[Openid-specs-fastfed] FastFed Requirements

Mike Schwartz mike at gluu.org
Wed Jun 7 22:08:36 UTC 2017


Dick,

I really think you need to say "IDP-vendor" not IDP. Because IDP admins 
are people too!

- Mike



On 2017-06-07 17:06, Hardt, Dick wrote:
> I understand the tenant. What is the assumption though? Are you
> questioning the tenant? A goal of a tenant would be to guide
> decisions. This one would guide us to push complexity to the IdP vs
> the app all other things being equal. Having tenants helps make
> decisions, which seems valuable.
> 
> On 6/7/17, 2:50 PM, someone claiming to be "Phil Hunt (IDM)"
> <phil.hunt at oracle.com> wrote:
> 
> Tenant 4. The one darin asked about.
> 
> Phil
> 
> On Jun 7, 2017, at 2:38 PM, Hardt, Dick <dick at amazon.com> wrote:
> 
>> Which assumption are you referring to Phil?
>> 
>> On 6/7/17, 2:22 PM, someone claiming to be "Phil Hunt (IDM)"
>> <phil.hunt at oracle.com> wrote:
>> 
>> I am not seeing the value of the assumption.
>> 
>> Phil
>> 
>> On Jun 7, 2017, at 2:04 PM, McAdams, Darin via Openid-specs-fastfed
>> <openid-specs-fastfed at lists.openid.net> wrote:
>> 
>> Anyone disagree with the tenet under discussion?
>> 
>> #  Tenet 4) Push Implementation Complexity onto IdPs
>> 
>> The discussion has been about the numbers and ratios, but returning
>> to the main question: if we face a choice between pushing
>> implementation complexity onto an IdP implementer vs a SP
>> implementer, does anyone disagree about pushing complexity onto the
>> IdP implementer?
>> 
>> The IdP __administrator__ (as opposed to the implementer) is also
>> important. When using a hosted provider, the admin should see
>> FastFed capabilities “just appear” when the provider launches
>> it. Admins running their own installation will upgrade to a newer
>> release to get the capabilities. The heavy lifting has been done by
>> their chosen vendor.
>> 
>> FROM: Openid-specs-fastfed
>> <openid-specs-fastfed-bounces at lists.openid.net> on behalf of
>> "openid-specs-fastfed at lists.openid.net"
>> <openid-specs-fastfed at lists.openid.net>
>> ORGANIZATION: Gluu
>> REPLY-TO: Mike Schwartz <mike at gluu.org>
>> DATE: Wednesday, June 7, 2017 at 1:48 PM
>> TO: "Hardt, Dick" <dick at amazon.com>
>> CC: "openid-specs-fastfed at lists.openid.net"
>> <openid-specs-fastfed at lists.openid.net>
>> SUBJECT: Re: [Openid-specs-fastfed] FastFed Requirements
>> 
>> I agree that IdP vendors < SaaS providers; I don't agree that IdP's
>> <
>> 
>> SaaS providers. But if we're talking about admins, why aren't we
>> valuing
>> 
>> IdP admins?
>> 
>> Regarding the ratio... what we find is that the minority of SaaS
>> 
>> providers support inbound SAML (and almost none support inbound
>> OpenID
>> 
>> Connect). That's why so many SSO services are still pushing
>> passwords.
>> 
>> Generally, SaaS providers get serious about supporting SAML when
>> they
>> 
>> get a critical mass of requests from their customers. At that point,
>> 
>> 
>> they can justify the SAML investment. So it's mostly just the larger
>> 
>> 
>> SaaS providers. Even fewer support OpenID Connect (almost none,
>> Amazon
>> 
>> being one of the exceptions).
>> 
>> - Mike
>> 
>> On 2017-06-07 15:06, Hardt, Dick wrote:
>> 
>> On 6/7/17, 12:38 PM, someone claiming to be "Openid-specs-fastfed on
>> 
>> 
>> behalf of openid-specs-fastfed at lists.openid.net"
>> 
>> <openid-specs-fastfed-bounces at lists.openid.net on behalf of
>> 
>> openid-specs-fastfed at lists.openid.net> wrote:
>> 
>> More organizations have IDPs then SaaS providers support
>> federated
>> 
>> authentication. Frankly, SaaS providers only support federated
>> 
>> authn
>> 
>> when they get enough demand from customers, which sort of
>> speaks to
>> 
>> the
>> 
>> ratio I am positing.
>> 
>> Mike: I’m confused what ratio you are implying here. Would you
>> clarify?
>> 
>> _______________________________________________
>> 
>> Openid-specs-fastfed mailing list
>> 
>> Openid-specs-fastfed at lists.openid.net
>> 
>> http://lists.openid.net/mailman/listinfo/openid-specs-fastfed [1]
> 
>> _______________________________________________
>> Openid-specs-fastfed mailing list
>> Openid-specs-fastfed at lists.openid.net
>> 
> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Dfastfed&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=hlvgBEMYkMpg3CZ6fBTaeFRmps3bOvInrfYzOzJj7Yo&s=c5yjyRPQz32cSzcuxUZ7jTwOqCBw7K82oEn2gJoi91c&e=
> 
> 
> Links:
> ------
> [1]
> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Dfastfed&d=DwMGaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=hlvgBEMYkMpg3CZ6fBTaeFRmps3bOvInrfYzOzJj7Yo&s=c5yjyRPQz32cSzcuxUZ7jTwOqCBw7K82oEn2gJoi91c&e=


More information about the Openid-specs-fastfed mailing list