[Openid-specs-ab] Profile for using SCIM with OpenID Connect

John Bradley ve7jtb at ve7jtb.com
Wed Jun 15 20:28:18 UTC 2016 

Thanks for doing this.

Adding a SCIM endpoint for Connect IdP was always something we knew needed to happen.   

Now that SCIM 2 is done, it is a good time to look at it again.

I will have a look at your proposal.

Regards
John B.

> On Jun 15, 2016, at 4:10 PM, Phil Hunt <phil.hunt at oracle.com> wrote:
> 
> Please find attached, a draft proposal from Chuck Mortimore and myself on using SCIM as an alternate endpoint for profile services in the context of Connect.
> 
> This specification defines:
> a. Discovery metadata (scim_endpoint) indicating availability of a SCIM Protocol base endpoint
> b. Dynamic registration metadata (scim_profile) used to indicate a client intends to use SCIM in addition to or instead of UserInfo
> c. An additional ID Token claim (scim_id and scim_location) which specifies the SCIM resource endpoint and identifier associated with the authenticated subject.
> 
> By doing this, clients can avoid having to do an external authorization and another round of exchanges to access User profile information with full CRUD features.
> 
> Clients can also access SCIM’s more sophisticated query system to ask questions if the authenticated user has particular conditions (e.g. querying a sub-attribute such as “country” in the “addresses” attribute).  
> 
> As an example use case: A cloud provider wants to build a user-profile self-service portal. OIDC does the authentication of the user and allows the web service to access the CRUD features of SCIM for the updates.
> 
> Phil
> 
> @independentid
> www.independentid.com <http://www.independentid.com/>phil.hunt at oracle.com <mailto:phil.hunt at oracle.com>
> <Draft: OpenID Connect Profile for SCIM Services.html>
> <openid-connect-scim-profile-1_0.txt>
> 
> 
> 
> 
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20160615/b9f79ec7/attachment.html>

More information about the Openid-specs-ab mailing list