SlideShare a Scribd company logo

Standardizing Identity Provisioning with SCIM

WSO2
WSO2

Today enterprise solutions adopt products and services from multiple cloud providers in order to accomplish various business requirements. This means that it is no longer sufficient to maintain user identities only in corporate LDAP. In most cases, SaaS providers also need dedicated user accounts created for the cloud service users, which raises the need of identity provisioning mechanisms to be in place.

Technology
1 of 43
Download to read offline
Hasini Gunasinghe Software Engineer
Example – an employee joining WSO2 Provisioning system Other internal apps LDAP Other cloud apps/services Image courtesy : http://www.crn.com/slide-shows/applications-os/223800159/google-apps-marketplace-10-hot-cloud-applications.htm http://newmediasense.net/more-than-50-cloud-developers-commit-to-jive-apps-market%E2%84%A2/222888/
What is it..? Creation, maintenance & deactivation of user accounts, in one or more systems or applications, in response to automated or interactive business processes. -Wikipedia
Identifying the parties involved… CSU – cloud service user ECS – Enterprise Cloud Subscriber Provisioning system Other internal Other cloud apps apps/services LDAP CSP– cloud service provider
Current approach... Provisioning system Other internal Other cloud apps/services apps LDAP
Problems with current approach..  Rredundant integration efforts for ECS & CSP.  Maintenance nightmare of multiple connectors.  Complexity and cost.
Solution would be a common protocol that everyone agrees on. Image courtesy : http://causerelatedmarketing.blogspot.com/2011/09/lets-bring-open-standards-to-practice.html
1. Authentication : SAML based WS-Trust & SSO, OpenID, OAuth 2. Authorization: XACML 3. Provisioning: SPML, WS-Provisioning, SCIM
How open standard solves current problems..? LDAP Provisioning system Other internal Other cloud apps/services apps
In a nutshell...  Emerging open standard.  REST API.  Platform neutral schema.  SAML binding.  Emphasis on simplicity and interoperability.
In a nutshell...  REST API  resource endpoints  supported HTTP methods PROTOCOL
In a nutshell...  REST API  SCIM REST API is relative to a base URL https://example.com/scim/v1/ PROTOCOL  Requests made via HTTP operations on a URL derived from the Base URL POST -> https://example.com/scim/v1/Users  JSON / XML formats
In a nutshell...  Resource – collection of attributes.  Schema defines attributes. SCHEMA  SCIM Core Schema  Extension Model: Additive – similar to auxiliary object classes in LDAP.
In a nutshell...  Other SCIM schemas  User Schema, Enterprise User Schema Extension SCHEMA  Group Schema  Service Provider Configuration Schema  Resource Schema
In a nutshell...  Minimal user representation in JSON & XML formats. SCHEMA
In a nutshell...  SCIM - SAML Mapping  Attributes SAML BINDING  SSO Assertion  AttributeQuery  Metadata
Brief history…  Started in mid 2010.  Version 1.0 approved in Dec 2011.  Working on submitting to IETF.  Discussions made open at cloud-directory@googlegroups.com
Platform neutral schema  Mandatory core schema with extension model.  Flexibility  Interoperability  Simplicity.
REST API  Light weight with JSON support.  Avoids performance bottleneck on the connector.
SAML Binding  Just In Time Provisioning with SSO.  Pull / Push based Identity Management.
More...  Defined core + optional capabilities.  Based on existing deployments and standards - LDAP, SAML.  Several implementations.  Adoption by major cloud vendors.
 Identity Provisioning.  Value of open standards in the space of provisioning.  SCIM.  Why SCIM...?
 Security Considerations  Authentication and Authorization - OAuth2 bearer recommended. PROTOCOL  Should be over TLS  Password attribute not to be returned.
 Automated Provisioning : SaaS 1 SCIM based (1) Create enterprise user account provisioning system HR Administrator (2)Create user (3)ok SaaS 2 Internal Apps
 Example – Creare User - Request PROTOCOL
 Example – Creare User - Response PROTOCOL
 JIT provisioning with SSO - Pull Enterprise SaaS SSO IdP User Login SSO Redirect SAML Response SAML Attribute Query SCIM User Identity Create user account
 Example – SAML Attribute Query SAML Binding
 Bulk UM Operations:  Initial imports of CSU accounts. SaaS LDAP  Scheduled synchronizations. SaaS LDAP
 Example : POST on Bulk endpoint PROTOCOL
 Identity Synchronization:  Partial updates with PATCH  Conditional overwrites with ETag
 Example – PATCH PROTOCOL
 Identity Retrieval:  Filtering  Conditional retrieval with Etag
 Identity Retrieval:  Partial retrival – with “attributes” query parameter  Pagination GET /Users?startIndex=1&count=10  Sorting
De-provisioning: (4)Delete user (1) Delete SCIM based SaaS user account enterprise (5)ok provisioning system (6)Request (7)Deny access (3)ok (2)Delete user Enterprise SSO IdP LDAP
LDAP Provisioning system Internal apps Other cloud apps/services
 Identity Provisioning.  Value of open standards in the space of provisioning.  SCIM along with highlights from the spec.  Why SCIM...?  Use cases of SCIM in Identity Management solution.  Adoption of SCIM in WSO2 Identity Server and Stratos.
 http://www.simplecloud.info/  http://en.wikipedia.org/wiki/Provisioning#User_provisioning
Selected Customers https://ail.google.com/mail/u/0/?ui=2&ik=ad9a e58f41&view=att&th=1331a70983344a32&atti d=0.1&disp=thd&realattid=f_gtxto6mk0&zw
• QuickStart • Development Support • Development Services • Production Support • Turnkey Solutions • WSO2 Mobile Services Solution • WSO2 FIX Gateway Solution • WSO2 SAP Gateway Solution
 Contact Us…  bizdev@wso2.com

