scim-docs/content/overview/identity-management.md
2024-10-03 21:43:59 +02:00

47 lines
1.7 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: Identity Management
description : "What we speak about and in **which environment**. We must agree on some **different problematics** that exists to better understand why we use SCIM."
color : yellow
weight : 1
---
<picture>
<source srcset="media/small/illus-basics.svg" media="(max-width: 768px)">
<img src="media/illus-basics.svg" alt="Illustation of the basics of identity magagment">
</picture>
{{< grid >}}
{{< card icon="user" >}}
#### Authentication
Who is this user ?
{{< /card >}}
{{< card icon="lock" >}}
#### Authorization
Is this user allowed to access this resource ?
{{< /card >}}
{{< card icon="cloud" >}}
#### Storage
Where are users identity & credentials stored?
{{< /card >}}
{{< card icon="prov" >}}
#### Provisioning
How to manage & transfer users identity ?
{{< /card >}}
{{< /grid >}}
<img alt="illustration of losing data" src="media/illus-loose-data.svg" class="float-right w-60">
### Our environment
Our digital work environment is composed of **many applications** and web services. We want a **seamless user experience** for our free software based collaboration platform. With a **Single Sign-on (SSO)** system users get a unified login and logout experience but there is a catch.
### Our problem
Traditional SSO protocols like OpenID Connect do **not support syncing user profiles across applications.** That's means :
* **users are not created by default in all apps** (only after they have logged in at least once)
* **no mechanisms to propagate the deletion of users**
* So its **not GDPR compliant** (by default)
#### In essence
<mark>Current existing protocols are **difficult to implement or/and to use** or are **custom for specific use case** then **non-standardized**.</mark>