SCIM versus LDAP ! - PowerPoint PPT Presentation

About This Presentation
Title:

SCIM versus LDAP !

Description:

The Gluu Server is already open to the Internet on 443. But the ip address of all LDAP clients would need to be added as an exception to the Gluu Server host firewall. Ideally, the customer would want to specify an AWS security group. It sounds trivial, but given the other considerations, it helped tilt the scale for me towards SCIM. – PowerPoint PPT presentation

Number of Views:25

less

Transcript and Presenter's Notes

Title: SCIM versus LDAP !


1
 SCIM versus LDAP!
  • When it comes to pushing users to the Gluu
    Server, customers can use either the LDAP and sso
    service interface, or the SCIM interface. Which
    one should I advise them to use?
  •  
  • Ok, I admit it I love LDAP. I and about a
    thousand other weirdos scattered across the
    globe. What more do programmers want? UnboundID
    has written a fantastic Java client SDK. It makes
    it really easy to load balance connections to
    backend servers. There are many resources on the
    web on how to use LDAP.
  •  
  • However, despite my love of LDAP, I am now firmly
    in the SCIM wagon. Here are a few quick reasons
    why
  •  
  • Stateless Connections
  •  
  • If you make a mistake while using an LDAP API, it
    opens the possibility you will have an LDAP
    connection leak, consume all the available
    connections and crash the server.
  •  

2
Hides complexity of LDAP The Gluu LDAP
namespace assigns a unique identifier to each
organization that is not exactly programmer
friendly. Also, when adding a person the
developer needs to know the required and optional
attributes for a given LDAP object class. Not
really a blocker, but explaining this extra stuff
takes time, especially to programmers who are not
LDAP geeks.   Hard to manage LDAP ACIs
Applications that need to write to the LDAP
server would need credentialsan LDAP DN
(distinguished name) and password (or register a
certificate). Then this DN would need to be given
access to perform the necessary operations. How
to do this differs based on the backend LDAP
Server (i.e. between OpenLDAP and OpenDJ).   Hard
to Manage Firewall Rules The Gluu Server is
already open to the Internet on 443. But the ip
address of all LDAP clients would need to be
added as an exception to the Gluu Server host
firewall. Ideally, the customer would want to
specify an AWS security group. It sounds trivial,
but given the other considerations, it helped
tilt the scale for me towards SCIM.
3
One complication that contributed to my previous
hesitation to recommend SCIM over LDAP has been
that the SCIM standard does not say how to
protect the APIs. The SCIM interface is very
powerfulthe ability to change passwords and add
users they keys to the kingdom Gluus approach
is to enterprise single sign on it as we secure
all APIsusing UMA. At this point, I dont see
any other viable open standard to secure APIs, so
it seems like its the right approach.   The net
effect of these considerations has put me firmly
on the side of SCIM. We still use LDAP in the
Gluu Server for persistence (we love the
replication and performance!). But as an
interface for provisioning (aka IDM) were going
to start pushing SCIM 1.1 from now on. LDAP is
now deprecated.   Article resource-http//gluu.we
bs.com/apps/blog/show/42647606-scim-versus-ldap-
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "SCIM versus LDAP !" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!