Recommended

SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014Kelly Grizzle
 
SCIM presentation from CIS 2012
SCIM presentation from CIS 2012SCIM presentation from CIS 2012
SCIM presentation from CIS 2012Twobo Technologies
 
SCIM in the Real World: Adoption is Growing
SCIM in the Real World: Adoption is GrowingSCIM in the Real World: Adoption is Growing
SCIM in the Real World: Adoption is GrowingKelly Grizzle
 
Scim overview
Scim overviewScim overview
Scim overviewMorteza Ansari
 
Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016Aujas
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iPrecisely
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDCShiu-Fun Poon
 
Single sign on using SAML
Single sign on using SAML Single sign on using SAML
Single sign on using SAML Programming Talents
 

Recommended

SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014Kelly Grizzle
 
SCIM presentation from CIS 2012
SCIM presentation from CIS 2012SCIM presentation from CIS 2012
SCIM presentation from CIS 2012Twobo Technologies
 
SCIM in the Real World: Adoption is Growing
SCIM in the Real World: Adoption is GrowingSCIM in the Real World: Adoption is Growing
SCIM in the Real World: Adoption is GrowingKelly Grizzle
 
Scim overview
Scim overviewScim overview
Scim overviewMorteza Ansari
 
Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016Aujas
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iPrecisely
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDCShiu-Fun Poon
 
Single sign on using SAML
Single sign on using SAML Single sign on using SAML
Single sign on using SAML Programming Talents
 
Developing an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessDeveloping an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessForgeRock
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access managementDinusha Kumarasiri
 
API as-a-Product with Azure API Management (APIM)
API as-a-Product with Azure API Management (APIM)API as-a-Product with Azure API Management (APIM)
API as-a-Product with Azure API Management (APIM)Bishoy Demian
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2Aaron Parecki
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management StrategyNetIQ
 
Building Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementBuilding Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementGovernment Technology Exhibition and Conference
 
Api gateway in microservices
Api gateway in microservicesApi gateway in microservices
Api gateway in microservicesKunal Hire
 
Microservices, Containers, Kubernetes, Kafka, Kanban
Microservices, Containers, Kubernetes, Kafka, KanbanMicroservices, Containers, Kubernetes, Kafka, Kanban
Microservices, Containers, Kubernetes, Kafka, KanbanAraf Karsh Hamid
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect Nat Sakimura
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDDevOps.com
 
API Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersAPI Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersInon Shkedy
 
How to Achieve Agile API Security
How to Achieve Agile API SecurityHow to Achieve Agile API Security
How to Achieve Agile API SecurityApigee | Google Cloud
 
MTLS - Securing Microservice Architecture with Mutual TLS Authentication
MTLS - Securing Microservice Architecture with Mutual TLS AuthenticationMTLS - Securing Microservice Architecture with Mutual TLS Authentication
MTLS - Securing Microservice Architecture with Mutual TLS AuthenticationLaurentiu Meirosu
 
Event Sourcing & CQRS, Kafka, Rabbit MQ
Event Sourcing & CQRS, Kafka, Rabbit MQEvent Sourcing & CQRS, Kafka, Rabbit MQ
Event Sourcing & CQRS, Kafka, Rabbit MQAraf Karsh Hamid
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0Mika Koivisto
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - IntroductionKnoldus Inc.
 
