[Openid-specs-fastfed] FastFed Requirements

Phil Hunt (IDM) phil.hunt at oracle.com
Wed Jun 7 21:50:41 UTC 2017


Tenant 4. The one darin asked about. 

Phil

> On Jun 7, 2017, at 2:38 PM, Hardt, Dick <dick at amazon.com> wrote:
> 
> Which assumption are you referring to Phil?
>  
> On 6/7/17, 2:22 PM, someone claiming to be "Phil Hunt (IDM)" <phil.hunt at oracle.com> wrote:
>  
> I am not seeing the value of the assumption. 
> 
> Phil
> 
> On Jun 7, 2017, at 2:04 PM, McAdams, Darin via Openid-specs-fastfed <openid-specs-fastfed at lists.openid.net> wrote:
> 
> Anyone disagree with the tenet under discussion?
>  
>   #  Tenet 4) Push Implementation Complexity onto IdPs
>  
> The discussion has been about the numbers and ratios, but returning to the main question: if we face a choice between pushing implementation complexity onto an IdP implementer vs a SP implementer, does anyone disagree about pushing complexity onto the IdP implementer?
>  
> The IdP _administrator_ (as opposed to the implementer) is also important. When using a hosted provider, the admin should see FastFed capabilities “just appear” when the provider launches it. Admins running their own installation will upgrade to a newer release to get the capabilities. The heavy lifting has been done by their chosen vendor.
>  
> From: Openid-specs-fastfed <openid-specs-fastfed-bounces at lists.openid.net> on behalf of "openid-specs-fastfed at lists.openid.net"  <openid-specs-fastfed at lists.openid.net>
> Organization: Gluu
> Reply-To: Mike Schwartz <mike at gluu.org>
> Date: Wednesday, June 7, 2017 at 1:48 PM
> To: "Hardt, Dick" <dick at amazon.com>
> Cc: "openid-specs-fastfed at lists.openid.net" <openid-specs-fastfed at lists.openid.net>
> Subject: Re: [Openid-specs-fastfed] FastFed Requirements
>  
> I agree that IdP vendors < SaaS providers; I don't agree that IdP's <
> SaaS providers. But if we're talking about admins, why aren't we valuing
> IdP admins?
>  
> Regarding the ratio... what we find is that the minority of SaaS
> providers support inbound SAML (and almost none support inbound OpenID
> Connect). That's why so many SSO services are still pushing passwords.
>  
> Generally, SaaS providers get serious about supporting SAML when they
> get a critical mass of requests from their customers. At that point,
> they can justify the SAML investment. So it's mostly just the larger
> SaaS providers. Even fewer support OpenID Connect (almost none, Amazon
> being one of the exceptions).
>  
> - Mike
>  
>  
>  
> On 2017-06-07 15:06, Hardt, Dick wrote:
> On 6/7/17, 12:38 PM, someone claiming to be "Openid-specs-fastfed on
> behalf of openid-specs-fastfed at lists.openid.net"
> <openid-specs-fastfed-bounces at lists.openid.net on behalf of
> openid-specs-fastfed at lists.openid.net> wrote:
>      More organizations have IDPs then SaaS providers support federated
>      authentication. Frankly, SaaS providers only support federated
> authn
>      when they get enough demand from customers, which sort of speaks to
> the
>      ratio I am positing.
> Mike: I’m confused what ratio you are implying here. Would you clarify?
> _______________________________________________
> Openid-specs-fastfed mailing list
> Openid-specs-fastfed at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fastfed
>  
> _______________________________________________
> Openid-specs-fastfed mailing list
> Openid-specs-fastfed at lists.openid.net
> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Dfastfed&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=hlvgBEMYkMpg3CZ6fBTaeFRmps3bOvInrfYzOzJj7Yo&s=c5yjyRPQz32cSzcuxUZ7jTwOqCBw7K82oEn2gJoi91c&e=
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fastfed/attachments/20170607/4e4588ce/attachment-0001.html>


More information about the Openid-specs-fastfed mailing list