The group working on a simple standard for provisioning users to cloud services Thursday released the final draft of its 1.0 spec.

The Simple Cloud Identity Management (SCIM) group, which includes Cisco, Google, Ping Identity, SailPoint,, VMware, and UnboundID, said it would officially vote to finalize the 1.0 spec Dec. 14.

Trey Drake, an architect for UnboundID, said no new features were added between the last revision of SCIM and the 1.0 version. Drake said the group trimmed and cleaned up the spec for its final revision. The final draft is made up of the Core Schema and REST API specs.

SCIM is a data access protocol for provisioning and managing user identity in the cloud. It supports creating, editing, deleting, querying and retrieving user resources. The intent is to create a fast and efficient way for enterprises to provide access to cloud services.

For years, cloud providers have been touting how easy and cost effective it is to adopt online services. The behind-the-scenes enterprise pain, however, is user management, namely provisioning and deprovisioning users into and out of those environments.

Drake said the 1.0 spec is ready for both testing and implementation.

The group is already working on the 2.0 version of SCIM. In March, the group will present the 2.0 spec at the Internet Engineering Task Force (IETF) meeting in Paris, France. Morteza Ansari, a principal engineer with Cisco, is leading the work on creating an IETF presentation.

"Everything is queued up for 2.0," Drake said. He added that 1.0 should not see any changes going forward and that 2.0 would be backward compatible.

The group has made no secret of the fact it has been angling SCIM standardization efforts toward the IETF. Another RESTful-based cloud protocol, OAuth 2.0, is currently nearing standardization there.

In October, five vendors conducted the first SCIM interoperability test. Nexus, SailPoint,, UnboundID and Ping Identity linked their wares via SCIM messages formatted in either XML or JavaScript Object Notation (JSON) and began sharing user data. The data exchange was secured using Basic Auth and OAuth.

The day before the interoperability test, UnboundID announced support for SCIM in its directory, which is now the first commercially available directory to support the protocol.

The SCIM group hopes to conduct another interoperability test in March in conjunction with its IETF meeting.


* Required Fields