Lessons learned from the design of the SCIM API

•Als PPTX, PDF herunterladen•

1 gefällt mir•892 views

Erik Wahlström

Technologie

Erik Wahlström
Technology Strategist
9/19/2013
2
Lessons learned from the design
of the SCIM API

Erik Wahlström
Technology Strategist
9/19/2013
3
Todays topics
 What is SCIM?
 What problems does it solve?
 Lessons learned.

Erik Wahlström
Technology Strategist
9/19/2013
4
System for Cross-domain Identity Management
 Enterprises are distributed.
 Life cycle management.
 Move users in and out of the cloud.

Erik Wahlström
Technology Strategist
9/19/2013
5
What does it do?
 Lightweight provisioning protocol.
 Defines a schema and a protocol.
 Developed by
Salesforce, Google, Cisco, UnboundID, Ping
Identity, Sailpoint, neXus, Microsoft, VMWare, Oracle
etc.

Erik Wahlström
Technology Strategist
9/19/2013
6
The SCIM players
 One server that need or creates data.
 Another server that stores data.
 A high level of trust between them.
 In Sweden, remember PuL (Personuppgiftslagen).
 User consents in Germany.

Erik Wahlström
Technology Strategist
9/19/2013
7
Synchronize
HRUsers

Erik Wahlström
Technology Strategist
9/19/2013
8
On demand provisioning
Users

Erik Wahlström
Technology Strategist
9/19/2013
9
Inter-clouds
Users

Erik Wahlström
Technology Strategist
9/19/2013
10
Before SCIM
 Everybody rolled there own
 Provisioning plugins
 SPML

Erik Wahlström
Technology Strategist
9/19/2013
11
neXus + SCIM = true
 Control of our users.
 Simplified single sign on.
 Important step for the cloud.
 Important step for privacy.

Erik Wahlström
Technology Strategist
9/19/2013
12
Schema and API

Erik Wahlström
Technology Strategist
9/19/2013
13
ResourceServiceProviderConfigs
Use
r
Group
EnterpriseUser
Schema

Erik Wahlström
Technology Strategist
9/19/2013
14

Erik Wahlström
Technology Strategist
9/19/2013
15
API
 REST based protocol
 cURL friendly
 Firewall friendly
 OAuth2 recommended
 SSL/TLS

Erik Wahlström
Technology Strategist
9/19/2013
16
API Endpoints and HTTP verbs
What End point Verb
User /Users GET, POST, PUT, PATCH, DELETE
Group /Groups GET, POST, PUT, PATCH, DELETE
Service Provider Configuration /ServiceProviderConfigs GET
Schema /Schemas GET
Bulk /Bulk POST

Erik Wahlström
Technology Strategist
9/19/2013
17

Erik Wahlström
Technology Strategist
9/19/2013
18

Erik Wahlström
Technology Strategist
9/19/2013
19

Erik Wahlström
Technology Strategist
9/19/2013
20

Erik Wahlström
Technology Strategist
9/19/2013
21
Other features in the API
 Filtering, paging and sorting
 User storages can be huge
 Filter language
 Discovery
 Schemas
 Service provider configurations

Erik Wahlström
Technology Strategist
9/19/2013
22
Lessons learned

Erik Wahlström
Technology Strategist
9/19/2013
23
Extensibility
80
20
00

Erik Wahlström
Technology Strategist
9/19/2013
24

Erik Wahlström
Technology Strategist
9/19/2013
25
Versioning of API and schema
 /v1/Users/erikw
 /v2/Users/erikw
 "schemas": ["urn:scim:schemas:core:1.0"],
 "schemas": ["urn:scim:schemas:core:2.0:User"]

Erik Wahlström
Technology Strategist
9/19/2013
26
Weak ETags for versioning of
data

