Cloud provisioning spec step closer to IETF working group

A proposal to create a new standard for provisioning users to cloud services is making its way along the standards track and is soon to be the focus for a new IETF working group.

A plan to create a standard protocol to ease provisioning of corporate users to cloud services should be approved as an IETF working group early next month.

The Simple Cloud Identity Management (SCIM) protocol was approved Tuesday by the Internet Engineering Steering Group. The approved charter is now open for review by the Internet Engineering Task Force (IETF) and external parties interested in the specification.

Per IETF guidelines and procedures, an approved charter is required to form a working group.

The charter will go to final approval on June 7, and barring any objection, SCIM should become an official IETF charter the week of June 11, according to Applications Area Director Barry Leiba, who posted the announcement on the SCIM mailing list.

Leiba said in his post to the list, "I don't expect serious objections during the review period, so I don't anticipate any problems."

After a lengthy and contentious discussion, Leiba also silenced input on the protocol's name change. Going forward, SCIM will be known as the "System for Cross-domain Identity Management." The new name, however, preserves the old SCIM acronym, but eliminates the words "simple" and "cloud" that some thought epitomized the SCIM mantra.

"SCIM will definitely face a battle to stay simple and focused," said Paul Madsen, who participated in SCIM development and is a senior technical architect in the CTO's office at Ping Identity (disclosure: also my employer). "That  challenge would be the same whatever standards body to which it was submitted.

An existing provisioning protocol, the Service Provisioning Markup Language (SPML), was criticized for being too complex and never gained widespread adoption.

The SCIM charter stipulates that the working group will focus on standardized methods for creating, reading, searching, modifying, and deleting user IDs and identity related data among domains. The goal is to simplify common tasks related to user identity management for services and applications.

Today, it can be difficult, and is often a manual process, to provision corporate users for services and applications residing on an external Web site.

SCIM's intent is to create a fast and efficient way for enterprises to provide access to cloud services. The group is not bent on creating new protocols as the SCIM specification already provides REST interfaces on top of HTTP.

But critics have attacked SCIM as too simplistic to be effective and claim it is repeating some of SPML's sins.

The charter stipulates that SCIM will focus on schema definitions and discovery; operations to create, modify and delete uses; read/search; bulk operations and mappings between the IETF's inetOrgPerson LDAP object and the SCIM schema.

The development of SCIM began in late 2010 mostly among a small group of vendors that now includes Cisco, Google, Nexus, Ping Identity, SailPoint,, Technology Nexus, VMware, and UnboundID.

See also:

Gartner: Identity a lever of control; 6 trends for 2012