Lessons learned from the design of the SCIM API

•Download as PPTX, PDF•

1 like•892 views

Erik Wahlström

Technology

Erik Wahlström
Technology Strategist
9/19/2013
3
Todays topics
 What is SCIM?
 What problems does it solve?
 Lessons learned.

Erik Wahlström
Technology Strategist
9/19/2013
4
System for Cross-domain Identity Management
 Enterprises are distributed.
 Life cycle management.
 Move users in and out of the cloud.

Erik Wahlström
Technology Strategist
9/19/2013
5
What does it do?
 Lightweight provisioning protocol.
 Defines a schema and a protocol.
 Developed by
Salesforce, Google, Cisco, UnboundID, Ping
Identity, Sailpoint, neXus, Microsoft, VMWare, Oracle
etc.

Erik Wahlström
Technology Strategist
9/19/2013
6
The SCIM players
 One server that need or creates data.
 Another server that stores data.
 A high level of trust between them.
 In Sweden, remember PuL (Personuppgiftslagen).
 User consents in Germany.

Erik Wahlström
Technology Strategist
9/19/2013
7
Synchronize
HRUsers

Erik Wahlström
Technology Strategist
9/19/2013
8
On demand provisioning
Users

Erik Wahlström
Technology Strategist
9/19/2013
9
Inter-clouds
Users

Erik Wahlström
Technology Strategist
9/19/2013
10
Before SCIM
 Everybody rolled there own
 Provisioning plugins
 SPML

Erik Wahlström
Technology Strategist
9/19/2013
11
neXus + SCIM = true
 Control of our users.
 Simplified single sign on.
 Important step for the cloud.
 Important step for privacy.

Erik Wahlström
Technology Strategist
9/19/2013
12
Schema and API

Erik Wahlström
Technology Strategist
9/19/2013
13
ResourceServiceProviderConfigs
Use
r
Group
EnterpriseUser
Schema

Erik Wahlström
Technology Strategist
9/19/2013
14

Erik Wahlström
Technology Strategist
9/19/2013
15
API
 REST based protocol
 cURL friendly
 Firewall friendly
 OAuth2 recommended
 SSL/TLS

Erik Wahlström
Technology Strategist
9/19/2013
16
API Endpoints and HTTP verbs
What End point Verb
User /Users GET, POST, PUT, PATCH, DELETE
Group /Groups GET, POST, PUT, PATCH, DELETE
Service Provider Configuration /ServiceProviderConfigs GET
Schema /Schemas GET
Bulk /Bulk POST

Erik Wahlström
Technology Strategist
9/19/2013
17

Erik Wahlström
Technology Strategist
9/19/2013
18

Erik Wahlström
Technology Strategist
9/19/2013
19

Erik Wahlström
Technology Strategist
9/19/2013
20

Erik Wahlström
Technology Strategist
9/19/2013
21
Other features in the API
 Filtering, paging and sorting
 User storages can be huge
 Filter language
 Discovery
 Schemas
 Service provider configurations

Erik Wahlström
Technology Strategist
9/19/2013
22
Lessons learned

Erik Wahlström
Technology Strategist
9/19/2013
23
Extensibility
80
20
00

Erik Wahlström
Technology Strategist
9/19/2013
24

Erik Wahlström
Technology Strategist
9/19/2013
25
Versioning of API and schema
 /v1/Users/erikw
 /v2/Users/erikw
 "schemas": ["urn:scim:schemas:core:1.0"],
 "schemas": ["urn:scim:schemas:core:2.0:User"]

Erik Wahlström
Technology Strategist
9/19/2013
26
Weak ETags for versioning of
data

Erik Wahlström
Technology Strategist
9/19/2013
27
Error handling

Erik Wahlström
Technology Strategist
9/19/2013
28
HTTP method overloading

Erik Wahlström
Technology Strategist
9/19/2013
29
Release

Erik Wahlström
Technology Strategist
9/19/2013
30
Changed and worked on in 2.0
 Reference resources
 Search using only identifier
 Search using POST
 A hum to drop XML.
 Integrations with OpenID Connect and SAML

