the Internet instead of your computer's hard drive.In computer networking, cloud computing is a phrase used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication network such as the Internet.
Secure and Govern Integration between the Enterprise & the CloudCA API Management
Secure, govern and mediate integrations between enterprise applications and Cloud services
Overview
For Best Buy, the public Cloud provides a strategic way to dynamically scale consumer and partner-facing Web and API assets. The Cloud lets Best Buy accommodate peaks in demand without overbuilding, while isolating sensitive data from the public.
Best Buy also needs a consistent way to control what information is shared with applications in the Cloud, while simultaneously insulating development teams from the vagaries of security, management and mediation challenges that arise when implementing a hybrid Cloud solution.
This Webinar, presented by Best Buy, Amazon Web Services and Layer 7 Technologies, looks at a specific example of the Best Buy API Developer Portal and share best practices for security, governance and mediation of enterprise services with applications in the Cloud.
The Netflix recipe for migrating your organization from building a datacenter based product to a cloud based product. First presented at the Silicon Valley Cloud Computing Meetup "Speak Cloudy to Me" on Saturday April 30th, 2011
New Approaches to Faster Oracle Forms System PerformanceCorrelsense
Are your end-users complaining that Forms is slow? Ever wonder what the source of the problem is? Want to learn what are the fastest, most effective strategies to improve overall performance and end user experience?
Join us for a webinar where we will showcase best practices for application support engineers, application owners, QA engineers, Oracle Forms developers and EBS Integrators. Topics include:
Minimizing start up times and resource requirements
Improving speed of Forms rendering
Gaining visibility into the potential source of bottlenecks in Oracle components
Speakers: Mia Urman, CEO of OraPlayer Ltd. and Frank Days, VP of Marketing, Correlsense
Software Architecture and Architectors: useless VS valuableComsysto Reply GmbH
Abstract:
This talk introduces definitions of system architecture and proposes a way to achieve "good enough" architecture covers project requirements
Andrei will show several cases from real projects, where wrong, missing or over-sophisticated architecture decisions really hurt the development teams:
Painful sharing: do shared modules increase reusability or will be the source of problems?
Non-extensible extensibility: too sophisticated configuration hurts
Over fine-grained: incorrect splitting to microservices can make life even harder as with monolith
Cargo cult: blindly following patterns and rules can produce an unmaintainable system
Freestyle architecture: what happens if teams completely ignore architecture
Improve with less intelligence: smart endpoint and dumb pipes
We are looking forward to meet many of you in person and have great discussions around this topic!
https://www.meetup.com/de-DE/meetup-group-tfyvuydp/
This is a must-read for all engineers interested in developing a Micro services architecture. Turn your monolithic server into a prolific and multiple instance solution! Includes well-known example such as Netflix. Please contact me for more details.
Following simple patterns of good application design can allow you to scale your application for your customers easily. This presentation dives into the 12 factor application design and demo how this applies to containers and deployments on Amazon ECS and Fargate. We'll take a look at tooling that can be used to simplify your workflow and help you adopt the principles of the 12 factor application.
PL/SQL developers (as well as DBAs and many others involved) typically are uncertain what SOA means to them. They feel overwhelmed by a avalanche of acronyms. Yet they see it coming and instead of being surprised or bypassed, this session allows them to start participating and benefiting themselves. This session introduces SOA and the Oracle SOA Suite 11g to the realm of the PL/SQL developer - from which it sometimes seems so far removed. What are the key SOA concepts and objectives - what's the buzz about? What is at the heart of SOA Suite 11g: Composite Applications, BPEL PM and the Mediator.
The presentation demonstrates how SOA Services can be leveraged from the database – from Triggers and PL/SQL applications and how the database can publish events to the Event Delivery Network. It demonstrates how the SOA infrastructure can access the database, primarily using the Database Adapter – and how database developers can be instrumental in efficiently doing so. It concludes with some hints for applying SOA concepts for 'normal' database development.
Accenture Cloud Platform helps customers manage public and private enterprise cloud resources effectively and securely. In this session, learn how we designed and built new core platform capabilities using a serverless, microservices-based architecture that is based on AWS services such as AWS Lambda and Amazon API Gateway. During our journey, we discovered a number of key benefits, including a dramatic increase in developer velocity, a reduction (to almost zero) of reliance on other teams, reduced costs, greater resilience, and scalability. We describe the (wild) successes we’ve had and the challenges we’ve overcome to create an AWS serverless architecture at scale. Session sponsored by Accenture.