Governance Strategies & Tools for Cloud Formation
Governance Strategies & Tools for Cloud Formation Governance Strategies & Tools for Cloud Formation
Governance Strategies & Tools for Cloud Formation Amazon Web Services
 
CA API Gateway: Web API and Application Security
CA API Gateway: Web API and Application SecurityCA API Gateway: Web API and Application Security
CA API Gateway: Web API and Application SecurityCA Technologies
 
Identity Access Management 101
Identity Access Management 101Identity Access Management 101
Identity Access Management 101OneLogin
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API ManagementApigee | Google Cloud
 
Interfacing Banner BEIS With Identity Management - Summit 2012
Interfacing Banner BEIS With Identity Management - Summit 2012Interfacing Banner BEIS With Identity Management - Summit 2012
Interfacing Banner BEIS With Identity Management - Summit 2012joelavery
 
Complete open source IAM solution
Complete open source IAM solutionComplete open source IAM solution
Complete open source IAM solutionRadovan Semancik
 

More Related Content

What's hot

Developing an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessDeveloping an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessForgeRock
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access managementDinusha Kumarasiri
 
API as-a-Product with Azure API Management (APIM)
API as-a-Product with Azure API Management (APIM)API as-a-Product with Azure API Management (APIM)
API as-a-Product with Azure API Management (APIM)Bishoy Demian
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2Aaron Parecki
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management StrategyNetIQ
 
Api gateway in microservices
Api gateway in microservicesApi gateway in microservices
Api gateway in microservicesKunal Hire
 
Microservices, Containers, Kubernetes, Kafka, Kanban
Microservices, Containers, Kubernetes, Kafka, KanbanMicroservices, Containers, Kubernetes, Kafka, Kanban
Microservices, Containers, Kubernetes, Kafka, KanbanAraf Karsh Hamid
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect Nat Sakimura
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDDevOps.com
 
API Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersAPI Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersInon Shkedy
 
MTLS - Securing Microservice Architecture with Mutual TLS Authentication
MTLS - Securing Microservice Architecture with Mutual TLS AuthenticationMTLS - Securing Microservice Architecture with Mutual TLS Authentication
MTLS - Securing Microservice Architecture with Mutual TLS AuthenticationLaurentiu Meirosu
 
Event Sourcing & CQRS, Kafka, Rabbit MQ
Event Sourcing & CQRS, Kafka, Rabbit MQEvent Sourcing & CQRS, Kafka, Rabbit MQ
Event Sourcing & CQRS, Kafka, Rabbit MQAraf Karsh Hamid
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0Mika Koivisto
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - IntroductionKnoldus Inc.
 
Governance Strategies & Tools for Cloud Formation
Governance Strategies & Tools for Cloud Formation Governance Strategies & Tools for Cloud Formation
Governance Strategies & Tools for Cloud Formation Amazon Web Services
 
CA API Gateway: Web API and Application Security
CA API Gateway: Web API and Application SecurityCA API Gateway: Web API and Application Security
CA API Gateway: Web API and Application SecurityCA Technologies
 
Identity Access Management 101
Identity Access Management 101Identity Access Management 101
Identity Access Management 101OneLogin
 

What's hot (20)

Developing an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessDeveloping an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your Business
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access management
 
API as-a-Product with Azure API Management (APIM)
API as-a-Product with Azure API Management (APIM)API as-a-Product with Azure API Management (APIM)
API as-a-Product with Azure API Management (APIM)
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management Strategy
 
Building Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementBuilding Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access Management
 
Api gateway in microservices
Api gateway in microservicesApi gateway in microservices
Api gateway in microservices
 