Erik Wahlström
Technology Strategist
9/19/2013
27
Error handling

Erik Wahlström
Technology Strategist
9/19/2013
28
HTTP method overloading

Erik Wahlström
Technology Strategist
9/19/2013
29
Release

Erik Wahlström
Technology Strategist
9/19/2013
30
Changed and worked on in 2.0
 Reference resources
 Search using only identifier
 Search using POST
 A hum to drop XML.
 Integrations with OpenID Connect and SAML

Erik Wahlström
Technology Strategist
9/19/2013
31
More info and thanks.
 http://www.simplecloud.info
 https://tools.ietf.org/wg/scim/
 @erik_wahlstrom
 erik.wahlstrom@nexusgroup.com

Weitere ähnliche Inhalte

Ähnlich wie Lessons learned from the design of the SCIM API

Open Server Summit 2016 : AppliedMicro Slides

Michael Major

CohesiveFT: Get started with public cloud It's time to explore the public cloud. Get familiar with Amazon's AWS EC2 compute and S3 storage. Demo and guides will prep you to do big things with hosting for your websites and apps! Part 1 Cloud & Virtualization: Welcome! We'll run through the basics of public vs. private cloud, the cloud marketplace, and why we picked AWS to demonstrate Hosted by: Margaret Walker, Marketing Specialist

CIW Lab with CoheisveFT: Get started in public cloud - Part 1 Cloud & Virtual...

Cohesive Networks

What is expected from Chief Cloud Officers?

Bernard Paques

IoT World Forum Press Conference - 10.14.2014

Bessie Wang

EOSC-hub: Dynamic On Demand Analysis Service

EOSC-hub project

Verilog HDL-Samir Palnitkar.pdf

Sreenivas Mude

Policy in OpenStack - Martin Casado, CTO, VMware - OpenStackSV 2014

Mirantis

PaaSword's main idea, technical architecture and scientific challenges

PaaSword EU Project

This presentation was created for a webinar on "Diagnostic Flash Application with OTX". Flash programming is a use case which In2Soft Diagnostic Tools support very well. Below are the list of use cases that are addressed through the webinar and elucidated using the presentation: • Designing flash screen with OTX • Performing diagnostic operations • Creating variables • Using loops & branches • Executing & debugging the application • Creating sophisticated HTML reports • Publishing the sequence for diagnostic engineers & testers

Webinar Presentation: Diagnostic Flash Application with OTX

KPIT

Eurotech assures a strong foundation for Machine-to-Machine applications by relying on leading industry partners like Oracle and Hitachi to provide the technology basis for device, network, and service abstraction as well as efficient development. That foundation with Eurotech’s long experience in delivering sophisticated M2M projects, coalesced into specifically designed M2M Multi-Service Gateways and a cloud-based M2M integration platform. These two pillars ensure successful and deterministic development and deployment of M2M solutions for a broad range of vertical markets.

Eurotech M2M Building Blocks and Multi-Service Gateway Approach

Eurotech

Security? It's simple. We have Security Team... Security of our environment, application, development it's their security. We follow Best Practices, we implementing their's suggestions (or not...). But maybe today, in June 2018, where GDPR is a fact, we should look a little bit more in details for the security aspects. Well know and less known risks, vulnerability assessments, secure coding, secure testing, Let's discuss: SEC/DEV/OPS/SDLC/OSSTMM/OWASP/ITIL and few other acronyms. Use freely available knowledge and specially prepared environment to check and test our security before we touch out Visual Studio, PowerShell, CLI, Visual Studio Code, or even JSON. Be #SecureByDesign

ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.

