[OIDFSC] [EXTERNAL] Re: Proposed charter: Interoperability Profiling for Secure Identity in the Enterprise (IPSIE) working group

Fri Oct 18 20:39:51 UTC 2024

My understanding is that the WG and Charter are approved.

https://openid.net/wg/ipsie/

Did I miss something?

On Fri, Oct 18, 2024 at 12:28 PM Pamela Dingle <Pamela.Dingle at microsoft.com>
wrote:

> Hi all,
>
> Could you please confirm for me the exact status of this proposed charter
> and working group?
>
> Thanks,
>
> Pamela
> ------------------------------
> *From:* Ashish Jain <itickr at gmail.com>
> *Sent:* Monday, September 16, 2024 10:19 AM
> *To:* Nat Sakimura <nat at nat.consulting>
> *Cc:* Aaron Parecki <aaron.parecki at okta.com>; Michael Jones via
> specs-council <openid-specs-council at lists.openid.net>; Atul Tulshibagwale
> <atul at sgnl.ai>; dean.saxe at beyondidentity.com <dean.saxe at beyondidentity.com>;
> Pamela Dingle <Pamela.Dingle at microsoft.com>; george-fletcher-capitalone <
> george.fletcher at capitalone.com>
> *Subject:* [EXTERNAL] Re: [OIDFSC] Proposed charter: Interoperability
> Profiling for Secure Identity in the Enterprise (IPSIE) working group
>
> You don't often get email from itickr at gmail.com. Learn why this is
> important
> <https://urldefense.com/v3/__https://aka.ms/LearnAboutSenderIdentification__;!!FrPt2g6CO4Wadw!OZpdVaUcbfWxMisHY1obfDjQd0zdnDmSuZ4ycZeFPuaRBcej8tBkFBXwocza49mJDSL60sg4BeNayZMAQ9uDI2nXH6EFPL3TAw$>
> +1
>
> On Mon, Sep 16, 2024 at 7:18 AM Nat Sakimura via specs-council <
> openid-specs-council at lists.openid.net> wrote:
>
> +1
> 2024年9月13日 9:26 +0900、Michael Jones via specs-council <
> openid-specs-council at lists.openid.net>のメール:
>
> For the record, I support the proposed charter.
>
>
>
> Other Specs Council members (John, Tim, Ashish, Breno, Chuck, Nat), can
> you also put your opinions on record?
>
>
>
>                                                                 Thanks,
>
>                                                                 -- Mike
>
>
>
> *From:* Aaron Parecki <aaron.parecki at okta.com>
> *Sent:* Tuesday, September 10, 2024 1:32 PM
> *To:* openid-specs-council at lists.openid.net
> *Cc:* Atul Tulshibagwale <atul at sgnl.ai>; dean.saxe at beyondidentity.com;
> Michael Jones <michael_b_jones at hotmail.com>; pamela.dingle at microsoft.com;
> george.fletcher at capitalone.com
> *Subject:* Proposed charter: Interoperability Profiling for Secure
> Identity in the Enterprise (IPSIE) working group
>
>
>
> Hello Specifications Council,
>
>
>
> (cc all proposers)
>
> Please see the charter proposal below for the Interoperability Profiling
> for Secure Identity in the Enterprise (IPSIE) working group.
>
>
>
> Thank you!
>
>
>
> ---
>
>
>
> Interoperability Profiling for Secure Identity in the Enterprise (IPSIE)
> Working Group Charter
>
>
>
> 1) Working group name
>
>
>
> Interoperability Profiling for Secure Identity in the Enterprise (IPSIE)
> Working Group
>
>
>
> 2) Purpose
>
>
>
> The purpose of this working group is to develop interoperability and
> security profiles of existing specifications that enable secure identity
> management within the enterprise.
>
>
>
> The current state of identity within an enterprise extends well beyond
> single-sign-on. Many aspects of enterprise identity are covered by
> specifications both within and outside the OpenID Foundation, such as
> OpenID Connect, Shared Signals Framework, OAuth, and SCIM. These
> specifications often enable a wide range of capabilities, in many cases
> capabilities that go beyond the minimum requirements for enterprise
> identity management, and sometimes also include features that are not
> relevant in an enterprise context. Additionally, many of these
> specifications are frameworks and contain optionality to the point of two
> independent implementations not being guaranteed to be interoperable
> without further coordination.
>
>
>
> This working group will develop profiles of existing specifications with
> the primary goal of achieving independent implementations being
> interoperable, while also prioritizing secure defaults within the