Microservices, Containers, Kubernetes, Kafka, Kanban
Microservices, Containers, Kubernetes, Kafka, KanbanMicroservices, Containers, Kubernetes, Kafka, Kanban
Microservices, Containers, Kubernetes, Kafka, Kanban
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
 
API Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersAPI Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentesters
 
How to Achieve Agile API Security
How to Achieve Agile API SecurityHow to Achieve Agile API Security
How to Achieve Agile API Security
 
MTLS - Securing Microservice Architecture with Mutual TLS Authentication
MTLS - Securing Microservice Architecture with Mutual TLS AuthenticationMTLS - Securing Microservice Architecture with Mutual TLS Authentication
MTLS - Securing Microservice Architecture with Mutual TLS Authentication
 
Event Sourcing & CQRS, Kafka, Rabbit MQ
Event Sourcing & CQRS, Kafka, Rabbit MQEvent Sourcing & CQRS, Kafka, Rabbit MQ
Event Sourcing & CQRS, Kafka, Rabbit MQ
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - Introduction
 
Governance Strategies & Tools for Cloud Formation
Governance Strategies & Tools for Cloud Formation Governance Strategies & Tools for Cloud Formation
Governance Strategies & Tools for Cloud Formation
 
CA API Gateway: Web API and Application Security
CA API Gateway: Web API and Application SecurityCA API Gateway: Web API and Application Security
CA API Gateway: Web API and Application Security
 
Identity Access Management 101
Identity Access Management 101Identity Access Management 101
Identity Access Management 101
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API Management
 

Viewers also liked

Interfacing Banner BEIS With Identity Management - Summit 2012
Interfacing Banner BEIS With Identity Management - Summit 2012Interfacing Banner BEIS With Identity Management - Summit 2012
Interfacing Banner BEIS With Identity Management - Summit 2012joelavery
 
Complete open source IAM solution
Complete open source IAM solutionComplete open source IAM solution
Complete open source IAM solutionRadovan Semancik
 
Fortress Open Source IAM on LDAPv3
Fortress Open Source IAM on LDAPv3Fortress Open Source IAM on LDAPv3
Fortress Open Source IAM on LDAPv3LDAPCon
 
CIS13: Bootcamp: Ping Identity SAML in Action with PingFederate Hands-On
CIS13: Bootcamp: Ping Identity SAML in Action with PingFederate Hands-OnCIS13: Bootcamp: Ping Identity SAML in Action with PingFederate Hands-On
CIS13: Bootcamp: Ping Identity SAML in Action with PingFederate Hands-OnCloudIDSummit
 
User Manager
User ManagerUser Manager
User ManagerEmpowerID
 
Mt26 identity management as a service
Mt26 identity management as a serviceMt26 identity management as a service
Mt26 identity management as a serviceDell World
 
CIS14: Lean In: Enterprise Cloud Identity
CIS14: Lean In: Enterprise Cloud IdentityCIS14: Lean In: Enterprise Cloud Identity
CIS14: Lean In: Enterprise Cloud IdentityCloudIDSummit
 
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTION
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTIONIAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTION
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTIONForgeRock
 
HTTP fundamentals for developers
HTTP fundamentals for developersHTTP fundamentals for developers
HTTP fundamentals for developersMario Cardinal
 
CIS13: Authorization Agent (AZA) Mobile Protocol
CIS13: Authorization Agent (AZA) Mobile ProtocolCIS13: Authorization Agent (AZA) Mobile Protocol
CIS13: Authorization Agent (AZA) Mobile ProtocolCloudIDSummit
 
Securing and Scaling SaaS
Securing and Scaling SaaSSecuring and Scaling SaaS
Securing and Scaling SaaSguest05bda0
 
Standardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIMStandardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIMHasiniG
 
Denver Startup Week '15: Mobile SSO
Denver Startup Week '15: Mobile SSODenver Startup Week '15: Mobile SSO
Denver Startup Week '15: Mobile SSOBrian Campbell
 
The Keys To A Successful Identity And Access Management Program: How Does You...
The Keys To A Successful Identity And Access Management Program: How Does You...The Keys To A Successful Identity And Access Management Program: How Does You...
The Keys To A Successful Identity And Access Management Program: How Does You...Dell World
 
Benchmarks on LDAP directories
Benchmarks on LDAP directoriesBenchmarks on LDAP directories
Benchmarks on LDAP directoriesLDAPCon
 
