[OIDFSC] [EXTERNAL] Re: Proposed charter: Interoperability Profiling for Secure Identity in the Enterprise (IPSIE) working group

Tue Oct 22 03:00:06 UTC 2024

Unless there is one or more -1, a WG gets approved per the process.

On Sat, 19 Oct 2024 at 11:21, Gail Hodges <gail at oidf.org> wrote:

> September 24th
>
> You are right. There was no message on the specs council list with the
> confirmation.
>
> I believe what happened is that Aaron pinged Marie, Mike L and I offline
> after the two week notice period to confirm that all the requirements were
> met of duration and approvals, and that offline email set all the balls in
> motion without a specific confirm back on email channel.
>
> I think this also coincided with the floods on the home front for Mike L…
>
> On Oct 18, 2024, at 3:19 PM, Pamela Dingle <Pamela.Dingle at microsoft.com>
> wrote:
>
> 
> Thanks - I didn't see any kind of approval message here, only a few +1s
> and a request for others to weigh in that were not answered, is the process
> then that the official notice of spec council approval should be considered
> as the October 15th published notice? Or did I miss another communication?
> I am getting asked what the date was, so want to be sure I am accurate in
> my answer.
>
> Get Outlook for Android <https://aka.ms/AAb9ysg>
> ------------------------------
> *From:* Gail Hodges <gail at oidf.org>
> *Sent:* Friday, October 18, 2024 3:02:35 PM
> *To:* george_fletcher_capitalone <george.fletcher at capitalone.com>
> *Cc:* Pamela Dingle <Pamela.Dingle at microsoft.com>; Ashish Jain <
> itickr at gmail.com>; nat_fwd <nat at nat.consulting>; Aaron Parecki <
> aaron.parecki at okta.com>; Michael Jones via specs-council <
> openid-specs-council at lists.openid.net>; Atul Tulshibagwale <atul at sgnl.ai>;
> dean.saxe at beyondidentity.com <dean.saxe at beyondidentity.com>
> *Subject:* Re: [OIDFSC] [EXTERNAL] Re: Proposed charter: Interoperability
> Profiling for Secure Identity in the Enterprise (IPSIE) working group
>
> Yes it is already approved.
>
>
>
> On Oct 18, 2024, at 2:03 PM, George Fletcher via specs-council <
> openid-specs-council at lists.openid.net> wrote:
>
> 
> My understanding is that the WG and Charter are approved.
>
> https://openid.net/wg/ipsie/
>
> Did I miss something?
>
> On Fri, Oct 18, 2024 at 12:28 PM Pamela Dingle <
> Pamela.Dingle at microsoft.com> wrote:
>
> Hi all,
>
> Could you please confirm for me the exact status of this proposed charter
> and working group?
>
> Thanks,
>
> Pamela
> ------------------------------
> *From:* Ashish Jain <itickr at gmail.com>
> *Sent:* Monday, September 16, 2024 10:19 AM
> *To:* Nat Sakimura <nat at nat.consulting>
> *Cc:* Aaron Parecki <aaron.parecki at okta.com>; Michael Jones via
> specs-council <openid-specs-council at lists.openid.net>; Atul Tulshibagwale
> <atul at sgnl.ai>; dean.saxe at beyondidentity.com <dean.saxe at beyondidentity.com>;
> Pamela Dingle <Pamela.Dingle at microsoft.com>; george-fletcher-capitalone <
> george.fletcher at capitalone.com>
> *Subject:* [EXTERNAL] Re: [OIDFSC] Proposed charter: Interoperability
> Profiling for Secure Identity in the Enterprise (IPSIE) working group
>
> You don't often get email from itickr at gmail.com. Learn why this is
> important
> <https://urldefense.com/v3/__https://aka.ms/LearnAboutSenderIdentification__;!!FrPt2g6CO4Wadw!OZpdVaUcbfWxMisHY1obfDjQd0zdnDmSuZ4ycZeFPuaRBcej8tBkFBXwocza49mJDSL60sg4BeNayZMAQ9uDI2nXH6EFPL3TAw$>
> +1
>
> On Mon, Sep 16, 2024 at 7:18 AM Nat Sakimura via specs-council <
> openid-specs-council at lists.openid.net> wrote:
>
> +1
> 2024年9月13日 9:26 +0900、Michael Jones via specs-council <
> openid-specs-council at lists.openid.net>のメール:
>
> For the record, I support the proposed charter.
>
>
>
> Other Specs Council members (John, Tim, Ashish, Breno, Chuck, Nat), can
> you also put your opinions on record?
>
>
>
>                                                                 Thanks,
>
>                                                                 -- Mike
>
>
>
> *From:* Aaron Parecki <aaron.parecki at okta.com>
> *Sent:* Tuesday, September 10, 2024 1:32 PM
> *To:* openid-specs-council at lists.openid.net
> *Cc:* Atul Tulshibagwale <atul at sgnl.ai>; dean.saxe at beyondidentity.com;
> Michael Jones <michael_b_jones at hotmail.com>; pamela.dingle at microsoft.com;
> george.fletcher at capitalone.com
> *Subject:* Proposed charter: Interoperability Profiling for Secure
> Identity in the Enterprise (IPSIE) working group
>
>
>
> Hello Specifications Council,
>
>
>
> (cc all proposers)
>
> Please see the charter proposal below for the Interoperability Profiling
> for Secure Identity in the Enterprise (IPSIE) working group.
>
>
>
> Thank you!
>
>
>
> ---
>
>
>
> Interoperability Profiling for Secure Identity in the Enterprise (IPSIE)
> Working Group Charter
>
>
>
> 1) Working group name
>
>
>
> Interoperability Profiling for Secure Identity in the Enterprise (IPSIE)
> Working Group
>
>
>
> 2) Purpose
>
>
>
> The purpose of this working group is to develop interoperability and
> security profiles of existing specifications that enable secure identity
> management within the enterprise.
>
>
>
> The current state of identity within an enterprise extends well beyond
> single-sign-on. Many aspects of enterprise identity are covered by
> specifications both within and outside the OpenID Foundation, such as
