SCIM security considerations

Question

I can't find security details that are covering SCIM protocol. In SCIM documentation there is only in paragraph 4 :

Authorization and authentication must be guaranteed for the SCIM operations.

When I set REST API (for SCIM) on well known address (according with SCIM protocol) how to control then access ? Everyone can sent SCIM filter request and get response with all resources ?

score 0 · Accepted Answer · answered Jul 04 '14 at 16:38

0

SCIM leaves this aspect to the implementation providers, cause there already many types of mechanisms to secure a web resource.

answered Jul 04 '14 at 16:38

kayyagari

1,882
13
10

Is there recommended one, like OAuth 2.0 or similar ? – Rastko Jul 07 '14 at 07:45
Yeah, OAuth is preferred, but largely it "depends" on the environment/requirement. – kayyagari Jul 07 '14 at 11:25

SCIM security considerations

1 Answers1