Erik Wahlström
Technology Strategist
9/19/2013
31
More info and thanks.
 http://www.simplecloud.info
 https://tools.ietf.org/wg/scim/
 @erik_wahlstrom
 erik.wahlstrom@nexusgroup.com

Similar to Lessons learned from the design of the SCIM API

Open Server Summit 2016 : AppliedMicro Slides

Michael Major

CohesiveFT: Get started with public cloud It's time to explore the public cloud. Get familiar with Amazon's AWS EC2 compute and S3 storage. Demo and guides will prep you to do big things with hosting for your websites and apps! Part 1 Cloud & Virtualization: Welcome! We'll run through the basics of public vs. private cloud, the cloud marketplace, and why we picked AWS to demonstrate Hosted by: Margaret Walker, Marketing Specialist

CIW Lab with CoheisveFT: Get started in public cloud - Part 1 Cloud & Virtual...

Cohesive Networks

What is expected from Chief Cloud Officers?

Bernard Paques

IoT World Forum Press Conference - 10.14.2014

Bessie Wang

EOSC-hub: Dynamic On Demand Analysis Service

EOSC-hub project

Verilog HDL-Samir Palnitkar.pdf

Sreenivas Mude

Policy in OpenStack - Martin Casado, CTO, VMware - OpenStackSV 2014

Mirantis

PaaSword's main idea, technical architecture and scientific challenges

PaaSword EU Project

This presentation was created for a webinar on "Diagnostic Flash Application with OTX". Flash programming is a use case which In2Soft Diagnostic Tools support very well. Below are the list of use cases that are addressed through the webinar and elucidated using the presentation: • Designing flash screen with OTX • Performing diagnostic operations • Creating variables • Using loops & branches • Executing & debugging the application • Creating sophisticated HTML reports • Publishing the sequence for diagnostic engineers & testers

Webinar Presentation: Diagnostic Flash Application with OTX

KPIT

Eurotech assures a strong foundation for Machine-to-Machine applications by relying on leading industry partners like Oracle and Hitachi to provide the technology basis for device, network, and service abstraction as well as efficient development. That foundation with Eurotech’s long experience in delivering sophisticated M2M projects, coalesced into specifically designed M2M Multi-Service Gateways and a cloud-based M2M integration platform. These two pillars ensure successful and deterministic development and deployment of M2M solutions for a broad range of vertical markets.

Eurotech M2M Building Blocks and Multi-Service Gateway Approach

Eurotech

Security? It's simple. We have Security Team... Security of our environment, application, development it's their security. We follow Best Practices, we implementing their's suggestions (or not...). But maybe today, in June 2018, where GDPR is a fact, we should look a little bit more in details for the security aspects. Well know and less known risks, vulnerability assessments, secure coding, secure testing, Let's discuss: SEC/DEV/OPS/SDLC/OSSTMM/OWASP/ITIL and few other acronyms. Use freely available knowledge and specially prepared environment to check and test our security before we touch out Visual Studio, PowerShell, CLI, Visual Studio Code, or even JSON. Be #SecureByDesign

ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.

ITCamp

MajorProject_AnilSharma

Anil Sharma

Mitre ATT&CK by Mattias Almeflo Nixu

Nixu Corporation

UC18NA-D3D202-Dianomic-IZoratti-Introduction-To-FogLAMP.pdf

Wlamir Molinari

(Presented by CA Technologies) There are a lot of mainframes still out there, with a lot of data to back up and archive. CA Technologies (CA) is the largest mainframe software provider in the world. This session provides an overview and demo of CA’s Cloud Storage for System z solution used for mainframe storage backup to the AWS cloud. Traditional mainframe storage solutions are expensive and complex. For IT Directors, VPs of IT, VPs of Storage, and Storage Administrators, this session discusses how CA has partnered with AWS and Riverbed to provide an innovative solution that provides a low cost and secure solution for efficient backup and recovery of critical mainframe data. You see a demo of Chorus managing data flow from the mainframe to the cloud using the Riverbed Whitewater appliance. You also hear from a demanding customer, Mark Behrje, Sr. Director Global Information Services, CA Technologies, about how they implemented quickly, how much they’ve reduced their backup TCO, and lessons learned.

