The System for Cross-domain Identity Management (SCIM) working group will standardize methods for creating, reading, searching, modifying, and deleting user identities and identity-related objects across administrative domains, with the goal of simplifying common tasks related to user identity management in services and applications.


"Standardize" does not necessarily mean that the working group will develop new technologies. The existing specifications for "SCIM 1.0" provide RESTful interfaces on top of HTTP rather than defining a new application protocol. That will be the basis for the new work. Today, distributed identity management across administrative domains is complicated by a lack of protocol and schema standardization between consumers and producers of identities.

This has led to a number of approaches, including error-prone manual administration and bulk file uploads, as well as proprietary protocols and mediation devices that must be adapted to each service for each organization. While there is existing work in the field, it has not been widely adopted for a variety of reasons, including a lack of common artifacts such as schema, toolsets, and libraries.

The SCIM working group will develop the core schema and interfaces based on HTTP and REST to address these problems. Initially, the group will focus on - a schema definition - a set of operations for creation, modification, and deletion of users - schema discovery - read and search - bulk operations - mapping between the inetOrgPerson LDAP object class (RFC 2798) and the SCIM schema

More in this category: « dprive 6lo »