1.6 KiB
| title | description | color | weight |
|---|---|---|---|
| Identity Management | What we speak about and in **which environment**. We must agree on some **different problematics** that exist to better understand why we use SCIM. | yellow | 1 |
{{< grid >}}
{{< card icone="user" >}}
Authentication
Who is this user ? {{< /card >}}
{{< card icone="lock" >}}
Authorization
Is this user allowed to access this resource ? {{< /card >}}
{{< card icone="cloud" >}}
Storage
Where are user’s identity & credentials stored? {{< /card >}}
{{< card icone="prov" >}}
Provisioning
How to manage & transfer user’s identity ?
{{< /card >}}
{{< /grid >}}
Our environment
Our digital work environment is composed of many applications and web services. We want a seamless user experience for our free software based collaboration platform. With a Single Sign-on (SSO) system users get a unified login and logout experience but there is a catch.
Our problem
Traditional SSO protocols like OpenID Connect do not support syncing user profiles across applications. That's means :
- users are not created by default in all apps (only after they have logged in at least once)
- no mechanisms to propagate the deletion of users
- So its not GDPR compliant (by default)
In essence
Current existing protocols are difficult to implement or/and to use or are custom for specific usecase then non-standardized.