ITCamp

MajorProject_AnilSharma

Anil Sharma

Mitre ATT&CK by Mattias Almeflo Nixu

Nixu Corporation

UC18NA-D3D202-Dianomic-IZoratti-Introduction-To-FogLAMP.pdf

Wlamir Molinari

(Presented by CA Technologies) There are a lot of mainframes still out there, with a lot of data to back up and archive. CA Technologies (CA) is the largest mainframe software provider in the world. This session provides an overview and demo of CA’s Cloud Storage for System z solution used for mainframe storage backup to the AWS cloud. Traditional mainframe storage solutions are expensive and complex. For IT Directors, VPs of IT, VPs of Storage, and Storage Administrators, this session discusses how CA has partnered with AWS and Riverbed to provide an innovative solution that provides a low cost and secure solution for efficient backup and recovery of critical mainframe data. You see a demo of Chorus managing data flow from the mainframe to the cloud using the Riverbed Whitewater appliance. You also hear from a demanding customer, Mark Behrje, Sr. Director Global Information Services, CA Technologies, about how they implemented quickly, how much they’ve reduced their backup TCO, and lessons learned.

System z Mainframe Data with Amazon S3 and Amazon Glacier (ENT107) | AWS re:I...

Amazon Web Services

Perfil Corporativo FORENSE Tecnologia & Partners

Deivid Toledo

Internet of Things (IoT) Opportunity for Channels, VARs, MSPs, Resellers, All...

Jay McBain

AircraftIT MRO Journal Vol 3.3 Paper or Plastic?

Michael Denis

ABSTRACT Data protection is the process of safeguarding sensible information. Ensuring security becomes particularly relevant when data are used to manage operation of safety-critical systems. This is the case of MBDA, an European group with business focused on designing and producing missile systems to meet the needs of armed forces. In general, there are several technologies that allows to cover many aspects of data security: disk encryption protects them from theft, backup protects them from loss, secure erasure protects them from unwanted recovery. This thesis work is aimed to design and implement a system which allows to prevent unauthorized access to sensible data physically stored in one or more hard disks that could be lost or stolen. This problem cannot be solved with a standard disk encryption scheme that by default requires to pass an authentication phase by manually inserting a password. This is because those disks will be installed in a platform in which there is not the possibility to insert input. The proposed solution addresses this problem by designing and developing a remote data protection mechanism based on a different authentication process: at power on the disk sends to a remote server information about the hardware configuration in which it is installed. The server uses such information to check if that disk is working in the expected environment and based on that it sends back a response which allows or denies the decryption of its content. This means that if the disk is stolen and installed in a different platform, data inside it cannot be decrypted. In order to make this architecture secure, there are several challenges to be faced: encrypt the communication between client and server to avoid eavesdropping, authenticate the server to avoid identity spoofing, encrypt the list of allowed hardware configurations to avoid unauthorized access or modification, protect certificates and keys to prevent them being used by unauthorized entities.

Design and implementation of a solution for remote data protection in safety-...

davidepiccardi

IDS@BKM: Gaining Transparency in Automotive Supply Chains

Sebastian Opriel

Ähnlich wie Lessons learned from the design of the SCIM API (20)

Open Server Summit 2016 : AppliedMicro Slides

CIW Lab with CoheisveFT: Get started in public cloud - Part 1 Cloud & Virtual...

What is expected from Chief Cloud Officers?

IoT World Forum Press Conference - 10.14.2014

EOSC-hub: Dynamic On Demand Analysis Service

Verilog HDL-Samir Palnitkar.pdf

Policy in OpenStack - Martin Casado, CTO, VMware - OpenStackSV 2014

PaaSword's main idea, technical architecture and scientific challenges

Webinar Presentation: Diagnostic Flash Application with OTX

Eurotech M2M Building Blocks and Multi-Service Gateway Approach

ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.

MajorProject_AnilSharma

Mitre ATT&CK by Mattias Almeflo Nixu

UC18NA-D3D202-Dianomic-IZoratti-Introduction-To-FogLAMP.pdf

System z Mainframe Data with Amazon S3 and Amazon Glacier (ENT107) | AWS re:I...

Perfil Corporativo FORENSE Tecnologia & Partners

Internet of Things (IoT) Opportunity for Channels, VARs, MSPs, Resellers, All...

AircraftIT MRO Journal Vol 3.3 Paper or Plastic?