CIS13: Bootcamp: PingOne as a Simple Identity Service
CIS13: Bootcamp: PingOne as a Simple Identity ServiceCIS13: Bootcamp: PingOne as a Simple Identity Service
CIS13: Bootcamp: PingOne as a Simple Identity ServiceCloudIDSummit
 

Viewers also liked (20)

Interfacing Banner BEIS With Identity Management - Summit 2012
Interfacing Banner BEIS With Identity Management - Summit 2012Interfacing Banner BEIS With Identity Management - Summit 2012
Interfacing Banner BEIS With Identity Management - Summit 2012
 
Complete open source IAM solution
Complete open source IAM solutionComplete open source IAM solution
Complete open source IAM solution
 
Fortress Open Source IAM on LDAPv3
Fortress Open Source IAM on LDAPv3Fortress Open Source IAM on LDAPv3
Fortress Open Source IAM on LDAPv3
 
CIS13: Bootcamp: Ping Identity SAML in Action with PingFederate Hands-On
CIS13: Bootcamp: Ping Identity SAML in Action with PingFederate Hands-OnCIS13: Bootcamp: Ping Identity SAML in Action with PingFederate Hands-On
CIS13: Bootcamp: Ping Identity SAML in Action with PingFederate Hands-On
 
User Manager
User ManagerUser Manager
User Manager
 
Mt26 identity management as a service
Mt26 identity management as a serviceMt26 identity management as a service
Mt26 identity management as a service
 
CIS14: Lean In: Enterprise Cloud Identity
CIS14: Lean In: Enterprise Cloud IdentityCIS14: Lean In: Enterprise Cloud Identity
CIS14: Lean In: Enterprise Cloud Identity
 
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTION
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTIONIAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTION
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTION
 
HTTP fundamentals for developers
HTTP fundamentals for developersHTTP fundamentals for developers
HTTP fundamentals for developers
 
Identity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. MookheyIdentity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. Mookhey
 
CIS13: Authorization Agent (AZA) Mobile Protocol
CIS13: Authorization Agent (AZA) Mobile ProtocolCIS13: Authorization Agent (AZA) Mobile Protocol
CIS13: Authorization Agent (AZA) Mobile Protocol
 
Securing and Scaling SaaS
Securing and Scaling SaaSSecuring and Scaling SaaS
Securing and Scaling SaaS
 
Standardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIMStandardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIM
 
Denver Startup Week '15: Mobile SSO
Denver Startup Week '15: Mobile SSODenver Startup Week '15: Mobile SSO
Denver Startup Week '15: Mobile SSO
 
The Keys To A Successful Identity And Access Management Program: How Does You...
The Keys To A Successful Identity And Access Management Program: How Does You...The Keys To A Successful Identity And Access Management Program: How Does You...
The Keys To A Successful Identity And Access Management Program: How Does You...
 
Benchmarks on LDAP directories
Benchmarks on LDAP directoriesBenchmarks on LDAP directories
Benchmarks on LDAP directories
 
CIS13: Bootcamp: PingOne as a Simple Identity Service
CIS13: Bootcamp: PingOne as a Simple Identity ServiceCIS13: Bootcamp: PingOne as a Simple Identity Service
CIS13: Bootcamp: PingOne as a Simple Identity Service
 
Identity as a Service
Identity as a ServiceIdentity as a Service
Identity as a Service
 
IdM vs. IDaaS
IdM vs. IDaaSIdM vs. IDaaS
IdM vs. IDaaS
 
Ldap intro
Ldap introLdap intro
Ldap intro
 

Similar to Standardizing Identity Provisioning with SCIM

Jan19 scim webinar-04
Jan19 scim webinar-04Jan19 scim webinar-04
Jan19 scim webinar-04Paul Madsen
 
Cloud integration and tools
Cloud integration and toolsCloud integration and tools
Cloud integration and toolsI8Cstage
 
Take the spaghetti out of windows azure – an insight for it pro techies part 2
Take the spaghetti out of windows azure – an insight for it pro techies part 2Take the spaghetti out of windows azure – an insight for it pro techies part 2
Take the spaghetti out of windows azure – an insight for it pro techies part 2Microsoft TechNet - Belgium and Luxembourg
 
