SCIM: The Right Standard at the Right Time

I’m excited to report that the Simple Cloud Identity Management (SCIM) working group has unanimously approved the SCIM 1.0 specification. SailPoint contributed heavily to both the working group process and the development of the spec. With this week’s big move forward, I wanted to share my thoughts on why SCIM is good for our enterprise customers, cloud services providers, IdM vendors, and the industry as a whole.

I’ve spent the past 11 years working on IdM standards, beginning with SPML back in 2000. Sometimes our worst failures teach us the best lessons, and that’s absolutely the case with SPML. SPML never really gained widespread market adoption because it failed to deliver in three key areas: simplicity and ease of adoption, industry support and true customer demand. SCIM aims to improve upon each of these areas in order to improve connectivity, manageability and governance for SaaS and cloud-based applications.

Keeping It Simple

SPML turned out to be far from simple. The effort was well-intentioned one by everyone involved, but ultimately, the resulting spec was too large and complex, and created as many problems for customers as it solved (if not more). At the end of the day, SPML was a complete operating model for provisioning and as such came with a lot of baggage and a lot of complex use cases. In contrast, SCIM focuses on the core tasks of account management and leaves out a lot of the “provisioning platform” extras. This simplifies things for everyone concerned. SCIM is also 100% based on a newer RESTful web services approach that is both easier to write and use in the code, and easier to read and understand in the specification.

App Vendor Support

Today’s cloud application vendors understand the importance of IdM, and they recognize the need to simplify and standardize how organizations provision to their cloud application services. While the cloud has been designed to provide simple on-demand computing for today’s business needs, it has opened up several IdM issues, including remote application user administration and synchronization of identity data between the enterprise and the cloud. Recognizing the importance of solving these issues, companies like, Google and Cisco have invested their time to help drive SCIM forward and build SCIM interfaces into their products. Support by the major SaaS vendor platforms will prove critical if SCIM is to achieve widespread adoption.

Real Customer Demand

Despite the naysayers, business adoption of the cloud is accelerating. And as more and more SaaS applications are deployed, it’s incumbent on organizations to manage the identities they now own in the cloud. These organizations aren’t interested in adding more complexity to their IdM implementations, and are beginning to push both management and application vendors to provide a simple, standardized way of managing their SaaS accounts. This growing and real customer need has resulted in genuine customer push – push for their SaaS vendors to support SCIM on the account side, and push for their identity management vendors to make use best use of it.

SailPoint will continue its contributions to the SCIM effort as it moves toward adoption by the IETF. We strongly believe that this type of standard is critical to addressing IdM in the cloud and to providing the level of manageability, controls and governance that’s needed for today’s increasingly mission critical cloud-based applications. If you’re interested in more technical details on the spec, take a listen to the webinar I recorded last week with Dave Kearns of KuppingerCole and Patrick Harding of Ping Identity.

As the SCIM standard evolves, I’ll be sure to keep you updated. In the mean time, I’d like to hear your thoughts on SCIM. Do you think we are guiding the market in the right direction?