Attaching missing images.
On Sun, Jan 22, 2017 at 11:49 PM, Gayan Gunawardana <[email protected]> wrote: > SCIM Overview and Concept > SCIM stands for “Simplified Cloud Identity Management” and later it has > been changed to “System for Cross-domain Identity Management”. SCIM was > originally developed for Cloud services, but according to later > understanding decided that it was not bounded to Cloud and can be used > purely on-premise scenarios as well. New name reflects above idea. > > Originally SCIM was developed with three main actors. > > - > > CSP: Cloud Service Provider > - > > A CSP is the entity which is holding identities of end users and > also provide services for user management. > - > > ECS: Enterprise Cloud Subscriber > - > > The ECS Actor is a single entity which is given administrative > responsibility to manage other identity accounts. > - > > CSU: Cloud Service User > - > > A CSU represents the real cloud service end user. > > > WSO2 Identity Server as a SCIM Provider > According to new definition of SCIM (Sysem for Cross-domain Identity > Management) WSO2 Identity Server also can act as SCIM provider which is > similar to Cloud Service Provider. > > > > > - > > WSO2 Identity Server > - > > Similar to Cloud Service Provider. Provide services to manage end > user identities. > - > > Authorized Entity for Provisioning > - > > Similar to Enterprise Cloud Subscriber. Authorized Entity will be > single identity who has administrative privilege to manage end user > accounts. > - > > End User > - Similar to Cloud Service User. > > > How we have done things on C4 > In C4 Up to Identity Server 5.3.0 we have been using SCIM only for > provisioning users from external system to Identity Server (Inbound > Provisioning). Also In C4 we have couple of SOAP services to manage user > identities. > > UserAdmin: Used for Management Console user management operations. > > RemoteUserStoreManagerService: Manage user identities in user store > remotely. > > UserInformationRecoveryService: Self signup, Username recovery, Password > recovery > > Even though above services have been implemented for different objectives > there are lot of duplicate efforts. For an example add user operation is > included in all three services. Sometimes when you switch among different > services for same functionality for an example > UserInformationRecoveryService → registerUser to SCIM add user operation or > UserAdmin add user operation you may find different data formats and > performance issues due to different implementations. > > > What is new for C5 ? > What we are proposing new is reuse standard SCIM APIs for all user > management functionalities. Since SCIM 2.0 provide more comprehensive user > management functionalities we can build common layer to serve all user > management use cases for different channels. Basically User Admin can > manage other identity accounts via SCIM APIs without having separate > implementation. > > Further we can extend the usage of SCIM for identity management > functionalities as well. For an example we can achieve self sign up by > sending anonymous SCIM request to SCIM '/Me' endpoint. > For some use cases we may need to do custom implementation which might be > out of SCIM specification. For an example SCIM does not allow to assign > roles to user. > > Finally what we want to achieve is alter multiple user management APIs > like UserAdmin, RemoteUserStoreManagerService, > UserInformationRecoveryService with standard SCIM APIs. > > Much appreciate your suggestions and feedbacks. > > > Thanks, > Gayan > > -- > Gayan Gunawardana > Software Engineer; WSO2 Inc.; http://wso2.com/ > Email: [email protected] > Mobile: +94 (71) 8020933 > -- Gayan Gunawardana Software Engineer; WSO2 Inc.; http://wso2.com/ Email: [email protected] Mobile: +94 (71) 8020933
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
