Provisioning is one of the thorny issues plaguing us, and where there are no good standardized solutions. SCIM is a proposal for  Simple Cloud Identity Management, with the intent to “reduce the cost and complexity of user management operations by providing a common user schema and extension model, as well as binding documents to provide patterns for exchanging this schema using standard protocols.”

Internet2 has gathered a wiki of SCIM resources, to help higher education follow the development.  Some of the advantages of the SCIM proposal seem to be

  • REST-support
  • standardized API for cloud-ish functions
  • claims to be simpler, which it really needs to be, but I want to see this IRL before I believe it

The main problem is that installing a new interface on core components (local LDAP-servers, identity management solutions) who are crucial for the day-to-day operations of the organizations involved is not an easy undertaking.  The lead time for serious changes to that part of the infrastructure is at least two years, in my experience, even for small changes like updating schema across multiple organizations.