[OIDFSC] Proposed charter: Interoperability Profiling for Secure Identity in the Enterprise (IPSIE) working group

Aaron Parecki aaron.parecki at okta.com
Mon Sep 16 17:09:55 UTC 2024 

Thanks Nat,

I also wanted to add that Wes (cc'd) will be joining as a proposer as well.
Proposers:

* Aaron Parecki (Okta)
* Atul Tulshibagwale (SGNL)
* George Fletcher (Capital One)
* Mike Jones (Self-Issued Consulting)
* Dean H. Saxe (Beyond Identity)
* Pamela Dingle (Microsoft)
* Wesley Dunnington (Ping)

Thanks!

Aaron Parecki

Director of Identity Standards

aaron.parecki at okta.com




On Mon, Sep 16, 2024 at 7:17 AM Nat Sakimura <nat at nat.consulting> wrote:

> *This message originated outside your organization.*
>
> ------------------------------
>
> +1
> 2024年9月13日 9:26 +0900、Michael Jones via specs-council <
> openid-specs-council at lists.openid.net>のメール:
>
> For the record, I support the proposed charter.
>
>
>
> Other Specs Council members (John, Tim, Ashish, Breno, Chuck, Nat), can
> you also put your opinions on record?
>
>
>
>                                                                 Thanks,
>
>                                                                 -- Mike
>
>
>
> *From:* Aaron Parecki <aaron.parecki at okta.com>
> *Sent:* Tuesday, September 10, 2024 1:32 PM
> *To:* openid-specs-council at lists.openid.net
> *Cc:* Atul Tulshibagwale <atul at sgnl.ai>; dean.saxe at beyondidentity.com;
> Michael Jones <michael_b_jones at hotmail.com>; pamela.dingle at microsoft.com;
> george.fletcher at capitalone.com
> *Subject:* Proposed charter: Interoperability Profiling for Secure
> Identity in the Enterprise (IPSIE) working group
>
>
>
> Hello Specifications Council,
>
>
>
> (cc all proposers)
>
> Please see the charter proposal below for the Interoperability Profiling
> for Secure Identity in the Enterprise (IPSIE) working group.
>
>
>
> Thank you!
>
>
>
> ---
>
>
>
> Interoperability Profiling for Secure Identity in the Enterprise (IPSIE)
> Working Group Charter
>
>
>
> 1) Working group name
>
>
>
> Interoperability Profiling for Secure Identity in the Enterprise (IPSIE)
> Working Group
>
>
>
> 2) Purpose
>
>
>
> The purpose of this working group is to develop interoperability and
> security profiles of existing specifications that enable secure identity
> management within the enterprise.
>
>
>
> The current state of identity within an enterprise extends well beyond
> single-sign-on. Many aspects of enterprise identity are covered by
> specifications both within and outside the OpenID Foundation, such as
> OpenID Connect, Shared Signals Framework, OAuth, and SCIM. These
> specifications often enable a wide range of capabilities, in many cases
> capabilities that go beyond the minimum requirements for enterprise
> identity management, and sometimes also include features that are not
> relevant in an enterprise context. Additionally, many of these
> specifications are frameworks and contain optionality to the point of two
> independent implementations not being guaranteed to be interoperable
> without further coordination.
>
>
>
> This working group will develop profiles of existing specifications with
> the primary goal of achieving independent implementations being
> interoperable, while also prioritizing secure defaults within the
> specifications.
>
>
>
> The initial problem space of the working group is focused around:
>
>
>
> * Single Sign-On
>
> * User Lifecycle Management
>
> * Entitlements
>
> * Risk Signal Sharing
>
> * Logout
>
> * Token Revocation
>
>
>
> The working group may also address problems such as:
>
>
>
> * Discoverability of specific features within the above-mentioned
> capabilities
>
> * New user onboarding and account recovery
>
> * Discovering the applications used within an enterprise
>
> * Monitoring and provisioning application usage
>
> * Managing restrictions on application usage
>
>
>
> 3) Scope
>
>
>
> The scope of the working group includes:
>
>
>
> * Develop profiles of existing specifications with the goal of
> interoperability within the enterprise ecosystem.
>
> * Define an interoperability profile of OpenID Connect that meets the
> needs and security requirements of the enterprise.
>
> * Define an interoperability profile of Shared Signals Framework that
> enables sharing signals about threat detection and device posture.
>
> * Define an interoperability profile of SCIM that enables user account
> lifecycle and entitlements management.
>
> * Define an interoperability profile of logout specifications to enable an
> identity provider to revoke sessions and tokens of downstream applications.
>
>
>
> Out of scope:
>
>
>
> Developing new general-purpose specifications, technologies, or features
> is out of scope of this working group. Profiles are created by including or
> excluding parts of existing specifications.
>
>
>
> If a pertinent problem space without an existing specification is
> identified, an effort will first be made to find an existing working group
> or standards body where development of the specification may be more
> appropriate. If none is found, consideration will be given to creating a
> new specification within this working group.
>
>
>
> The working group will actively coordinate with the following working
> groups doing related work:
>
>
>
> * OpenID Connect
>
> * FAPI
>
> * iGov
>
> * Shared Signals
>
> * OAuth
>
> * SCIM
>
>
>
> 4) Proposed specifications
>
>
>
> The initial proposed deliverable by the group is:
>
>
>
> Interoperability Profile for Secure Identity in the Enterprise (IPSIE)
>
>
>
> This specification will be divided into sections for each use case, with
> subsections for each specification that this profiles.
>
>
>
> The group may provide additional interoperability profile specifications
> that address the concerns of specific use cases or certain specifications
> that require interoperability profiles.
>
>
>
> 5) Anticipated audience of users
>
>
>
> Identity Providers that serve an enterprise customer market
>
> SaaS apps that sell to enterprise customers, also known as Independent
> Software Vendors (ISVs)
>
> Developers of tools, libraries, and other resources in support of either
> of the previous two audiences
>
>
>
> 6) Language
>
>
>
> English
>
>
>
> 7) Method of work
>
>
>
> Mailing list and telephone/internet conference calls combined with
> face-to-face (where needed) and information sharing/collaborative working
> via online tools.
>
>
>
> 8) Basis for determining when the work is completed
>
>
>
> Approved “final” specifications consistent with the purpose and scope that
> have been through the OpenID Foundation process including vote by the
> membership and running code in one or more proof-of-concept,
> interoperability event, or commercial projects.
>
>
>
> Proposers
>
>
>
> * Aaron Parecki (Okta)
>
> * Atul Tulshibagwale (SGNL)
>
> * George Fletcher (Capital One)
>
> * Mike Jones (Self-Issued Consulting)
>
> * Dean H. Saxe (Beyond Identity)
>
> * Pamela Dingle (Microsoft)
>
>
>
>
>
>
>
>
>
>
> *Aaron Parecki*
>
> Director of Identity Standards
>
> aaron.parecki at okta.com
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-council/attachments/20240916/4627d2c4/attachment-0001.html>

More information about the specs-council mailing list