SCIM 全稱 System for Cross-domain Identity Management,主要用於多租戶的雲應用身份管理。html
概覽java
SCIM 2.0創建在一個對象模型上,全部SCIM對象都繼承Resource,它有id,externalId和meta屬性,RFC7643定義了擴展公共屬性的User,Group和EnterpriseUser。跨域
示例用戶
{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
"id":"2819c223-7f76-453a-919d-413861904646",
"externalId":"bjensen",
"meta":{
"resourceType": "User",
"created":"2011-08-01T18:29:49.793Z",
"lastModified":"2011-08-01T18:29:49.793Z",
"location":"https://example.com/v2/Users/2819c223...",
"version":"W\/\"f250dd84f0671c3\""
},
"name":{
"formatted": "Ms. Barbara J Jensen, III",
"familyName": "Jensen",
"givenName": "Barbara",
"middleName": "Jane",
"honorificPrefix": "Ms.",
"honorificSuffix": "III"
},
"userName":"bjensen",
"phoneNumbers":[
{
"value":"555-555-8377",
"type":"work"
}
],
"emails":[
{
"value":"bjensen@example.com",
"type":"work",
"primary": true
}
]
}
上述用戶屬性並無所有列出來,不過從這個示例中能夠發現,資源的屬性包括架構
一、簡單屬性,如userName,只是一個單一的值;dom
二、複雜屬性,如name, 它的內部還有多個子屬性;ui
三、多值屬性,如phoneNumbers,一個User資源包含多個phoneNumberspa
操做
對資源的操做,SCIM提供了一套REST API,包含豐富但簡單的操做集,支持從修改特定用戶的特定屬性到進行批量更新的全部內容:code
- 建立(create): POST https://example.com/{v}/{resource}
- 讀取 (read): GET https://example.com/{v}/{resource}/{id}
- 替換 (replace): PUT https://example.com/{v}/{resource}/{id}
- 刪除 (delete):DELETE https://example.com/{v}/{resource}/{id}
- 更新 (update): PATCH https://example.com/{v}/{resource}/{id}
- 搜索 (search): GET https://example.com/{v}/{resource}?filter = {attribute} {op} {value}&sortBy = {attributeName}&sortOrder = {ascending | downcending}
- 批量(bulk): POST https://example.com/{v}/Bulk
規範說明orm
SCIM 2.0 於2015年9月在IETF下發布,主要包含三個RFC文件,即:RFC7642,RFC7643和RFC7644 ;
htm
- RFC7643 - SCIM:核心模式(Core Schema)
提供平臺基礎架構(用戶和組)和擴展模型。
- RFC7644 - SCIM:協議(Protocol)
SCIM協議是用於在Web上提供和管理身份數據的應用級REST協議。
- RFC7642 - SCIM:定義,概述,概念和要求(Definitions, Overview, Concepts, and Requirements)
本文檔列出了跨域身份管理系統(SCIM)的用戶場景和使用案例。
參考網址:http://www.simplecloud.info/