1

我们有一个身份提供者用户注册表和一个 SOAP Web 服务,供应用程序读取/写入用户配置文件。现在我们还计划添加一个 SCIM 接口。

我们发现核心用户模式涵盖了基本的属性集,但是我们现有的系统对相同的属性有不同的命名约定。

例如,说 USERTELEPHONENUMBER、USERSTREETADDR1 等等。

考虑到大量应用程序已经在使用这种命名约定,我们希望继续使用 SCIM 2.0。

鉴于我们可以扩展核心用户模式,

1)我们可以选择不使用核心模式中的任何属性吗?如果有效负载包含这些属性,我们是否可以在服务器端简单地忽略它们,只处理自定义模式属性?

一个示例用户文档 -

    {
        "schemas":    [ "urn:scim:schemas:core:2.0:User",
                     urn:scim:schemas:extension:customattrs:2.0:User"], 
        "id": "2819c223-7f76-453a-919d-413861904646",

        "urn:scim:schemas:extension:customattrs:2.0:User": {
            "USERFIRSTNAME": "fname",
            "USERLASTNAME": "lname",
         "USERTELEPHONENUMBER": "1231231234
     }
    }

2)我们可以自己定义一个新的资源,定义一个新的核心模式。

这些选项中的哪一个是更清洁的方式?

4

2 回答 2

3

如果您不打算使用核心模式,为什么要使用 SCIM?

SCIM 强烈反对使用多个属性来表示同一事物。

我建议您在属性和 SCIM 核心(和企业扩展)属性之间创建一个映射。如果有任何东西没有映射到这 2 个模式,您应该创建一个扩展。

于 2016-03-23T07:09:55.610 回答
0

I think what you need is a mapping between scim core schema attributes and your existing system attributes. As you have said both the scim core schema and your existing system attributes share the same meaning, you should not redefine those attributes in the extension. That is strongly discouraged by scim specification.(https://www.rfc-editor.org/rfc/rfc7643#section-3.3)

Schema extensions SHOULD avoid redefining any attributes defined in this specification and SHOULD follow conventions defined in this specification.

However if you a have additional attributes in your existing system, you may define them in the extension.

If you have a decoupled scim implementation like WSO2 Charon (https://docs.wso2.com/display/IS450/Implementing+SCIM+with+Charon) I suggest you to have separate layer underneath the scim implementation layer to do the necessary mapping of the attributes before they are used in any business logic. But that is basically depends on your implementation.

于 2017-01-02T16:24:32.987 回答