"We're seeing a lot of interest" in SCIM, says Patrick Harding, CTO of Ping Identity. "We haven't had strong standards in that space. All the vendors developed their own APIs. That's where we've been working for the last year with all the major [software-as-a-service] vendors to standardize on an API mechanism to automate the account management."
Version 1.0 of the SCIM specification was approved in December.
"We've got what enterprises use to talk SCIM and what cloud providers use to talk SCIM. We've also got a SCIM [Software Developers' Kit] freely available and SCIM reference implementations. We're highly motivated to get the standard out there," says Andy Land, vice president of marketing with UnboundID.
Proponents expect a flood of security products and cloud applications to support SCIM 1.0 this year.
"Momentum for SCIM is going to be key," Land says. "We've got Google, Webex, VMware all saying that they've got it ready to go. You'll see a lot more of the smaller vendors, the middleware guys, build products with SCIM. Towards the end of 2012, we should start seeing implementations of SCIM within the enterprise."
Harding says SCIM solves a critical problem for corporate CIOs, who have spent millions of dollars on their existing identity management infrastructures, including Microsoft Active Directory, authentication, and compliance. They want to be able to extend their identity management functionality to cover cloud applications with minimal additional cost or effort.
CIOs "are still responsible for ensuring that [SaaS apps] are adhering to the security policies that all of their applications must adhere to, whether that's policies for password management or access appropriate to role or certain compliance procedures," Harding says. "CIOs are trying to figure out how to make that happen."
Harding says CIOs will appreciate the cost savings that come from having an industry standard such as SCIM.
"I think we'll see much more adoption of SCIM in 2012," Harding says. "That will now allow people to much more cost effectively manage users in SaaS and cloud applications than building connectors to individual APIs or doing it manually."
The IETF is already working on a related Web authorization protocol called OATH that could provide a single user authentication experience regardless of whether a user is trying to access a network or cloud-based application.
Read more about infrastructure management in Network World's Infrastructure Management section.