System z Mainframe Data with Amazon S3 and Amazon Glacier (ENT107) | AWS re:I...

Amazon Web Services

Perfil Corporativo FORENSE Tecnologia & Partners

Deivid Toledo

Internet of Things (IoT) Opportunity for Channels, VARs, MSPs, Resellers, All...

Jay McBain

AircraftIT MRO Journal Vol 3.3 Paper or Plastic?

Michael Denis

ABSTRACT Data protection is the process of safeguarding sensible information. Ensuring security becomes particularly relevant when data are used to manage operation of safety-critical systems. This is the case of MBDA, an European group with business focused on designing and producing missile systems to meet the needs of armed forces. In general, there are several technologies that allows to cover many aspects of data security: disk encryption protects them from theft, backup protects them from loss, secure erasure protects them from unwanted recovery. This thesis work is aimed to design and implement a system which allows to prevent unauthorized access to sensible data physically stored in one or more hard disks that could be lost or stolen. This problem cannot be solved with a standard disk encryption scheme that by default requires to pass an authentication phase by manually inserting a password. This is because those disks will be installed in a platform in which there is not the possibility to insert input. The proposed solution addresses this problem by designing and developing a remote data protection mechanism based on a different authentication process: at power on the disk sends to a remote server information about the hardware configuration in which it is installed. The server uses such information to check if that disk is working in the expected environment and based on that it sends back a response which allows or denies the decryption of its content. This means that if the disk is stolen and installed in a different platform, data inside it cannot be decrypted. In order to make this architecture secure, there are several challenges to be faced: encrypt the communication between client and server to avoid eavesdropping, authenticate the server to avoid identity spoofing, encrypt the list of allowed hardware configurations to avoid unauthorized access or modification, protect certificates and keys to prevent them being used by unauthorized entities.

Design and implementation of a solution for remote data protection in safety-...

davidepiccardi

IDS@BKM: Gaining Transparency in Automotive Supply Chains

Sebastian Opriel

Similar to Lessons learned from the design of the SCIM API (20)

Open Server Summit 2016 : AppliedMicro Slides

CIW Lab with CoheisveFT: Get started in public cloud - Part 1 Cloud & Virtual...

What is expected from Chief Cloud Officers?

IoT World Forum Press Conference - 10.14.2014

EOSC-hub: Dynamic On Demand Analysis Service

Verilog HDL-Samir Palnitkar.pdf

Policy in OpenStack - Martin Casado, CTO, VMware - OpenStackSV 2014

PaaSword's main idea, technical architecture and scientific challenges

Webinar Presentation: Diagnostic Flash Application with OTX

Eurotech M2M Building Blocks and Multi-Service Gateway Approach

ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.

MajorProject_AnilSharma

Mitre ATT&CK by Mattias Almeflo Nixu

UC18NA-D3D202-Dianomic-IZoratti-Introduction-To-FogLAMP.pdf

System z Mainframe Data with Amazon S3 and Amazon Glacier (ENT107) | AWS re:I...

Perfil Corporativo FORENSE Tecnologia & Partners

Internet of Things (IoT) Opportunity for Channels, VARs, MSPs, Resellers, All...

AircraftIT MRO Journal Vol 3.3 Paper or Plastic?

Design and implementation of a solution for remote data protection in safety-...

IDS@BKM: Gaining Transparency in Automotive Supply Chains

Recently uploaded

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

MINDCTI Revenue Release Quarter One 2024

MIND CTI

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

Discover the innovative features and strategic vision that keep WSO2 an industry leader. Explore the exciting 2024 roadmap of WSO2 API management, showcasing innovations, unified APIM/APK control plane, natural language API interaction, and cloud native agility. Discover how open source solutions, microservices architecture, and cloud native technologies unlock seamless API management in today's dynamic landscapes. Leave with a clear blueprint to revolutionize your API journey and achieve industry success!