AWS Competency Partner
This is a 40 minutes about introduction to Integration & Microservices and how companies are using and built their APIs for products integration and why? We will learn about integration concepts and APIs types by examples and discuss list of market products and discuss data transformation.
Youtube Video by the end of presentation.
https://youtu.be/WRM7SyX9HO4
Link
https://wp.me/p8BMmp-mC
This is a small introduction to microservices. you can find the differences between microservices and monolithic applications. You will find the pros and cons of microservices. you will also find the challenges (Business/ technical) that you may face while implementing microservices.
Lessons learned in building a model driven software factoryJohan den Haan
These are the slides of my talk at Code Generation 2010. I share my experiences during the development of a Model-Driven Software Factory. This factory is based on multiple Domain-Specific Languages (DSLs), together describing a Service-Oriented Business Application. All DSLs have a graphical concrete syntax and are aimed at involving domain experts in the software development process. The factory has been used for many projects in the last five years and its user base is growing fast.
SpringPeople - Introduction to Cloud ComputingSpringPeople
Cloud computing is no longer a fad that is going around. It is for real and is perhaps the most talked about subject. Various players in the cloud eco-system have provided a definition that is closely aligned to their sweet spot –let it be infrastructure, platforms or applications.
This presentation will provide an exposure of a variety of cloud computing techniques, architecture, technology options to the participants and in general will familiarize cloud fundamentals in a holistic manner spanning all dimensions such as cost, operations, technology etc
Identity federations play a pivotal role in facilitating easier collaboration and sharing of services around the globe. While the protocols, technology, and best practices of federations and their services are reasonably mature, the adoption and installation of needed tools and services to participate with them can be significantly improved.
A digital divide appears to have developed and is growing between those who are participating and those who want to, but feel they cannot. Pinpointing why this divide exists and how to close the gap is a source of debate but some simple statements can be made:
● Reducing the time to deploy services will help relieve pressure on time and resources for all
● Easier deployment of local components benefits both new participants grappling with the technology adoption curve and existing participants by growing the community
● Embedding best practices and core principles of security and service operation help avoid re-inventing the wheel for new participants as well as help maintain overall quality for the whole community.
Attempting to address this divide has been the work of a number of federation operators and NRENs each at different stages of their plans. This presentation will explore and discuss the various approaches that the NREN community has undertaken and contrast them with how SUNET’s SWAMID and CANARIE’s CAF collaboratively created approach compares. A key component of the approach is to streamline software deployments to support eduroam federated 802.1x authentication using FreeRADIUS and SAML2 federation services using Shibboleth software on a single VM instance. While each service on their own may have been done in the past, combining them in a federation aware context, and simplifying the overall experience is relatively new and revealed a great deal of overlap and efficiencies that could be gained doing so.
The presentation will discuss the various collaboration and decision challenges encountered with implementers in two different federations on two different continents and an eye to other federation’s needs. The implementers feel that design decisions have led to an implementation that is able to be extended to other federations which will also be explored and discussed. Time permitting, a demonstration of the solution deployment process will be shown.
On April 28th, a hands-on workshop was held at BCNet2014 in Vancouver by CANARIE's Canadian Access Federation (CAF) team.
The first part of the workshop explored CAF’s Identity Provider (IdP) Installer tool that automates the installation of FreeRADIUS for eduroam and Shibboleth for Federated SSO. The second part of the workshop will be dedicated to exploring CAF's new Federation Manager, an online tool that enables sites to manage their new or installed Shibboleth IdP installation, and easily manage attributes and enable services.
CANARIE operates the Canadian Access Federation, a program with a set of services delivering Federated Single Sign On (FedSSO), and eduroam as services.
This presentation at REFED.org's day at Internet2 identity week is a high level view of what CAF is engaged in and interested in.
