[Openid-specs-fastfed] FastFed Requirements

Mike Schwartz mike at gluu.org
Wed Jun 7 21:15:07 UTC 2017


I can agree with "Push Implementation Complexity onto IdP vendors"

(not just IdPs).

- Mike



On 2017-06-07 16:04, McAdams, Darin wrote:
> Anyone disagree with the tenet under discussion?
> 
>   #  Tenet 4) Push Implementation Complexity onto IdPs
> 
> The discussion has been about the numbers and ratios, but returning to
> the main question: if we face a choice between pushing implementation
> complexity onto an IdP implementer vs a SP implementer, does anyone
> disagree about pushing complexity onto the IdP implementer?
> 
> The IdP __administrator__ (as opposed to the implementer) is also
> important. When using a hosted provider, the admin should see FastFed
> capabilities “just appear” when the provider launches it. Admins
> running their own installation will upgrade to a newer release to get
> the capabilities. The heavy lifting has been done by their chosen
> vendor.
> 
> FROM: Openid-specs-fastfed
> <openid-specs-fastfed-bounces at lists.openid.net> on behalf of
> "openid-specs-fastfed at lists.openid.net"
> <openid-specs-fastfed at lists.openid.net>
> ORGANIZATION: Gluu
> REPLY-TO: Mike Schwartz <mike at gluu.org>
> DATE: Wednesday, June 7, 2017 at 1:48 PM
> TO: "Hardt, Dick" <dick at amazon.com>
> CC: "openid-specs-fastfed at lists.openid.net"
> <openid-specs-fastfed at lists.openid.net>
> SUBJECT: Re: [Openid-specs-fastfed] FastFed Requirements
> 
> I agree that IdP vendors < SaaS providers; I don't agree that IdP's <
> 
> SaaS providers. But if we're talking about admins, why aren't we
> valuing
> 
> IdP admins?
> 
> Regarding the ratio... what we find is that the minority of SaaS
> 
> providers support inbound SAML (and almost none support inbound OpenID
> 
> 
> Connect). That's why so many SSO services are still pushing passwords.
> 
> 
> Generally, SaaS providers get serious about supporting SAML when they
> 
> get a critical mass of requests from their customers. At that point,
> 
> they can justify the SAML investment. So it's mostly just the larger
> 
> SaaS providers. Even fewer support OpenID Connect (almost none, Amazon
> 
> 
> being one of the exceptions).
> 
> - Mike
> 
> On 2017-06-07 15:06, Hardt, Dick wrote:
> 
>> On 6/7/17, 12:38 PM, someone claiming to be "Openid-specs-fastfed on
>> 
>> 
>> behalf of openid-specs-fastfed at lists.openid.net"
>> 
>> <openid-specs-fastfed-bounces at lists.openid.net on behalf of
>> 
>> openid-specs-fastfed at lists.openid.net> wrote:
>> 
>> More organizations have IDPs then SaaS providers support
>> federated
>> 
>> authentication. Frankly, SaaS providers only support federated
>> 
>> authn
>> 
>> when they get enough demand from customers, which sort of
>> speaks to
>> 
>> the
>> 
>> ratio I am positing.
>> 
>> Mike: I’m confused what ratio you are implying here. Would you
>> clarify?
> 
> _______________________________________________
> 
> Openid-specs-fastfed mailing list
> 
> Openid-specs-fastfed at lists.openid.net
> 
> http://lists.openid.net/mailman/listinfo/openid-specs-fastfed


More information about the Openid-specs-fastfed mailing list