Design and implementation of a solution for remote data protection in safety-...

IDS@BKM: Gaining Transparency in Automotive Supply Chains

Kürzlich hochgeladen

WebRTC and SIP not just audio and video @ OpenSIPS 2024

Lorenzo Miniero

Revolutionizing SAP® Processes with Automation and Artificial Intelligence

Precisely

Because observability is such a broad topic – and often something we learn on the job – it can feel like there’s too much to learn at once. But you don’t have to tackle everything and can start with the basics and build from there! Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. No matter what tooling is in place, there are still observability fundamentals that developers should know. That’s why I’ve put together a primer on the different telemetry types, when to use them, how to understand the data journey, and what to look for in time series graphs.

Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)

Paige Cruz

Discover the top CodeIgniter development companies that can elevate your project to new heights. Our blog explores the best firms known for their expertise in CodeIgniter framework development. From robust web applications to scalable solutions, these companies deliver excellence. Whether you're a startup or an enterprise, find the perfect match for your development needs on Top CSS Gallery's blog.

Top 10 CodeIgniter Development Companies

TopCSSGallery

Introduction to FIDO Authentication and Passkeys.pptx

FIDO Alliance

Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx

FIDO Alliance

ADP Passwordless Journey Case Study.pptx

FIDO Alliance

Microsoft CSP Briefing Pre-Engagement - Questionnaire

Exakis Nelite

Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots

Leah Henrickson

Portal Kombat : extension du réseau de propagande russe

中央社

Google I/O Extended 2024 Warsaw

GDSC PJATK

Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx

MasterG

How to Check CNIC Information Online with Pakdata cf

danishmna97

ERP Contender Series: Acumatica vs. Sage Intacct

BrainSell Technologies

Design Guidelines for Passkeys 2024.pptx

FIDO Alliance

Webinar Recording: https://www.panagenda.com/webinars/alles-neu-macht-der-mai-wir-durchleuchten-den-verbesserten-notes-eigenschaftendialog/ Haben Sie sich schon einmal über den zu kleinen Eigenschaftendialog in Notes geärgert? Mussten Sie einen Agenten oder eine Aktion erstellen, um schnell mal ein Feld zu ändern? Haben Sie jedes mal endlos nach dem zu vergleichenden Feld gesucht, nachdem Sie ein neues Dokument ausgewählt haben? Wollten Sie das verdammte Ding einfach nur größer machen? Zum Glück gibt es dafür eine Lösung – und sie ist wahrscheinlich bereits installiert! Mit dem kostenlosen panagenda Document Properties (Pro) erhalten Sie den Eigenschaftendialog, den Sie schon immer haben wollten. Größer, anpassbar, und im Volltext durchsuchbar. Sehen Sie mehrere Dokumente gleichzeitig oder vergleichen Sie mit einem Diff-Viewer. Ändern Sie beliebige Felder und haben Sie endlich eine einfache Möglichkeit, Profildokumente für alle Benutzer zu verwalten. Entdecken Sie mit HCL Ambassador Marc Thomas, wie Document Properties Ihre Arbeit vereinfachen und Sie bei der täglichen Verwendung von Domino-Anwendungen unterstützen kann – im Client oder im Designer. Sie werden es nicht bereuen! Für Sie in diesem Webinar - Was Document Properties ist, welche Editionen es gibt und wo es in Notes und Domino Designer zu finden ist - Wie Sie nach einem beliebigen Feld suchen und es bearbeiten, Dokumente vergleichen oder alle Daten per CSV exportieren können - Suchen, Bearbeiten und auch Löschen von Profildokumenten - Welche Konfigurationseinstellungen verfügbar sind, um Funktionen anzupassen - Wie Ihre Endbenutzer davon profitieren - Sehen Sie alles in einer Live-Demo

Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...

