I want to know which one is better in terms of security features: WSO2 Identity Server or SCIM. I have read both their documentations and RFCs (for SCIM), but I cannot figure out which one would be a better option to use to provide security for a website which is going to handle huge user load. Please advise.
WSO2 Identity Server or SCIM
IMHO you are mixing apples and oranges
WSO2 Identity Server (WSO2 IS) is an identity server (a product) intended to authenticate and authorize clients (users or systems). WSO2 IS supports multiple autentication protocols (SAML, OAuth, ..).
SCIM is a defined protocol (set of messages and formats) how to exchange identity information (users, groups, roles) between systems.
WSO2 IS can use SCIM protocol to exchange users with other system - create users in external applications or let external applications create users in WSO2 IS' userstore.
better option to use to provide security for a website which is going to handle huge user load
WSO2 IS is an out-of-box product ready to be used. The product is involved only during authentication/authorization, so the load in the identity server is not really dependend on the application load (unless the application is not requesting XACML authorization for everything)