Blog-Eintrag -

The SCIM standards just grew up to become RFC's

Integrity and simplicity for both users and IT-departments just took a huge step forward on the Internet. The SCIM specifications, System for Cross-Domain Identity Management, are now published as publications by the Internet Engineering Taskforce (IETF) as RFC7643 and RFC7644. At neXus we are super proud because we have been playing a key part of the specifications, all the way from version 1.0, 1.1 and now 2.0.

SCIM makes identity life cycle management much easier by specifying and standardising how identity information like users, groups and different types of things and devices are sent over the wire. Before RFC7643 and RFC7644 (Ooo if feels good to write that out loud!) identity information was scattered over the internet leaving traces of identities at all the different service providers that a company have used. Identity Federation have helped adopting new services, and it has given users a smooth user experience, but it leaves those identity traces after the service is not used any more. Sometimes because the company moved on to the next big thing at a new service provider, and sometimes just because an employee quits. Now with RFC7643 and RFC7644 in place it’s possible to automatically create, update and remove the identity information on the fly making it possible to finally take back control of the private and valuable information.

There two specifications are very simple. The first one defines how a User, Group and potentially things like Toaster looks like. They are all called Resources and they are then managed by the other specification that defines how the Resources are sent over the wire.

We, at neXus, uses SCIM internally to tie our platform together in a unified way, we also use it to handle the life cycle management of users to cloud systems like Salesforce, Cisco and others. Devices are also defined in our neXus Dynamic Identity Platform with the help of SCIM, making it easy to define new device in the system, and it’s also a good, compact and well defined, interface for constrained devices to communicate with.

During the development of the specifications we have had several interops to verify that SCIM really works in the wild. There are also a long list of implementations, and we actually just added two new once yesterday, on the public facing web site for SCIM called http://www.simplecloud.info/ that can be used as a starting point for developing SCIM support.

Read more about about SCIM and the SCIM support in neXus Hybrid Access Gateway here:

Read about the Valuable and interoperable identity

Read about Identity Orchestration

You can also watch a couple of videos that describes SCIM:

(Swedish only)

Links

Themen

  • Daten, Telekom, IT

Kategorien

  • identity management
  • system for cross-domain identity management
  • scim
  • hag
  • hybrid access gateway
  • sicherheit
  • security
  • nexus

Kontakt

Zugehörige Meldungen

  • neXus liefert Dienstausweislösung für die Gemeinde Ale

    Gemeinsam mit neXus hat die Gemeinde Ale eine Lösung für die Produktion und Verwaltung von Dienstausweisen für alle seine Mitarbeiter entwickelt. Die Gemeindeverwaltung plant, dem gesamten Personal eine sichere Identifizierungs-Lösung bereitzustellen, die sowohl zur sicheren Anmeldung am Arbeitsplatz-PC als auch für den Zugang zu Gebäuden, für Druckaufträge und vieles mehr verwendet werden kann.

  • neXus Hauptquartier auf Liste der stilvollsten Arbeitsplätze der Welt

    Das neXus Hauptquartier befindet sich seit zwei Jahren in Telefonplan, dem ehemaligen Standort von Ericsson im Süden von Stockholm. Die vom Architekturbüro MER gestalteten Geschäftsräume wurden nun zu einem der 35 aufregendsten Arbeitsplätze der Welt ernannt.

  • Identitätsmanagement für Banken

    Am 12. Februar 2016 erörterte das Finanzmagazin gi geldinstitute einen in einem Artikel über neXus die Wichtigkeit eines professionellen Identitätsmanagements für Banken.

  • The Hacked Jeep is not alone

    As I wrote about in the blog post “Demystifying Security and Identities for Internet of Things” it is essential to implement security by design. The recent article in Wired shows how the threat is real and even though causing accidents might not be the prime target it points out that we need to take what we have learnt when opening up systems and API to the IoT world and not just care about remote

  • The IETF #93 meeting is wrapping up and it was a great week

    An very intensive Internet Engineering Task Force (IETF) week in Prague is just winding down. It’s been a great week in warm and welcoming Prague. IETF works on the specifications that together form the Internet and IETF attendees meets three times a year to try to make the internet, slowly but consistently, a better place. The gathering consists of quick presentations and long discussions in spec

  • Mobile app authentication by using Hybrid Access Gateway

    Traditionally authentication in mobile apps is not much different from authentication in web applications. However there are some key differences in mobile apps
    The UI is not build up on the server side so any changes to the UI (e.g. new authentication methods) requires new version of the application to be deployed. These kinds of things take time and focus from the actual app development. For

  • Demystifying Security and Identities for Internet of Things

    Regardless of where you believe IoT is on the hype cycle you need to start planning on how you shall take control over the security of your IoT scenario otherwise you will find your self in a situation by far harder to manage than any change you have previously faced.
    We know for sure that anything that matters when it comes to devices, sensors an other physical object will be connected to some

  • neXus Hybrid Access Gateway 5.4.4

    neXus recently made Hybrid Access Gateway 5.4.4 available.
    Since version 5.4 you can logon using even more e-Identities. 5.4 adds support for the latest generations of Swedish BankID, Swedish Mobile BankID and Norwegian BankID. The Virtual Appliance platform is based on a 64 bit Linux operating system and brings support for Microsoft Hyper-V in addition to the already existing support for VMwar

  • Server Name Indication and Hybrid Access Gateway

    ​SNI is an extension to TLS that has been around for a while, since 2003, but is becoming more and more important as installations become multi tenant with customers from completely different organizations.

Geben Sie Ihre E-Mail-Adresse ein, um Nexus Group zu folgen.

Wenn Sie sich dafür entscheiden, ein Benutzerkonto zu erstellen und einem Newsroom zu folgen, werden Ihre persönlichen Daten von uns und dem Eigentümer des Newsrooms verwendet, damit Sie Nachrichten und Updates gemäß Ihren Abonnementeinstellungen erhalten.

Um mehr darüber zu erfahren, lesen Sie bitte unsere Datenschutzerklärung, die für die Verwendung Ihrer persönlichen Daten gilt, sowie unsere Datenschutzerklärung für Contacts, die für die Nutzung Ihrer persönlichen Daten durch den Eigentümer der Newsrooms gelten, denen Sie folgen.

Bitte beachten Sie, dass unsere Nutzungsbedingungen für die Inanspruchnahme all unserer Dienste gelten.

Sie können Ihre Zustimmung jederzeit widerrufen, indem Sie Ihr Konto kündigen oder löschen.
Posteingang überprüfen

E-Mail an __email__ gesendet. Bitte klicken Sie den Bestätigungslink, um Nexus Group zu folgen.

OK