scim-docs/content/overview/identity-management.md

57 lines
2.3 KiB
Markdown
Raw Normal View History

2024-08-29 10:10:19 +00:00
---
title: Identity Management
description : A **quick overview** of some different issues that exist when **discussing identity management**, and in which environments using SCIM could be relevant.
2024-08-29 10:10:19 +00:00
color : yellow
weight : 1
---
2024-10-03 19:43:59 +00:00
<picture>
<source srcset="media/small/illus-basics.svg" media="(max-width: 768px)">
<img src="media/illus-basics.svg" alt="Illustation of the basics of identity magagment">
</picture>
2024-08-29 10:10:19 +00:00
{{< grid >}}
2024-08-29 21:46:48 +00:00
{{< card icon="user" >}}
2024-08-29 10:10:19 +00:00
#### Authentication
Who is this user ?
{{< /card >}}
2024-08-29 21:46:48 +00:00
{{< card icon="lock" >}}
2024-08-29 10:10:19 +00:00
#### Authorization
Is this user allowed to access this resource ?
{{< /card >}}
2024-08-29 21:46:48 +00:00
{{< card icon="cloud" >}}
2024-08-29 10:10:19 +00:00
#### Storage
Where are users identity & credentials stored?
{{< /card >}}
2024-08-29 21:46:48 +00:00
{{< card icon="prov" >}}
2024-08-29 10:10:19 +00:00
#### Provisioning
How to manage & transfer users identity ?
{{< /card >}}
{{< /grid >}}
Among all these identity management concepts, SCIM is a matter of provisioning ; it concerns how information linked to an identity is transferred between different apps.
2024-10-03 19:43:59 +00:00
<img alt="illustration of losing data" src="media/illus-loose-data.svg" class="float-right w-60">
2024-08-29 10:10:19 +00:00
### SCIM environement
Because SCIM tackle the question of provisioning, one of best the identity management environments where SCIM is relevant is an environment composed of many apps or services that are **not well integrated natively** and are used by many users.
To better understand, let's consider the use case of a hosting provider that develops a collaboration platform based on different free software.
The digital work environment is then composed of **many applications and web services** used by **different users.** These users want **a seamless user experience** across the different apps.
With a **Single Sign-on (SSO)** system, users get a unified login and logout experience but there is a catch.
2024-08-29 10:10:19 +00:00
### The problem
2024-08-29 10:10:19 +00:00
Traditional SSO protocols like OpenID Connect do **not support syncing user profiles across applications.** That's means :
* **users are not created by default in all apps** (only after they have logged in at least once)
* **no mechanisms to propagate the deletion of users**
* So its **not GDPR compliant** (by default)
#### In essence
2024-08-29 21:46:48 +00:00
<mark>Current existing protocols are **difficult to implement or/and to use** or are **custom for specific use case** then **non-standardized**.</mark>