[OIDFSC] [EXTERNAL] Re: Proposed charter: Interoperability Profiling for Secure Identity in the Enterprise (IPSIE) working group

Gail Hodges gail at oidf.org
Fri Oct 18 22:02:35 UTC 2024 

Yes it is already approved.



On Oct 18, 2024, at 2:03 PM, George Fletcher via specs-council <openid-specs-council at lists.openid.net> wrote:


My understanding is that the WG and Charter are approved.

https://openid.net/wg/ipsie/

Did I miss something?

On Fri, Oct 18, 2024 at 12:28 PM Pamela Dingle <Pamela.Dingle at microsoft.com<mailto:Pamela.Dingle at microsoft.com>> wrote:
Hi all,

Could you please confirm for me the exact status of this proposed charter and working group?

Thanks,

Pamela
________________________________
From: Ashish Jain <itickr at gmail.com<mailto:itickr at gmail.com>>
Sent: Monday, September 16, 2024 10:19 AM
To: Nat Sakimura <nat at nat.consulting>
Cc: Aaron Parecki <aaron.parecki at okta.com<mailto:aaron.parecki at okta.com>>; Michael Jones via specs-council <openid-specs-council at lists.openid.net<mailto:openid-specs-council at lists.openid.net>>; Atul Tulshibagwale <atul at sgnl.ai<mailto:atul at sgnl.ai>>; dean.saxe at beyondidentity.com<mailto:dean.saxe at beyondidentity.com> <dean.saxe at beyondidentity.com<mailto:dean.saxe at beyondidentity.com>>; Pamela Dingle <Pamela.Dingle at microsoft.com<mailto:Pamela.Dingle at microsoft.com>>; george-fletcher-capitalone <george.fletcher at capitalone.com<mailto:george.fletcher at capitalone.com>>
Subject: [EXTERNAL] Re: [OIDFSC] Proposed charter: Interoperability Profiling for Secure Identity in the Enterprise (IPSIE) working group

You don't often get email from itickr at gmail.com<mailto:itickr at gmail.com>. Learn why this is important<https://urldefense.com/v3/__https://aka.ms/LearnAboutSenderIdentification__;!!FrPt2g6CO4Wadw!OZpdVaUcbfWxMisHY1obfDjQd0zdnDmSuZ4ycZeFPuaRBcej8tBkFBXwocza49mJDSL60sg4BeNayZMAQ9uDI2nXH6EFPL3TAw$>
+1

On Mon, Sep 16, 2024 at 7:18 AM Nat Sakimura via specs-council <openid-specs-council at lists.openid.net<mailto:openid-specs-council at lists.openid.net>> wrote:
+1
2024年9月13日 9:26 +0900、Michael Jones via specs-council <openid-specs-council at lists.openid.net<mailto:openid-specs-council at lists.openid.net>>のメール:

For the record, I support the proposed charter.



Other Specs Council members (John, Tim, Ashish, Breno, Chuck, Nat), can you also put your opinions on record?



                                                                Thanks,

                                                                -- Mike



From: Aaron Parecki <aaron.parecki at okta.com<mailto:aaron.parecki at okta.com>>
Sent: Tuesday, September 10, 2024 1:32 PM
To: openid-specs-council at lists.openid.net<mailto:openid-specs-council at lists.openid.net>
Cc: Atul Tulshibagwale <atul at sgnl.ai<mailto:atul at sgnl.ai>>; dean.saxe at beyondidentity.com<mailto:dean.saxe at beyondidentity.com>; Michael Jones <michael_b_jones at hotmail.com<mailto:michael_b_jones at hotmail.com>>; pamela.dingle at microsoft.com<mailto:pamela.dingle at microsoft.com>; george.fletcher at capitalone.com<mailto:george.fletcher at capitalone.com>
Subject: Proposed charter: Interoperability Profiling for Secure Identity in the Enterprise (IPSIE) working group



Hello Specifications Council,



(cc all proposers)

Please see the charter proposal below for the Interoperability Profiling for Secure Identity in the Enterprise (IPSIE) working group.



