Ping CTO Patrick Harding took exception to my recent comments about the proposed Simple Cloud Identity Management (SCIM) protocol ("SCIMing the provisioning landscape").

Harding tells us that "Ping Identity has never actually been opposed to the SPML specification," although he later tells us that the provisioning protocol "... looks, feels and acts like a boat anchor." Just imagine how he feels about protocols they do oppose!

CLOUD SECURITY: Cloud-based identity management gets a boost

Patrick notes that Ping's customers "ask, 'Why haven't the cloud vendors implemented a standard?'" And that the company's consistent response has been, "Does it matter to you whether the standard is SPML or a new lightweight, REST specification?" Supposedly customers say that REST is fine, but that "the fact that it's a standard and implemented by all the cloud vendors is actually what's most important." Pity they didn't ask if using the same tools to provision the data center and to provision the cloud should be the same.

Harding attempts to use my own argument (noting that the X.500 schema still works for the cloud): "Ironic that Dave mentioned X.500. X.500 included the Directory Access Protocol or DAP. DAP was succeeded by an alternate but simpler protocol called Lightweight DAP or LDAP. The same thing happened with mail protocols when X.400 was succeeded by Simple MTP or SMTP. I see a trend here."

I see that trend too, Patrick, and it says to me that the cloud could use a lightweight version of the data center provisioning protocol, an LSPML if you will.

Read all of Patrick's notes to see what he really thinks.

We both agree that a provisioning system needs to be able to work with all applications and services no matter where they're located. In the end, I don't really care which protocol wins out -- provided the same protocol can be used for both the data center and the cloud. SPML and LSPML or SCIM and HSCIM (that's "Heavy" SCIM to accommodate the wide variety of data center needs for provisioning). Simplicity is good, seamlessness is better, and one app or service instead of two is best.


Copyright © 2011 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022