> specifications.
>
>
>
> The initial problem space of the working group is focused around:
>
>
>
> * Single Sign-On
>
> * User Lifecycle Management
>
> * Entitlements
>
> * Risk Signal Sharing
>
> * Logout
>
> * Token Revocation
>
>
>
> The working group may also address problems such as:
>
>
>
> * Discoverability of specific features within the above-mentioned
> capabilities
>
> * New user onboarding and account recovery
>
> * Discovering the applications used within an enterprise
>
> * Monitoring and provisioning application usage
>
> * Managing restrictions on application usage
>
>
>
> 3) Scope
>
>
>
> The scope of the working group includes:
>
>
>
> * Develop profiles of existing specifications with the goal of
> interoperability within the enterprise ecosystem.
>
> * Define an interoperability profile of OpenID Connect that meets the
> needs and security requirements of the enterprise.
>
> * Define an interoperability profile of Shared Signals Framework that
> enables sharing signals about threat detection and device posture.
>
> * Define an interoperability profile of SCIM that enables user account
> lifecycle and entitlements management.
>
> * Define an interoperability profile of logout specifications to enable an
> identity provider to revoke sessions and tokens of downstream applications.
>
>
>
> Out of scope:
>
>
>
> Developing new general-purpose specifications, technologies, or features
> is out of scope of this working group. Profiles are created by including or
> excluding parts of existing specifications.
>
>
>
> If a pertinent problem space without an existing specification is
> identified, an effort will first be made to find an existing working group
> or standards body where development of the specification may be more
> appropriate. If none is found, consideration will be given to creating a
> new specification within this working group.
>
>
>
> The working group will actively coordinate with the following working
> groups doing related work:
>
>
>
> * OpenID Connect
>
> * FAPI
>
> * iGov
>
> * Shared Signals
>
> * OAuth
>
> * SCIM
>
>
>
> 4) Proposed specifications
>
>
>
> The initial proposed deliverable by the group is:
>
>
>
> Interoperability Profile for Secure Identity in the Enterprise (IPSIE)
>
>
>
> This specification will be divided into sections for each use case, with
> subsections for each specification that this profiles.
>
>
>
> The group may provide additional interoperability profile specifications
> that address the concerns of specific use cases or certain specifications
> that require interoperability profiles.
>
>
>
> 5) Anticipated audience of users
>
>
>
> Identity Providers that serve an enterprise customer market
>
> SaaS apps that sell to enterprise customers, also known as Independent
> Software Vendors (ISVs)
>
> Developers of tools, libraries, and other resources in support of either
> of the previous two audiences
>
>
>
> 6) Language
>
>
>
> English
>
>
>
> 7) Method of work
>
>
>
> Mailing list and telephone/internet conference calls combined with
> face-to-face (where needed) and information sharing/collaborative working
> via online tools.
>
>
>
> 8) Basis for determining when the work is completed
>
>
>
> Approved “final” specifications consistent with the purpose and scope that
> have been through the OpenID Foundation process including vote by the
> membership and running code in one or more proof-of-concept,
> interoperability event, or commercial projects.
>
>
>
> Proposers
>
>
>
> * Aaron Parecki (Okta)
>
> * Atul Tulshibagwale (SGNL)
>
> * George Fletcher (Capital One)
>
> * Mike Jones (Self-Issued Consulting)
>
> * Dean H. Saxe (Beyond Identity)
>
> * Pamela Dingle (Microsoft)
>
>
>
>
>
>
>
>
>
>
> *Aaron Parecki*
>
> Director of Identity Standards
>
> aaron.parecki at okta.com
>
>
>
>
>
>

______________________________________________________________________

The information contained in this e-mail may be confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-council/attachments/20241018/225580d7/attachment-0001.htm>