Eduroam: A current view of the worldwide serviceChris Phillips
For over 11 years eduroam has been streamlining the mobile user experience and making it easier for researchers and students on the go to collaborate and innovate. With millions of transactions a day across over 60 countries the eduroam approach has scaled and kept abreast of the fast pace of change in ICT and explosive growth in mobile devices. Tapping into the talent pool of the eduroam community has been instrumental to keeping the service relevant and meaningful for the past decade and for more years to come. We'll share how we do this and some of the activities and areas of focus ahead.
CANARIE is the operator for eduroam in Canada and is active both domestically and internationally working on improvements and expanding the reach of eduroam. Our activities are diverse and we would like to update the community with developments in the following areas:
Eduroam operations: The number of eduroam sites in Canada is growing and so is the traffic as more and more mobile users carry multiple devices. Maintaining a high quality experience is important where the ultimate assessment is in the hands of the users. This portion of the presentation will discuss specific areas that we focused on and how they have improved, as well as eduroam traffic patterns and analysis tools.
Helping eduroam sites streamline eduroam configuration using CATS: CAT is short for Configuration Assistant Tool, a centrally managed service tool created by eduroam.org that allows site admins to monitor and remotely test their eduroam site from international locations. It uses federated access (using CAF & eduGAIN) to permit site operators to manage their own site-specific settings, and help streamline eduroam deployment and local support.
Looking to the future: Exploring enhancements to eduroam infrastructure – eduroam has been in service for just over ten years using the same durable RADIUS technology. This portion of the presentation will explore some of the next generation approaches to keep eduroam growing and working even better for the next decade. Topics in this section will be improved ways to interconnect eduroam servers using DNSSEC, as well as DANE cryptographic enhancements for dynamic server discovery.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
1. 2012Q1 Overview of SCIM
Jan 30, 2012 - Chris Phillips – chris.phillips@canarie.ca
Technical Architect – Canadian Access Federation
SCIM Contributor
2. About this presentation…
• SCIM wouldn’t exist if it weren’t for all the
contributors focusing their time and talent on
the topic of provisioning.
• Check out the simplecloud.info and mailing
list for all the contributors.
• SCIM has great initial momentum
– Overtaking SPML for the preferred provisioning
protocol
– ‘Heavy enough/Light enough’ strikes a chord with
implementers
3. Background
• Intention
– designed to make provisioning user identity in cloud based
applications and services easier
• How
– to build upon experience with existing schemas and
deployments
– Intentional simplicity of development and integration
– Based on authentication, authorization, and privacy models
• Provides/ intended delivery of
– a common user schema and extension model
– patterns for exchanging this schema using standard protocols
– fast, cheap, and easy to move users in to, out of, and around
the cloud.
4. Why SCIM & Why Now?
• Stating the obvious:
Everyone provisions differently in absence of a
standard Paradox of choice
– Too many options create confusion
– Fragments effort and increases costs
• SCIM puts a stake in the ground
– Enough implementers align to a single method & save $
– How? Consistency breeds ease of integration
• Configure instead of custom code is the goal
– ROI significant due to reduced complexity
5. Terminology
• Service Provider[1]:
– A web application that provides identity
information via the SCIM protocol.
• Consumer:
– A website or application that uses the SCIM
protocol to manage identity data maintained by
the Service Provider.
• Resource:
– The Service Provider managed artifact containing
one or more attributes; e.g., User or Group
[1] unfortunately this is contrary to SAML terminology in which case this may be
considered the Identity Provider.
6. Where does SCIM play in the IDM Space?
User Admin
API
Interface Interface
LDAP
Person Registry
SCIM AD
Connectors SSO
Workflow Engine to EC2
Applications
‘Consumers’ Vendor X
Persistent datastore
App Y
8. Schema
• Started from portable contracts schema[1]
– Some pieces derived from participants needs
• Handles a variety of attribute types [2]:
– Single valued, multivalued, and complex types
• Allows for significant flexibility,
• Implementers will have to understand how their datamodel maps
to SCIM
• Philosophically Speaking, it’s a core schema +
extensions
– Partitions customizations much like LDAP schema
extensions
[1] http://www.portablecontacts.net/draft-schema.html
[2] http://www.simplecloud.info/specs/draft-scim-core-schema-01.html
9. Terminology (Con’t)
• Singular Attribute:
– A Resource attribute that contains 0..1 values;
e.g., displayName.
• Multi-valued Attribute:
– A Resource attribute that contains 0..n values; e.g., emails.
