...
- Expose IAM capabilities at RESTful endpoints
- ...Where it makes sense: LDAP, SAML, etc. still have their well-earned place, TIER will take full advantage of such common protocols and interfaces. OAuth 2, OpenID Connect and UMA are also coming into play.
- REST ness in the TIER context means: HTTP verbs operate on Resources (groups, users,....); RPCish idioms should only be used when nothing else will do what needs to be done.
- The model for interoperating with existing institutional IAM services is to provide the TIER components with connectors that know how to interact with both back end legacy systems as well as the growing number of contracted-out SaaS and PaaS services services
- An API-first design helps us achieve and maintain a level of abstraction from specific implementation choices. This gives TIER adopter sites the option to wrap their favorite legacy IAM service in a TIER API knowing that it will integrate well with other TIER or TIER-compliant packages.
- Adopt the many useful conventions specified in the new IETF standard, SCIM 2.0 ,
- around the design choices that would otherwise tend to provoke endless Working Group working group debates on matters such as pagination, metadata schema, data formats, etc.
- the choice to leverage SCIM, as much as anything else, made the decision to support JSON easier. Support for XML can be provided if and where it's needed.
...