What is i2scim?

i2scim is a Kubernetes (K8S) deployable server implementation of the IETF SCIM specification for provisioning of Identities as an directory service. i2scim is as a generalized SCIM engine that supports configured endpoints and schemas defined in json. Unlike other SCIM implementations, i2scim does not have fixed resource types. i2scim reads a K8S configMap containing JSON formatted definitions of resources and attributes (aka SCIM Schema). At its core, i2scim is a JSON document centric engine that converts from the SCIM Restful HTTP API to backend persistence services such as MongoDb.

This open source project licensed under the Apache License 2.0.

i2scim is extensible in key ways:

But wait, what is IETF SCIM?

What is i2scim useful for?

i2scim is a K8S deployable service that supports scenarios such as:

How do I get started?

i2scim Feature Details

Note: Inter-SCIM server replication services are not currently part of this project and are currently only supported as part of a database cluster. For fault-tolerant scaled systems use i2scim deployed with a MongoDB cluster on K8S along with an enterprise MongoDB deployment.

Where can I get more help if needed?

Open Source i2scim is maintained by Independent Identity Incorporated on a best effort sponsored basis. For more information, please email info@independentid.com. —–

What is SCIM?

SCIM (System for Cross-domain Identity Management) is an IETF specified protocol and schema designed to support simple cloud identity management over a REST-ful HTTP service. See:

In SCIM, objects are called Resources which have an identified schema. Like XML, a SCIM Schema describes an object, the attributes contained, along with their syntax, mutability, etc. For example a username is usually unique across a domain. Unlike XML, SCIM schema is not used as a strict enforcement mechanism. After-all JSON is just JSON. However Schema definitions help inform parties on how to parse and use data discovered in an endpoint. These can be discovered using the /Schemas endpoint. To help SCIM protocol clients understand what resources types are available, SCIM servers provide and endpoint called Resourcetypes that lists the resources available on the server.

JSON and Schema? What?

At the time of writing the SCIM protocols, REST-ful APIs were in vogue. One of the observations of the SCIM Working Group, is that SCIM was an HTTP based service that would be implemented by many different developers and organizations. This stood in stark contrast to services like the Facebook API. There were many client implementers but only 1 organization supporting Facebook’s API. Unlike most APIs, SCIM needed mutual interoperability. WG members recognized that every SCIM service provider would likely be somewhat different. In order to make interop possible, the SCIM schema was developed.

How SCIM and XML are alike:

How SCIM and XML are NOT alike: