CODEWITHSUNDEEP
schemascim
John Smith
John Smith

Reputation: 347

Schema extension for SCIM 2.0

We have an Identity Provider User registry, and a SOAP Web Service for applications to read/write user profiles. Now we plan to add a SCIM interface as well.

We find that Core User schema covers the basic set of attributes, however our existing system has a different naming convention for the same attributes.

For example, say USERTELEPHONENUMBER, USERSTREETADDR1 and so on.

Considering large number of applications already using this naming convention, we would like to continue the same with SCIM 2.0.

Given that we can extend the Core User schema,

1) Can we opt not using any attributes from Core schema ? If the payload includes these attributes, can we simply ignore them on the server side, and process only custom schema attributes ?

An example User document - 

    {
        "schemas":    [ "urn:scim:schemas:core:2.0:User",
                     urn:scim:schemas:extension:customattrs:2.0:User"], 
        "id": "2819c223-7f76-453a-919d-413861904646",

        "urn:scim:schemas:extension:customattrs:2.0:User": {
            "USERFIRSTNAME": "fname",
            "USERLASTNAME": "lname",
         "USERTELEPHONENUMBER": "1231231234
     }
    }

2) We can define a new resource itself and define a new core schema.

Which of these options would be a cleaner way ?

Upvotes: 1

Views: 3039

Answers (2)

Vindula Jayawardana
Vindula Jayawardana

Reputation: 25

I think what you need is a mapping between scim core schema attributes and your existing system attributes. As you have said both the scim core schema and your existing system attributes share the same meaning, you should not redefine those attributes in the extension. That is strongly discouraged by scim specification.(https://www.rfc-editor.org/rfc/rfc7643#section-3.3)

Schema extensions SHOULD avoid redefining any attributes defined in this specification and SHOULD follow conventions defined in this specification.

However if you a have additional attributes in your existing system, you may define them in the extension.

If you have a decoupled scim implementation like WSO2 Charon (https://docs.wso2.com/display/IS450/Implementing+SCIM+with+Charon) I suggest you to have separate layer underneath the scim implementation layer to do the necessary mapping of the attributes before they are used in any business logic. But that is basically depends on your implementation.

Upvotes: 2

kkcheng
kkcheng

Reputation: 131

If you don't plan to use the core schemas, why use SCIM at all?

SCIM strongly discourage having multiple attributes that mean the same thing.

I would suggest that you create a mapping between your attributes and the SCIM core (and enterprise extension) attributes. If there are anything that does not map to the those 2 schemas, you should create an extension.

Upvotes: 5

Related Questions