"SCIM is handled via a REST-based API for provisioning, change, and de-provisioning — all of which lie outside the realm of OAuth and SAML. With the rise of web APIs and microservices, SAML, has been deemed by some as too heavy with it’s verbose XML. SCIM rather calls for authentication and access tokens in compact JSON, passed via HTTP headers."