SCIM - System for Cross-domain Identity Management

Hi there!

We are happy to come to offdem! One topic we are interested to discuss as a community is a technical topic.

Problem

When you use hosted free software to collaborate in your organization, it is easier for end users to have a single sign on. The issue with OpenId connect is that user creation, user update happens only during the login phase. And user deletion is not really part of OpenId connect.

Solution

We discovered a really nice standard called scim. This standard is made to sync users and groups between a client and a server.

We applied for NGI0 and we are glad that we were accepted.

Proposal for offdem

We’d love to tell you more about this standard.

If you are a free software developer, we would love that next time you create a user and group provisioning API, you’d reuse this standard, the ecosystem would thank you for ever!

We can also respond to any questions (we can try :wink: ) that you have about this protocol, and how to implement it!

And we’d love to discuss with other sso hosters (chatons, librehosters, fairkom), sso implementer (like yunohost, stackspin or laboite) on how we can collaborate on this technologie.

With this funding, we plan to develop SCIM plugins for:

  • keycloak
  • RocketChat
  • Nextcloud
  • Synapse

We hope to see you on Saturday to discuss about this topic!

Cheers!