Scim2012 q1update chrisphillips
Scim2012 q1update chrisphillipsScim2012 q1update chrisphillips
Scim2012 q1update chrisphillipsChris Phillips
 
The Moving Code Project - Matthias Müller
The Moving Code Project - Matthias MüllerThe Moving Code Project - Matthias Müller
The Moving Code Project - Matthias MüllerLuis_de_Sousa
 
Windows Azure For Architects
Windows Azure For ArchitectsWindows Azure For Architects
Windows Azure For ArchitectsAnko Duizer
 
Mdd Lcds
Mdd LcdsMdd Lcds
Mdd Lcdsravinxg
 
Containerless in the Cloud with AWS Lambda
Containerless in the Cloud with AWS LambdaContainerless in the Cloud with AWS Lambda
Containerless in the Cloud with AWS LambdaRyan Cuprak
 
AWS Cloud School | London - Part 1
AWS Cloud School | London - Part 1AWS Cloud School | London - Part 1
AWS Cloud School | London - Part 1Amazon Web Services
 
Kluczowe elementy infrastruktury...
Kluczowe elementy infrastruktury...Kluczowe elementy infrastruktury...
Kluczowe elementy infrastruktury...Alicja Sieminska
 
Lessons Learned during IBM SmartCloud Orchestrator Deployment at a Large Tel...
Lessons Learned during IBM SmartCloud Orchestrator Deployment at a Large Tel...Lessons Learned during IBM SmartCloud Orchestrator Deployment at a Large Tel...
Lessons Learned during IBM SmartCloud Orchestrator Deployment at a Large Tel...Eduardo Patrocinio
 
Tech UG - Newcastle 09-17 - logic apps
Tech UG - Newcastle 09-17 - logic appsTech UG - Newcastle 09-17 - logic apps
Tech UG - Newcastle 09-17 - logic appsMichael Stephenson
 
Spring Cloud Services with Pivotal Cloud Foundry- Gokhan Goksu
Spring Cloud Services with Pivotal Cloud Foundry- Gokhan GoksuSpring Cloud Services with Pivotal Cloud Foundry- Gokhan Goksu
Spring Cloud Services with Pivotal Cloud Foundry- Gokhan GoksuVMware Tanzu
 
system automation, integration and recovery
system automation, integration and recoverysystem automation, integration and recovery
system automation, integration and recoveryDerek Chang
 
Accelerate Digital Transformation with IBM Cloud Private
Accelerate Digital Transformation with IBM Cloud PrivateAccelerate Digital Transformation with IBM Cloud Private
Accelerate Digital Transformation with IBM Cloud PrivateMichael Elder
 
Summer School Soa EAP Asanka 18 Jun
Summer School Soa EAP Asanka 18 JunSummer School Soa EAP Asanka 18 Jun
Summer School Soa EAP Asanka 18 JunWSO2
 
Cloud Computing Integration Introduction
Cloud Computing Integration IntroductionCloud Computing Integration Introduction
Cloud Computing Integration Introductiontoryharis
 

Similar to Standardizing Identity Provisioning with SCIM (20)

Jan19 scim webinar-04
Jan19 scim webinar-04Jan19 scim webinar-04
Jan19 scim webinar-04
 
PIM4Cloud
PIM4CloudPIM4Cloud
PIM4Cloud
 
Cloud integration and tools
Cloud integration and toolsCloud integration and tools
Cloud integration and tools
 
Take the spaghetti out of windows azure – an insight for it pro techies part 2
Take the spaghetti out of windows azure – an insight for it pro techies part 2Take the spaghetti out of windows azure – an insight for it pro techies part 2
Take the spaghetti out of windows azure – an insight for it pro techies part 2
 
Scim2012 q1update chrisphillips
Scim2012 q1update chrisphillipsScim2012 q1update chrisphillips
Scim2012 q1update chrisphillips
 
The Moving Code Project - Matthias Müller
The Moving Code Project - Matthias MüllerThe Moving Code Project - Matthias Müller
The Moving Code Project - Matthias Müller
 
Windows Azure For Architects
Windows Azure For ArchitectsWindows Azure For Architects
Windows Azure For Architects
 
Mdd Lcds
Mdd LcdsMdd Lcds
Mdd Lcds
 
Containerless in the Cloud with AWS Lambda
Containerless in the Cloud with AWS LambdaContainerless in the Cloud with AWS Lambda
Containerless in the Cloud with AWS Lambda
 
AWS Cloud School | London - Part 1
AWS Cloud School | London - Part 1AWS Cloud School | London - Part 1
AWS Cloud School | London - Part 1
 
Kluczowe elementy infrastruktury...
Kluczowe elementy infrastruktury...Kluczowe elementy infrastruktury...
Kluczowe elementy infrastruktury...
 