WSO2's API Vision: Unifying Control, Empowering Developers

WSO2

In this keynote, Asanka Abeysinghe, CTO,WSO2 will explore the shift towards platformless technology ecosystems and their importance in driving digital adaptability and innovation. We will discuss strategies for leveraging decentralized architectures and integrating diverse technologies, with a focus on building resilient, flexible, and future-ready IT infrastructures. We will also highlight WSO2's roadmap, emphasizing our commitment to supporting this transformative journey with our evolving product suite.

Platformless Horizons for Digital Adaptability

WSO2

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Angeliki Cooney has spent over twenty years at the forefront of the life sciences industry, working out of Wynantskill, NY. She is highly regarded for her dedication to advancing the development and accessibility of innovative treatments for chronic diseases, rare disorders, and cancer. Her professional journey has centered on strategic consulting for biopharmaceutical companies, facilitating digital transformation, enhancing omnichannel engagement, and refining strategic commercial practices. Angeliki's innovative contributions include pioneering several software-as-a-service (SaaS) products for the life sciences sector, earning her three patents. As the Senior Vice President of Life Sciences at Avenga, Angeliki orchestrated the firm's strategic entry into the U.S. market. Avenga, a renowned digital engineering and consulting firm, partners with significant entities in the pharmaceutical and biotechnology fields. Her leadership was instrumental in expanding Avenga's client base and establishing its presence in the competitive U.S. market.

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Angeliki Cooney

Retrieval augmented generation (RAG) is the most popular style of large language model application to emerge from 2023. The most basic style of RAG works by vectorizing your data and injecting it into a vector database like Milvus for retrieval to augment the text output generated by an LLM. This is just the beginning. One of the ways that we can extend RAG, and extend AI, is through multilingual use cases. Typical RAG is done in English using embedding models that are trained in English. In this talk, we’ll explore how RAG could work in languages other than English. We’ll explore French, Chinese, and Polish.

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Zilliz

Dubai, known for its towering skyscrapers, luxurious lifestyle, and relentless pursuit of innovation, often finds itself in the global spotlight. However, amidst the glitz and glamour, the emirate faces its own set of challenges, including the occasional threat of flooding. In recent years, Dubai has experienced sporadic but significant floods, disrupting normalcy and posing unique challenges to its infrastructure. Among the critical nodes in this bustling metropolis is the Dubai International Airport, a vital hub connecting the world. This article delves into the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Orbitshub

Dubai, often portrayed as a shimmering oasis in the desert, faces its own set of challenges, including the occasional threat of flooding. Despite its reputation for opulence and modernity, the emirate is not immune to the forces of nature. In recent years, Dubai has experienced sporadic but significant floods, testing the resilience of its infrastructure and communities. Among the critical lifelines in this bustling metropolis is the Dubai International Airport, a bustling hub that connects the city to the world. This article explores the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Orbitshub

FWD Group - Insurer Innovation Award 2024

The Digital Insurer

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

Six Myths about Ontologies: The Basics of Formal Ontology

johnbeverley2021

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Recently uploaded (20)

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Why Teams call analytics are critical to your entire business

MINDCTI Revenue Release Quarter One 2024

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

WSO2's API Vision: Unifying Control, Empowering Developers

Platformless Horizons for Digital Adaptability

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Artificial Intelligence Chap.5 : Uncertainty

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

FWD Group - Insurer Innovation Award 2024

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Six Myths about Ontologies: The Basics of Formal Ontology

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Lessons learned from the design of the SCIM API

1. Erik Wahlström Technology Strategist 9/19/2013 1

2. Erik Wahlström Technology Strategist 9/19/2013 2 Lessons learned from the design of the SCIM API

3. Erik Wahlström Technology Strategist 9/19/2013 3 Todays topics  What is SCIM?  What problems does it solve?  Lessons learned.

4. Erik Wahlström Technology Strategist 9/19/2013 4 System for Cross-domain Identity Management  Enterprises are distributed.  Life cycle management.  Move users in and out of the cloud.

