[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [provision] FYI: Simple Cloud Identity Management (SCIM)
The major attraction of SCIM appears to be REST. That, and the chance to make a fresh start (which sometimes amounts to the grass being greener). There was also talk of managing the life-cycle of identities, and of managing access. That amounts to a standard schema or to the *functional* equivalent of a standard schema. In case that statement is unclear, the Password Capability in SPMLv2 is an attempt to abstract password management as functions or methods or operations rather than as a set of attributes (e.g., "password", "passwordExpireDate"). The Identity Connector Framework took the opposite approach of predefining certain object-classes and attributes: a connector that declares one of those "reserved words" in its schema opts into the contract for that object-class or attribute. It's not terribly difficult to define a RESTful interface that addresses the use-cases for identity management. I've done it before in a way that was generic enough to support users with accounts on many different types of applications. I imagine that one also could define a RESTful interface that manages access. Getting people to agree on any particular representation is more difficult; this was the main problem that beset the standard schema effort. Standards are like treaties; vendors must have more to gain by cooperative competition than by proprietary competition in order to adopt a standard meaningfully. Google seems happy enough with its proprietary API, according to the article. We'd have to see how interested the SCIM community would be in having our help--and whether in fact that would be considered helpful. Gary On Apr 25, 2011, at 9:38 AM, Richard Sand wrote: > Well we knew this was coming... > > It doesn't surprise me that this effort is underway, only that it > took them so long to get started. Google's existing API has a decent > REST interface that supports the basic CRUD operations on users, > groups, and roles, but uses a somewhat clumsy XML payload which was > not actually intended for purposes of provisioning. OpenPTK (which I > believe is backed by Oracle) also has a REST interface that can use > SPML payload amongst others. > > I guess on the call today we can have a discussion about where we go > from here. > > Richard Sand | CEO > 239 Kings Highway East | Haddonfield | New Jersey 08033 | USA > Mobile: +1 267 984 3651| Office: +1 856 795 1722| Fax: +1 856 795 1733 > > > > > -----Original Message----- > From: John, Anil [mailto:Anil.John@jhuapl.edu] > Sent: Monday, April 25, 2011 9:57 AM > To: provision@lists.oasis-open.org > Subject: [provision] FYI: Simple Cloud Identity Management (SCIM) > > From SPML churn rises new crack at provisioning standard > http://www.pingidentity.com/blogs/pingtalk/index.cfm/2011/4/22/SPML-churn-leaves-provisioning-proprietary > > SCIM - will SPML shortcomings be reinvented? > http://blogs.kuppingercole.com/kuppinger/2011/04/23/scim-will-spml-shortcomings-be-reinvented/ > > Regards, > > - Anil > > :- > :- Anil John > :- Johns Hopkins University - APL > :- http://www.jhuapl.edu > :- +1 240.228.0612 > :- > :- E-Mail Response Time: 24 hrs > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]