• Simple Attribute:
– A Singular or Multi-valued Attribute whose value is a primitive;
e.g., String.
• Complex Attribute:
– A Singular or Multi-valued Attribute whose value is a
composition of one or more Simple Attributes.
• Sub-Attribute:
– A Simple Attribute contained within a Complex Attribute.
10. JSON Complex Attribute Fragment
{
"name":"emails",
"type":"complex",
"multiValued":true,
"multiValuedAttributeChildName":"email",
"description":"E-mail addresses for the user. The value SHOULD be canonicalized by the Service Provider, e.g. bjensen@example.com instead of
bjensen@EXAMPLE.COM. Canonical Type values of work, home, and other.",
"schema":"urn:scim:schemas:core:1.0",
"readOnly":false,
"required":false,
"caseExact":false,
"subAttributes":[
{
"name":"value",
"type":"string",
"multiValued":false,
"description":"E-mail addresses for the user. The value SHOULD be canonicalized by the Service Provider, e.g. bjensen@example.com instead of
bjensen@EXAMPLE.COM. Canonical Type values of work, home, and other.",
"readOnly":false,
"required":false,
"caseExact":false
},
{
"name":"display",
"type":"string",
"multiValued":false,
"description":"A human readable name, primarily used for display purposes. READ-ONLY.",
"readOnly":true,
"required":false,
"caseExact":false
},
{
11. Schema Mappings
• Mappings exist from SCIM to
– LDAP inetOrgPerson, groups
– AD person record, groups
• Still fluid are SCIM -> SAML
– Current thinking:
• Have ‘High Fidelity’ 1:1 SCIM:SAML profile
• Have ‘Lower Fidelity’ SCIM to eduperson map
• Still hot topic, but hoping that leadership from within
SCIM group will have guiding hand in mapping to save
time/effort for others
12. Usage Scenarios
• See scenarios doc [1]
• Where does SCIM play with the various
techniques?
– See Tom Zeller’s lightning talk[2](Internet2)
depictions of the situations/user stories:
• Plots discussions regarding SPML, SAML, and
SCIM, against LDAP
[1] http://www.simplecloud.info/specs/draft-scim-scenarios-03.html
[2] https://spaces.internet2.edu/display/ACAMPIdSummit2011/Lightning+Talk+Topics+and+Slides
13. License - OWF
• Licensing is OWF (Open Web Foundation)
• Cisco, Ping Identity, Salesforce, unBoundID + others
already signed on
• CANARIE signed on as a formal way to contribute from
higher ed
• Google engaged, late ~2011Q3 and contributing
14. Timing
• SCIM 1.0 released Dec 15, 2011
• Targetting IETF82(Paris) or 83(Vancouver) for BOF
• Implementations and SDKs[1] already exist
• unBoundID already shipping with SCIM implementation
– Implemented as the spec evolved
– map SCIM to inetOrgPerson in LDAP?
[1] http://www.unboundid.com/blog/2011/07/26/the-unboundid-scim-sdk/
15. Things to Think About
• Coverage is primarily on person provisioning activities and
mechanics therein
– Light coverage on groups
– No coverage (as of yet) on privacy or other special areas
• Governance and how to ‘grow the spec’ to a 2.0 stage is
‘light’ - suggest and it will be reviewed by mailing list
participants, votes on direction by OWF signatories.
– Very lightweight so nimble, but may not be familiar to some
• Design pattern pushes complexity to extensions
– Unclear on the good/bad design pattern
– Encourage debate and recommendations what should be core
for next round
16. Is Simple Really Simple?
• RESTful API calls- keeps it simple & lightweight
• ChrisP: this is the ‘SPML is too big value proposition’. It
will be more simple than SPML….but hard to escape
complexity of hard problems.
• Still have deal with what happens when the
method is invoked on either end:
• How well it happens here is going to make or break you
(use XACML? How much intelligence? How portable?)
17. Parting Thoughts
• SCIM offers a compelling & consistent vision for
provisioning practices.
– Flexible & extensible
– Your choice on fidelity/richness of schema
– Designed to simplify interop without heavy
infrastructure requirements
• Like any protocol, adoption will drive the utility &
network effect
• A number of vendors are on board already,
advocate to yours to enable this feature