Last week I attended the Cloud Identity Summit in Monterrey (not a bad place to escape the Texas heat!) and it was very clear that the emerging SCIM (System for Cross-domain Identity Management) specification is at the top of the IAM priority list as organizations adopt more and more SaaS applications to support the business. Widespread adoption of the SCIM specification will simplify cloud IAM, making it more convenient and cost-effective for users to move into, out of and around the cloud.
Throughout the show there was a lot of discussion about the standard. It was great hearing the buzz, and realizing our industry is at a turning point in the specification’s development. But we’re not at the finish line yet. In order for SCIM to become a reality, it is critical that SaaS vendors and their customers support the standard. This is the only way to ensure that SCIM is widely available, and it’s a critical step toward simplifying how enterprises are able to manage cloud apps as part of their overall IAM program.
I addressed this very topic during a session at CIS, which was standing room only – clear evidence of the growing interest in SCIM. Already, SCIM is being used in the real world to manage both applications behind the firewall as well as SaaS applications. In fact, at the beginning of the workshop I asked for a show of hands for who was either implementing, or planning to implement, SCIM. A high percentage of the attendees in the room raised their hands – a very surprising result given we are on version 2.0 of the specification. Clearly, now is the time for SaaS vendors to get on board, too.
During that session, I also demonstrated the simplicity of the SCIM specification as well as some of the available open source tools that allow it to easily be integrated into the IAM infrastructure. I’ve shared my slides here for you to check out. I’ve also recently discussed the necessities of SCIM during a discussion with Dana Gardner of Interarbor alongside panelists from Ping Identity and Axway in which we debated the vast array of standards for identity and authentication.
How do you think SCIM is progressing across the identity world?