Lessons Learned during IBM SmartCloud Orchestrator Deployment at a Large Tel...
Lessons Learned during IBM SmartCloud Orchestrator Deployment at a Large Tel...Lessons Learned during IBM SmartCloud Orchestrator Deployment at a Large Tel...
Lessons Learned during IBM SmartCloud Orchestrator Deployment at a Large Tel...
 
Tech UG - Newcastle 09-17 - logic apps
Tech UG - Newcastle 09-17 - logic appsTech UG - Newcastle 09-17 - logic apps
Tech UG - Newcastle 09-17 - logic apps
 
Open sso fisl9.0
Open sso fisl9.0Open sso fisl9.0
Open sso fisl9.0
 
Spring Cloud Services with Pivotal Cloud Foundry- Gokhan Goksu
Spring Cloud Services with Pivotal Cloud Foundry- Gokhan GoksuSpring Cloud Services with Pivotal Cloud Foundry- Gokhan Goksu
Spring Cloud Services with Pivotal Cloud Foundry- Gokhan Goksu
 
system automation, integration and recovery
system automation, integration and recoverysystem automation, integration and recovery
system automation, integration and recovery
 
Accelerate Digital Transformation with IBM Cloud Private
Accelerate Digital Transformation with IBM Cloud PrivateAccelerate Digital Transformation with IBM Cloud Private
Accelerate Digital Transformation with IBM Cloud Private
 
Summer School Soa EAP Asanka 18 Jun
Summer School Soa EAP Asanka 18 JunSummer School Soa EAP Asanka 18 Jun
Summer School Soa EAP Asanka 18 Jun
 
Cloud Computing Integration Introduction
Cloud Computing Integration IntroductionCloud Computing Integration Introduction
Cloud Computing Integration Introduction
 
Microservices
MicroservicesMicroservices
Microservices
 

More from WSO2

Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2WSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformWSO2
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaWSO2
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingWSO2
 
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2
 
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and ApplicationsWSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and ApplicationsWSO2
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 

More from WSO2 (20)

Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the Cloud
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
 
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and ApplicationsWSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital Businesses
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 

Recently uploaded

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 

Recently uploaded (20)

