1. Open standard based Identity Provisioning for Cloud
Prabath Siriwardena

2. About Me Director of Security Architecture at WSO2
Leads WSO2 Identity Server – an open source identity and entitlement management product.
Apache Axis2/Rampart committer / PMC
A member of OASIS Identity Metasystem Interoperability (IMI) TC, OASIS eXtensible Access Control Markup Language (XACML) TC and OASIS Security Services (SAML) TC.
Twitter
Blog :
LinkedIn :

3. Plug-Map

4. based Identity Provisioning for Cloud
Open standard
(and also open source)
based Identity Provisioning for Cloud

5. Synchronization

6. Synchronization

7. Sharing

8. Single Sign-On

9. Provisioning

10. Standard-based Provisioning

11. Standard-based Provisioning
SPML 1.0 Request / Response

12. Standard-based Provisioning
SPML 1.0 Request / Response

13. Standard-based Provisioning
SPML 2.0 Request / Response [DSML]

14. Standard-based Provisioning
SPML 2.0 Request / Response [XDS]

15. Standard-based Provisioning

16. System for Cross-domain Identity Management

17. System for Cross-domain Identity Management
{"schemas":[],
"name": {"familyName":"siriwardena",
"givenName":"prabath"},
"userName":"prabath",
"password":"prabath123",
"externalId":"prabathext",
" s":[ {"primary":true,
"type":"home"},
"type":"work"}] }
curl -k --user admin:admin --header "Content-Type:application/json"

18. System for Cross-domain Identity Management
{"schemas":["urn:scim:schemas:core:1.0"],
"displayName" : "OSDC",
"externalId" : "OSDC",
"members": [ {
"value": "f64e d-4a14-ac43-c9d02167f411",
"display": "prabath" } ]
curl -k --user admin:admin --header "Content-Type:application/json"

19. System for Cross-domain Identity Management

20. Authenticating SCIM Requests
HTTP Basic Authentication
OAuth 2.0

21. Authenticating SCIM Requests

22. Authenticating SCIM Requests
Get the Access Token from the OAuth Authorization Server
curl -v -X POST
--basic -u XQi6DUDPnMW_FH_VK3f1gBetNAsa:VfKb7MHzH7Q0U6YdNV6ehhetCpka
-H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k
-d "grant_type=password&username=admin&password=admin"
Add a user with via SCIM
curl -k
-H "Authorization: Bearer ea7f76f134eb9bbb12d4b06b93e1d0a3"
--header "Content-Type:application/json”

23. Authenticating SCIM Requests

24. Authorizing SCIM Requests

25. Authorizing SCIM Requests

26. Authorizing SCIM Requests

27. Federated Provisioning Patterns

28. Federated Provisioning Patterns

29. Federated Provisioning Patterns

30. Federated Provisioning Patterns

31. Federated Provisioning Patterns

32. Federated Provisioning Patterns

33. lean . enterprise . middleware