panagenda

Join me in this session where I'll share our journey of building a fully serverless application that flawlessly managed check-ins for an event with a staggering 80 thousand registrations. We'll dive into three key strategies that made this possible. Firstly, by harnessing DynamoDB global tables, we ensured global service availability and data replication across regions, boosting performance and disaster recovery. Next, we'll explore how we seamlessly integrated real-time updates into the app using Appsync subscriptions, making the experience dynamic and engaging for users. Finally, I'll discuss how provisioned concurrency not only improved performance but also kept costs in check, highlighting the cost-effectiveness of serverless architectures. Through these strategies and the inherent scalability of serverless technology, our application effortlessly handled massive user loads without manual intervention. This session is a real world example to the power and efficiency of modern cloud-based solutions in enabling seamless scalability and robust performance with Serverless

How we scaled to 80K users by doing nothing!.pdf

Srushith Repakula

Hyatt driving innovation and exceptional customer experiences with FIDO passw...

FIDO Alliance

In today's digital world, trust is key to customer relationships, but keeping it is a huge challenge. Customers are well-informed and empowered, quick to change brands if their trust is broken, even if it costs them more. This puts a lot of pressure on organizations to handle trust and safety issues with great care and transparency. The challenge, however, is real. Fragmented solutions have left privacy, legal, and security teams in a perpetual cycle of catch-up, struggling to update privacy notices, manage customer data rights, and answer lengthy security questionnaires—all while trying to prove ROI to the business. It's a thankless job, filled with repetition, tedious tasks, and constant interdepartmental coordination. Combine this with fast regulatory changes and the quick evolution of AI, and it becomes overwhelming. Join this webinar to learn more about TrustArc's new innovative solution Trust Center, the only unified, no-code online hub for trust and safety information built for privacy, security, compliance, and legal teams. Trust Center streamlines your path to compliance, shortens the pre-sales cycle, and reduces both legal and regulatory risks, saving time, effort, and cost. This webinar will review: - Why companies are building unified Trust Centers for a robust privacy program. - How unified Trust Centers streamline sales cycles, ensure regulatory compliance, and reduce operational bottlenecks. - How compliance, legal, security, GRC, and privacy teams benefit from a unified Trust Center in terms of needs, pains, and outcomes. - How TrustArc Trust Center saves time and work while reducing legal, reputational, and compliance risk by effectively managing policies, notices, terms, and disclosures, and providing real-time updates on subprocessors.

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...

TrustArc

AI mind or machine power point presentation

yogeshlabana357357

Kürzlich hochgeladen (20)

WebRTC and SIP not just audio and video @ OpenSIPS 2024

Revolutionizing SAP® Processes with Automation and Artificial Intelligence

Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)

Top 10 CodeIgniter Development Companies

Introduction to FIDO Authentication and Passkeys.pptx

Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx

ADP Passwordless Journey Case Study.pptx

Microsoft CSP Briefing Pre-Engagement - Questionnaire

Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots

Portal Kombat : extension du réseau de propagande russe

Google I/O Extended 2024 Warsaw

Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx

How to Check CNIC Information Online with Pakdata cf

ERP Contender Series: Acumatica vs. Sage Intacct

Design Guidelines for Passkeys 2024.pptx

Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...

How we scaled to 80K users by doing nothing!.pdf

Hyatt driving innovation and exceptional customer experiences with FIDO passw...

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...

AI mind or machine power point presentation

Lessons learned from the design of the SCIM API

1. Erik Wahlström Technology Strategist 9/19/2013 1

2. Erik Wahlström Technology Strategist 9/19/2013 2 Lessons learned from the design of the SCIM API

3. Erik Wahlström Technology Strategist 9/19/2013 3 Todays topics  What is SCIM?  What problems does it solve?  Lessons learned.

4. Erik Wahlström Technology Strategist 9/19/2013 4 System for Cross-domain Identity Management  Enterprises are distributed.  Life cycle management.  Move users in and out of the cloud.