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

Standardizing Identity Provisioning with SCIM

  • 2. Example – an employee joining WSO2 Provisioning system Other internal apps LDAP Other cloud apps/services Image courtesy : http://www.crn.com/slide-shows/applications-os/223800159/google-apps-marketplace-10-hot-cloud-applications.htm http://newmediasense.net/more-than-50-cloud-developers-commit-to-jive-apps-market%E2%84%A2/222888/
  • 3. What is it..? Creation, maintenance & deactivation of user accounts, in one or more systems or applications, in response to automated or interactive business processes. -Wikipedia
  • 4. Identifying the parties involved… CSU – cloud service user ECS – Enterprise Cloud Subscriber Provisioning system Other internal Other cloud apps apps/services LDAP CSP– cloud service provider
  • 5. Current approach... Provisioning system Other internal Other cloud apps/services apps LDAP
  • 6. Problems with current approach..  Rredundant integration efforts for ECS & CSP.  Maintenance nightmare of multiple connectors.  Complexity and cost.
  • 7. Solution would be a common protocol that everyone agrees on. Image courtesy : http://causerelatedmarketing.blogspot.com/2011/09/lets-bring-open-standards-to-practice.html
  • 8. 1. Authentication : SAML based WS-Trust & SSO, OpenID, OAuth 2. Authorization: XACML 3. Provisioning: SPML, WS-Provisioning, SCIM
  • 9. How open standard solves current problems..? LDAP Provisioning system Other internal Other cloud apps/services apps
  • 10. In a nutshell...  Emerging open standard.  REST API.  Platform neutral schema.  SAML binding.  Emphasis on simplicity and interoperability.
  • 11. In a nutshell...  REST API  resource endpoints  supported HTTP methods PROTOCOL
  • 12. In a nutshell...  REST API  SCIM REST API is relative to a base URL https://example.com/scim/v1/ PROTOCOL  Requests made via HTTP operations on a URL derived from the Base URL POST -> https://example.com/scim/v1/Users  JSON / XML formats
  • 13. In a nutshell...  Resource – collection of attributes.  Schema defines attributes. SCHEMA  SCIM Core Schema  Extension Model: Additive – similar to auxiliary object classes in LDAP.
  • 14. In a nutshell...  Other SCIM schemas  User Schema, Enterprise User Schema Extension SCHEMA  Group Schema  Service Provider Configuration Schema  Resource Schema
  • 15. In a nutshell...  Minimal user representation in JSON & XML formats. SCHEMA
  • 16. In a nutshell...  SCIM - SAML Mapping  Attributes SAML BINDING  SSO Assertion  AttributeQuery  Metadata
  • 17. Brief history…  Started in mid 2010.  Version 1.0 approved in Dec 2011.  Working on submitting to IETF.  Discussions made open at cloud-directory@googlegroups.com
  • 18. Platform neutral schema  Mandatory core schema with extension model.  Flexibility  Interoperability  Simplicity.
  • 19. REST API  Light weight with JSON support.  Avoids performance bottleneck on the connector.
  • 20. SAML Binding  Just In Time Provisioning with SSO.  Pull / Push based Identity Management.
  • 21. More...  Defined core + optional capabilities.  Based on existing deployments and standards - LDAP, SAML.  Several implementations.  Adoption by major cloud vendors.
  • 22. Identity Provisioning.  Value of open standards in the space of provisioning.  SCIM.  Why SCIM...?
  • 23.
  • 24. Security Considerations  Authentication and Authorization - OAuth2 bearer recommended. PROTOCOL  Should be over TLS  Password attribute not to be returned.
  • 25.  Automated Provisioning : SaaS 1 SCIM based (1) Create enterprise user account provisioning system HR Administrator (2)Create user (3)ok SaaS 2 Internal Apps
  • 26. Example – Creare User - Request PROTOCOL
  • 27. Example – Creare User - Response PROTOCOL
  • 28.  JIT provisioning with SSO - Pull Enterprise SaaS SSO IdP User Login SSO Redirect SAML Response SAML Attribute Query SCIM User Identity Create user account
  • 29. Example – SAML Attribute Query SAML Binding
  • 30.  Bulk UM Operations:  Initial imports of CSU accounts. SaaS LDAP  Scheduled synchronizations. SaaS LDAP
  • 31. Example : POST on Bulk endpoint PROTOCOL
  • 32.  Identity Synchronization:  Partial updates with PATCH  Conditional overwrites with ETag
  • 33. Example – PATCH PROTOCOL
  • 34.  Identity Retrieval:  Filtering  Conditional retrieval with Etag
  • 35.  Identity Retrieval:  Partial retrival – with “attributes” query parameter  Pagination GET /Users?startIndex=1&count=10  Sorting
  • 36. De-provisioning: (4)Delete user (1) Delete SCIM based SaaS user account enterprise (5)ok provisioning system (6)Request (7)Deny access (3)ok (2)Delete user Enterprise SSO IdP LDAP
  • 37. LDAP Provisioning system Internal apps Other cloud apps/services
  • 38. Identity Provisioning.  Value of open standards in the space of provisioning.  SCIM along with highlights from the spec.  Why SCIM...?  Use cases of SCIM in Identity Management solution.  Adoption of SCIM in WSO2 Identity Server and Stratos.
  • 39. http://www.simplecloud.info/  http://en.wikipedia.org/wiki/Provisioning#User_provisioning
  • 40.
  • 41. Selected Customers https://ail.google.com/mail/u/0/?ui=2&ik=ad9a e58f41&view=att&th=1331a70983344a32&atti d=0.1&disp=thd&realattid=f_gtxto6mk0&zw
  • 42. • QuickStart • Development Support • Development Services • Production Support • Turnkey Solutions • WSO2 Mobile Services Solution • WSO2 FIX Gateway Solution • WSO2 SAP Gateway Solution
  • 43. Contact Us…  bizdev@wso2.com