5. Erik Wahlström Technology Strategist 9/19/2013 5 What does it do?  Lightweight provisioning protocol.  Defines a schema and a protocol.  Developed by Salesforce, Google, Cisco, UnboundID, Ping Identity, Sailpoint, neXus, Microsoft, VMWare, Oracle etc.

6. Erik Wahlström Technology Strategist 9/19/2013 6 The SCIM players  One server that need or creates data.  Another server that stores data.  A high level of trust between them.  In Sweden, remember PuL (Personuppgiftslagen).  User consents in Germany.

7. Erik Wahlström Technology Strategist 9/19/2013 7 Synchronize HRUsers

8. Erik Wahlström Technology Strategist 9/19/2013 8 On demand provisioning Users

9. Erik Wahlström Technology Strategist 9/19/2013 9 Inter-clouds Users

10. Erik Wahlström Technology Strategist 9/19/2013 10 Before SCIM  Everybody rolled there own  Provisioning plugins  SPML

11. Erik Wahlström Technology Strategist 9/19/2013 11 neXus + SCIM = true  Control of our users.  Simplified single sign on.  Important step for the cloud.  Important step for privacy.

12. Erik Wahlström Technology Strategist 9/19/2013 12 Schema and API

13. Erik Wahlström Technology Strategist 9/19/2013 13 ResourceServiceProviderConfigs Use r Group EnterpriseUser Schema

14. Erik Wahlström Technology Strategist 9/19/2013 14

15. Erik Wahlström Technology Strategist 9/19/2013 15 API  REST based protocol  cURL friendly  Firewall friendly  OAuth2 recommended  SSL/TLS

16. Erik Wahlström Technology Strategist 9/19/2013 16 API Endpoints and HTTP verbs What End point Verb User /Users GET, POST, PUT, PATCH, DELETE Group /Groups GET, POST, PUT, PATCH, DELETE Service Provider Configuration /ServiceProviderConfigs GET Schema /Schemas GET Bulk /Bulk POST

17. Erik Wahlström Technology Strategist 9/19/2013 17

18. Erik Wahlström Technology Strategist 9/19/2013 18

19. Erik Wahlström Technology Strategist 9/19/2013 19

20. Erik Wahlström Technology Strategist 9/19/2013 20

21. Erik Wahlström Technology Strategist 9/19/2013 21 Other features in the API  Filtering, paging and sorting  User storages can be huge  Filter language  Discovery  Schemas  Service provider configurations

22. Erik Wahlström Technology Strategist 9/19/2013 22 Lessons learned

23. Erik Wahlström Technology Strategist 9/19/2013 23 Extensibility 80 20 00

24. Erik Wahlström Technology Strategist 9/19/2013 24

25. Erik Wahlström Technology Strategist 9/19/2013 25 Versioning of API and schema  /v1/Users/erikw  /v2/Users/erikw  "schemas": ["urn:scim:schemas:core:1.0"],  "schemas": ["urn:scim:schemas:core:2.0:User"]

26. Erik Wahlström Technology Strategist 9/19/2013 26 Weak ETags for versioning of data

27. Erik Wahlström Technology Strategist 9/19/2013 27 Error handling

28. Erik Wahlström Technology Strategist 9/19/2013 28 HTTP method overloading

29. Erik Wahlström Technology Strategist 9/19/2013 29 Release

30. Erik Wahlström Technology Strategist 9/19/2013 30 Changed and worked on in 2.0  Reference resources  Search using only identifier  Search using POST  A hum to drop XML.  Integrations with OpenID Connect and SAML

31. Erik Wahlström Technology Strategist 9/19/2013 31 More info and thanks.  http://www.simplecloud.info  https://tools.ietf.org/wg/scim/  @erik_wahlstrom  erik.wahlstrom@nexusgroup.com

Lessons learned from the design of the SCIM API

Recommended

Recommended

More Related Content

Similar to Lessons learned from the design of the SCIM API

Similar to Lessons learned from the design of the SCIM API (20)

Recently uploaded

Recently uploaded (20)

Lessons learned from the design of the SCIM API