Ping Identity > Blogs > PingTalk 

PingTalk Blog

SCIM interop shows specification coming to life

(Updated with comment from UnboundID)

Mountain View, Calif. - The group developing a specification to support open cloud provisioning completed its first interoperability test Wednesday with five vendors linking their implementations and exchanging user data.

The Simple Cloud Identity Management (SCIM) protocol, first unveiled in May at the Internet Identity Workshop (IIW), returned to that same venue to test what they have been building.

"Short of a few minor issues discovered during the interop, the specification is nearly ready for 1.0 status and an expanded conversation with the broader identity community,” said Nicholas Crown, director of product marketing at UnboundID. 

SCIM is a data access protocol for provisioning and managing user identity in the cloud. It supports creating, editing, deleting, querying and retrieving user resources. The intent is to create a fast and efficient way for enterprises to provide access to cloud services.

For years, cloud providers have been touting how easy and cost effective it is to adopt online services. The behind-the-scenes enterprise pain, however, is user management, namely provisioning and deprovisioning users into and out of those environments.

Wednesday, Nexus, SailPoint, Salesforce.com, UnboundID and Ping Identity linked their wares via SCIM messages formatted in either XML or JavaScript Object Notation (JSON) and began sharing user data. The data exchange was secured using Basic Auth and OAuth.

Nexus acted as a proxy storing and forwarding data among the four end-points.

SailPoint used its IdentityIQ software, which lets users govern and provision identity data, to bundle a select set of data about a user and send it to Salesforce.com via the Nexus proxy. Nexus transformed the message from Basic Auth security and XML formatting to OAuth and JSON. Salesforce.com took the information and created a user account in its system.

The message could just as easily been sent directly between the two systems, but Nexus was there to showcase the options available to the end-points.

Ping pulled 25 attributes out of Microsoft’s Active Directory, converted that into an XML-based SCIM format and sent it to UnboundID. Nexus converted the format to JSON before sending it to the UnboundID directory where the user account was created.

The day before the interoperability test, UnboundID announced support for SCIM in its directory, which is now the first commercially available directory to support the protocol.

Members of the SCIM effort said during a packed session at IIW on Tuesday that they hope to host a Birds of a Feather session at an upcoming meeting of the Internet Engineering Task Force (IETF) as a way to explore standardization of the protocol.

Completion of Version 1 of the specification should come in the next month or so along with the start of work on Version 2. The second SCIM version is the one planned for submission to a standards body.

The SCIM work has been led by Cisco, Google, Ping Identity, SailPoint, Salesforce.com, VMware, and UnboundID.

Add your comment