[OIDFSC] Proposed charter: Interoperability Profiling for Secure Identity in the Enterprise (IPSIE) working group

[Aaron Parecki]

Hello Specifications Council,

(cc all proposers)

Please see the charter proposal below for the Interoperability Profiling
for Secure Identity in the Enterprise (IPSIE) working group.

Thank you!

---

Interoperability Profiling for Secure Identity in the Enterprise (IPSIE)
Working Group Charter

1) Working group name

Interoperability Profiling for Secure Identity in the Enterprise (IPSIE)
Working Group

2) Purpose

The purpose of this working group is to develop interoperability and
security profiles of existing specifications that enable secure identity
management within the enterprise.

The current state of identity within an enterprise extends well beyond
single-sign-on. Many aspects of enterprise identity are covered by
specifications both within and outside the OpenID Foundation, such as
OpenID Connect, Shared Signals Framework, OAuth, and SCIM. These
specifications often enable a wide range of capabilities, in many cases
capabilities that go beyond the minimum requirements for enterprise
identity management, and sometimes also include features that are not
relevant in an enterprise context. Additionally, many of these
specifications are frameworks and contain optionality to the point of two
independent implementations not being guaranteed to be interoperable
without further coordination.

This working group will develop profiles of existing specifications with
the primary goal of achieving independent implementations being
interoperable, while also prioritizing secure defaults within the
specifications.

The initial problem space of the working group is focused around:

* Single Sign-On
* User Lifecycle Management
* Entitlements
* Risk Signal Sharing
* Logout
* Token Revocation

The working group may also address problems such as:

* Discoverability of specific features within the above-mentioned
capabilities
* New user onboarding and account recovery
* Discovering the applications used within an enterprise
* Monitoring and provisioning application usage
* Managing restrictions on application usage

3) Scope

The scope of the working group includes:

* Develop profiles of existing specifications with the goal of
interoperability within the enterprise ecosystem.
* Define an interoperability profile of OpenID Connect that meets the needs
and security requirements of the enterprise.
* Define an interoperability profile of Shared Signals Framework that
enables sharing signals about threat detection and device posture.
* Define an interoperability profile of SCIM that enables user account
lifecycle and entitlements management.
* Define an interoperability profile of logout specifications to enable an
identity provider to revoke sessions and tokens of downstream applications.

Out of scope:

Developing new general-purpose specifications, technologies, or features is
out of scope of this working group. Profiles are created by including or
excluding parts of existing specifications.

If a pertinent problem space without an existing specification is
identified, an effort will first be made to find an existing working group
or standards body where development of the specification may be more
appropriate. If none is found, consideration will be given to creating a
new specification within this working group.

The working group will actively coordinate with the following working
groups doing related work:

* OpenID Connect
* FAPI
* iGov
* Shared Signals
* OAuth
* SCIM

4) Proposed specifications

The initial proposed deliverable by the group is:

Interoperability Profile for Secure Identity in the Enterprise (IPSIE)

This specification will be divided into sections for each use case, with
subsections for each specification that this profiles.

The group may provide additional interoperability profile specifications
that address the concerns of specific use cases or certain specifications
that require interoperability profiles.

5) Anticipated audience of users

Identity Providers that serve an enterprise customer market
SaaS apps that sell to enterprise customers, also known as Independent
Software Vendors (ISVs)
Developers of tools, libraries, and other resources in support of either of
the previous two audiences

6) Language

English

7) Method of work

Mailing list and telephone/internet conference calls combined with
face-to-face (where needed) and information sharing/collaborative working
via online tools.

8) Basis for determining when the work is completed

Approved “final” specifications consistent with the purpose and scope that
have been through the OpenID Foundation process including vote by the
membership and running code in one or more proof-of-concept,
interoperability event, or commercial projects.

Proposers

* Aaron Parecki (Okta)
* Atul Tulshibagwale (SGNL)
* George Fletcher (Capital One)
* Mike Jones (Self-Issued Consulting)
* Dean H. Saxe (Beyond Identity)
* Pamela Dingle (Microsoft)





Aaron Parecki

Director of Identity Standards

aaron.parecki at okta.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-council/attachments/20240910/8862ba7c/attachment.html>