5. Erik Wahlström Technology Strategist 9/19/2013 5 What does it do?  Lightweight provisioning protocol.  Defines a schema and a protocol.  Developed by Salesforce, Google, Cisco, UnboundID, Ping Identity, Sailpoint, neXus, Microsoft, VMWare, Oracle etc.

6. Erik Wahlström Technology Strategist 9/19/2013 6 The SCIM players  One server that need or creates data.  Another server that stores data.  A high level of trust between them.  In Sweden, remember PuL (Personuppgiftslagen).  User consents in Germany.

7. Erik Wahlström Technology Strategist 9/19/2013 7 Synchronize HRUsers

8. Erik Wahlström Technology Strategist 9/19/2013 8 On demand provisioning Users

9. Erik Wahlström Technology Strategist 9/19/2013 9 Inter-clouds Users

10. Erik Wahlström Technology Strategist 9/19/2013 10 Before SCIM  Everybody rolled there own  Provisioning plugins  SPML

11. Erik Wahlström Technology Strategist 9/19/2013 11 neXus + SCIM = true  Control of our users.  Simplified single sign on.  Important step for the cloud.  Important step for privacy.

12. Erik Wahlström Technology Strategist 9/19/2013 12 Schema and API

13. Erik Wahlström Technology Strategist 9/19/2013 13 ResourceServiceProviderConfigs Use r Group EnterpriseUser Schema

14. Erik Wahlström Technology Strategist 9/19/2013 14

15. Erik Wahlström Technology Strategist 9/19/2013 15 API  REST based protocol  cURL friendly  Firewall friendly  OAuth2 recommended  SSL/TLS

16. Erik Wahlström Technology Strategist 9/19/2013 16 API Endpoints and HTTP verbs What End point Verb User /Users GET, POST, PUT, PATCH, DELETE Group /Groups GET, POST, PUT, PATCH, DELETE Service Provider Configuration /ServiceProviderConfigs GET Schema /Schemas GET Bulk /Bulk POST

17. Erik Wahlström Technology Strategist 9/19/2013 17

18. Erik Wahlström Technology Strategist 9/19/2013 18

19. Erik Wahlström Technology Strategist 9/19/2013 19

20. Erik Wahlström Technology Strategist 9/19/2013 20

21. Erik Wahlström Technology Strategist 9/19/2013 21 Other features in the API  Filtering, paging and sorting  User storages can be huge  Filter language  Discovery  Schemas  Service provider configurations

22. Erik Wahlström Technology Strategist 9/19/2013 22 Lessons learned

23. Erik Wahlström Technology Strategist 9/19/2013 23 Extensibility 80 20 00

24. Erik Wahlström Technology Strategist 9/19/2013 24

25. Erik Wahlström Technology Strategist 9/19/2013 25 Versioning of API and schema  /v1/Users/erikw  /v2/Users/erikw  "schemas": ["urn:scim:schemas:core:1.0"],  "schemas": ["urn:scim:schemas:core:2.0:User"]

26. Erik Wahlström Technology Strategist 9/19/2013 26 Weak ETags for versioning of data

27. Erik Wahlström Technology Strategist 9/19/2013 27 Error handling

28. Erik Wahlström Technology Strategist 9/19/2013 28 HTTP method overloading

29. Erik Wahlström Technology Strategist 9/19/2013 29 Release

30. Erik Wahlström Technology Strategist 9/19/2013 30 Changed and worked on in 2.0  Reference resources  Search using only identifier  Search using POST  A hum to drop XML.  Integrations with OpenID Connect and SAML

31. Erik Wahlström Technology Strategist 9/19/2013 31 More info and thanks.  http://www.simplecloud.info  https://tools.ietf.org/wg/scim/  @erik_wahlstrom  erik.wahlstrom@nexusgroup.com

Lessons learned from the design of the SCIM API

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Ähnlich wie Lessons learned from the design of the SCIM API

Ähnlich wie Lessons learned from the design of the SCIM API (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Lessons learned from the design of the SCIM API