System for Cross-Domain Identity Management (SCIM): Survey and Enhancement With RBAC

Baumer, Thomas and Mueller, Mathis and Pernul, Guenther (2023) System for Cross-Domain Identity Management (SCIM): Survey and Enhancement With RBAC. IEEE ACCESS, 11. pp. 86872-86894. ISSN 2169-3536

Full text not available from this repository. (Request a copy)

Abstract

System for Cross-domain Identity Management (SCIM) is a schema and protocol to exchange identity data across cloud-based applications utilizing a Representational State Transfer (REST) Application Programming Interface (API). Since it quickly gained decent vendor adoption, it is considered a relevant industry standard for Identity Management (IdM) and related systems. The Request for Comments (RFC) of SCIM primarily focuses on identity data but has opening points for Role-Based Access Control (RBAC). E.g., sets for roles and entitlements are specified for a user entity. However, the RFC family does not detail RBAC further, which leads to some proliferation and anomalies. E.g., the role and entitlement sets for the user are implemented in "freestyle"notations by vendors, and information on orphan roles or entitlements is not accessible. Moreover, some vendors and recent extensions add role and entitlement (and some other) endpoints leading to vendor-specific dialects for SCIM, which hampers simplicity and interoperability. This work contributes by proposing a RBAC profile for SCIM utilizing Design Science Research Methodology (DSRM). We thus look at present knowledge about API design, Access Control Models (ACMs), IdM and its APIs. Furthermore, we conduct a literature review on SCIM, including its specification documents, scientific contribution, and vendor implementations. An artifact combines this knowledge and improves SCIM with a RBAC profile. An open-source Swagger prototype showcases the API design. Finally, design principles formulate essential insights to guide future RBAC REST APIs.

Item Type: Article
Uncontrolled Keywords: DESIGN SCIENCE; SECURITY; API; design principles; IAM; IdM; RBAC; REST; SCIM
Subjects: 000 Computer science, information & general works > 004 Computer science
300 Social sciences > 330 Economics
Divisions: Business, Economics and Information Systems > Institut für Wirtschaftsinformatik > Lehrstuhl für Wirtschaftsinformatik I - Informationssysteme (Prof. Dr. Günther Pernul)
Informatics and Data Science > Lehrstuhl für Wirtschaftsinformatik I - Informationssysteme (Prof. Dr. Günther Pernul)
Depositing User: Dr. Gernot Deinzer
Date Deposited: 05 Mar 2024 12:19
Last Modified: 05 Mar 2024 12:19
URI: https://pred.uni-regensburg.de/id/eprint/59318

Actions (login required)

View Item View Item
pred is powered by EPrints 3.4 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.