Thank you!



---



Interoperability Profiling for Secure Identity in the Enterprise (IPSIE) Working Group Charter



1) Working group name



Interoperability Profiling for Secure Identity in the Enterprise (IPSIE) Working Group



2) Purpose



The purpose of this working group is to develop interoperability and security profiles of existing specifications that enable secure identity management within the enterprise.



The current state of identity within an enterprise extends well beyond single-sign-on. Many aspects of enterprise identity are covered by specifications both within and outside the OpenID Foundation, such as OpenID Connect, Shared Signals Framework, OAuth, and SCIM. These specifications often enable a wide range of capabilities, in many cases capabilities that go beyond the minimum requirements for enterprise identity management, and sometimes also include features that are not relevant in an enterprise context. Additionally, many of these specifications are frameworks and contain optionality to the point of two independent implementations not being guaranteed to be interoperable without further coordination.



This working group will develop profiles of existing specifications with the primary goal of achieving independent implementations being interoperable, while also prioritizing secure defaults within the specifications.



The initial problem space of the working group is focused around:



* Single Sign-On

* User Lifecycle Management

* Entitlements

* Risk Signal Sharing

* Logout

* Token Revocation



The working group may also address problems such as:



* Discoverability of specific features within the above-mentioned capabilities

* New user onboarding and account recovery

* Discovering the applications used within an enterprise

* Monitoring and provisioning application usage

* Managing restrictions on application usage



3) Scope



The scope of the working group includes:



* Develop profiles of existing specifications with the goal of interoperability within the enterprise ecosystem.

* Define an interoperability profile of OpenID Connect that meets the needs and security requirements of the enterprise.

* Define an interoperability profile of Shared Signals Framework that enables sharing signals about threat detection and device posture.

* Define an interoperability profile of SCIM that enables user account lifecycle and entitlements management.

* Define an interoperability profile of logout specifications to enable an identity provider to revoke sessions and tokens of downstream applications.



Out of scope:



Developing new general-purpose specifications, technologies, or features is out of scope of this working group. Profiles are created by including or excluding parts of existing specifications.



If a pertinent problem space without an existing specification is identified, an effort will first be made to find an existing working group or standards body where development of the specification may be more appropriate. If none is found, consideration will be given to creating a new specification within this working group.



The working group will actively coordinate with the following working groups doing related work:



* OpenID Connect

* FAPI

* iGov

* Shared Signals

* OAuth

* SCIM



4) Proposed specifications



The initial proposed deliverable by the group is:



Interoperability Profile for Secure Identity in the Enterprise (IPSIE)



This specification will be divided into sections for each use case, with subsections for each specification that this profiles.



The group may provide additional interoperability profile specifications that address the concerns of specific use cases or certain specifications that require interoperability profiles.



5) Anticipated audience of users



Identity Providers that serve an enterprise customer market

SaaS apps that sell to enterprise customers, also known as Independent Software Vendors (ISVs)

Developers of tools, libraries, and other resources in support of either of the previous two audiences



6) Language



English



7) Method of work



Mailing list and telephone/internet conference calls combined with face-to-face (where needed) and information sharing/collaborative working via online tools.



8) Basis for determining when the work is completed



Approved “final” specifications consistent with the purpose and scope that have been through the OpenID Foundation process including vote by the membership and running code in one or more proof-of-concept, interoperability event, or commercial projects.



Proposers



* Aaron Parecki (Okta)

* Atul Tulshibagwale (SGNL)

* George Fletcher (Capital One)

* Mike Jones (Self-Issued Consulting)

* Dean H. Saxe (Beyond Identity)

* Pamela Dingle (Microsoft)










Aaron Parecki

Director of Identity Standards

aaron.parecki at okta.com<mailto:aaron.parecki at okta.com>





________________________________


The information contained in this e-mail may be confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-council/attachments/20241018/74c3fa35/attachment-0001.htm>

More information about the specs-council mailing list