STANDARD

SCIM — Primer

SCIM (RFC 7643/7644) standardizes identity schemas and a REST API for provisioning users, groups, and entitlements across systems.

← All standards

Why it matters

Standards reduce risk and vendor lock‑in. We implement this spec across our Studios and runtime so policy is portable.

Where it’s enforced

Gateway: pre‑execution gating (plan/schema pins, params/egress)
Shield: inline budgets/stream caps/content checks
PDP: decisions with constraints/obligations/TTL
IdP: passports, token exchange, consent/DPoP

How it works (high level)

SCIM defines identity schemas and APIs. PATCH supports add, replace, and remove. Filtering, sorting, and pagination should be supported; use ETags for concurrency.

PATCH /Users/2819c223-7f76-453a-919d-413861904646
{
  "Operations": [{
    "op": "replace",
    "path": "name.familyName",
    "value": "Benson"
  }]
}

References

RFC 7643: SCIM Core Schema
RFC 7644: SCIM Protocol

← FAPI 2.0

All standards

CIBA →