> OpenID Connect, Shared Signals Framework, OAuth, and SCIM. These
> specifications often enable a wide range of capabilities, in many cases
> capabilities that go beyond the minimum requirements for enterprise
> identity management, and sometimes also include features that are not
> relevant in an enterprise context. Additionally, many of these
> specifications are frameworks and contain optionality to the point of two
> independent implementations not being guaranteed to be interoperable
> without further coordination.
>
>
>
> This working group will develop profiles of existing specifications with
> the primary goal of achieving independent implementations being
> interoperable, while also prioritizing secure defaults within the
> specifications.
>
>
>
> The initial problem space of the working group is focused around:
>
>
>
> * Single Sign-On
>
> * User Lifecycle Management
>
> * Entitlements
>
> * Risk Signal Sharing
>
> * Logout
>
> * Token Revocation
>
>
>
> The working group may also address problems such as:
>
>
>
> * Discoverability of specific features within the above-mentioned
> capabilities
>
> * New user onboarding and account recovery
>
> * Discovering the applications used within an enterprise
>
> * Monitoring and provisioning application usage
>
> * Managing restrictions on application usage
>
>
>
> 3) Scope
>
>
>
> The scope of the working group includes:
>
>
>
> * Develop profiles of existing specifications with the goal of
> interoperability within the enterprise ecosystem.
>
> * Define an interoperability profile of OpenID Connect that meets the
> needs and security requirements of the enterprise.
>
> * Define an interoperability profile of Shared Signals Framework that
> enables sharing signals about threat detection and device posture.
>
> * Define an interoperability profile of SCIM that enables user account
> lifecycle and entitlements management.
>
> * Define an interoperability profile of logout specifications to enable an
> identity provider to revoke sessions and tokens of downstream applications.
>
>
>
> Out of scope:
>
>
>
> Developing new general-purpose specifications, technologies, or features
> is out of scope of this working group. Profiles are created by including or
> excluding parts of existing specifications.
>
>
>
> If a pertinent problem space without an existing specification is
> identified, an effort will first be made to find an existing working group
> or standards body where development of the specification may be more
> appropriate. If none is found, consideration will be given to creating a
> new specification within this working group.
>
>
>
> The working group will actively coordinate with the following working
> groups doing related work:
>
>
>
> * OpenID Connect
>
> * FAPI
>
> * iGov
>
> * Shared Signals
>
> * OAuth
>
> * SCIM
>
>
>
> 4) Proposed specifications
>
>
>
> The initial proposed deliverable by the group is:
>
>
>
> Interoperability Profile for Secure Identity in the Enterprise (IPSIE)
>
>
>
> This specification will be divided into sections for each use case, with
> subsections for each specification that this profiles.
>
>
>
> The group may provide additional interoperability profile specifications
> that address the concerns of specific use cases or certain specifications
> that require interoperability profiles.
>
>
>
> 5) Anticipated audience of users
>
>
>
> Identity Providers that serve an enterprise customer market
>
> SaaS apps that sell to enterprise customers, also known as Independent
> Software Vendors (ISVs)
>
> Developers of tools, libraries, and other resources in support of either
> of the previous two audiences
>
>
>
> 6) Language
>
>
>
> English
>
>
>
> 7) Method of work
>
>
>
> Mailing list and telephone/internet conference calls combined with
> face-to-face (where needed) and information sharing/collaborative working
> via online tools.
>
>
>
> 8) Basis for determining when the work is completed
>
>
>
> Approved “final” specifications consistent with the purpose and scope that
> have been through the OpenID Foundation process including vote by the
> membership and running code in one or more proof-of-concept,
> interoperability event, or commercial projects.
>
>
>
> Proposers
>
>
>
> * Aaron Parecki (Okta)
>
> * Atul Tulshibagwale (SGNL)
>
> * George Fletcher (Capital One)
>
> * Mike Jones (Self-Issued Consulting)
>
> * Dean H. Saxe (Beyond Identity)
>
> * Pamela Dingle (Microsoft)
>
>
>
>
>
>
>
>
>
>
> *Aaron Parecki*
>
> Director of Identity Standards
>
> aaron.parecki at okta.com
>
>
>
>
>
> ------------------------------
>
>
> The information contained in this e-mail may be confidential and/or
> proprietary to Capital One and/or its affiliates and may only be used
> solely in performance of work or services for Capital One. The information
> transmitted herewith is intended only for use by the individual or entity
> to which it is addressed. If the reader of this message is not the intended
> recipient, you are hereby notified that any review, retransmission,
> dissemination, distribution, copying or other use of, or taking of any
> action in reliance upon this information is strictly prohibited. If you
> have received this communication in error, please contact the sender and
> delete the material from your computer.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-council/attachments/20241022/65bb26a1/attachment-0001.htm>