[Openid-specs-fastfed] FastFed Requirements
Mike Schwartz
mike at gluu.org
Wed Jun 7 22:08:36 UTC 2017
Dick,
I really think you need to say "IDP-vendor" not IDP. Because IDP admins
are people too!
- Mike
On 2017-06-07 17:06, Hardt, Dick wrote:
> I understand the tenant. What is the assumption though? Are you
> questioning the tenant? A goal of a tenant would be to guide
> decisions. This one would guide us to push complexity to the IdP vs
> the app all other things being equal. Having tenants helps make
> decisions, which seems valuable.
>
> On 6/7/17, 2:50 PM, someone claiming to be "Phil Hunt (IDM)"
> <phil.hunt at oracle.com> wrote:
>
> Tenant 4. The one darin asked about.
>
> Phil
>
> On Jun 7, 2017, at 2:38 PM, Hardt, Dick <dick at amazon.com> wrote:
>
>> Which assumption are you referring to Phil?
>>
>> On 6/7/17, 2:22 PM, someone claiming to be "Phil Hunt (IDM)"
>> <phil.hunt at oracle.com> wrote:
>>
>> I am not seeing the value of the assumption.
>>
>> Phil
>>
>> On Jun 7, 2017, at 2:04 PM, McAdams, Darin via Openid-specs-fastfed
>> <openid-specs-fastfed at lists.openid.net> wrote:
>>
>> Anyone disagree with the tenet under discussion?
>>
>> # Tenet 4) Push Implementation Complexity onto IdPs
>>
>> The discussion has been about the numbers and ratios, but returning
>> to the main question: if we face a choice between pushing
>> implementation complexity onto an IdP implementer vs a SP
>> implementer, does anyone disagree about pushing complexity onto the
>> IdP implementer?
>>
>> The IdP __administrator__ (as opposed to the implementer) is also
>> important. When using a hosted provider, the admin should see
>> FastFed capabilities “just appear” when the provider launches
>> it. Admins running their own installation will upgrade to a newer
>> release to get the capabilities. The heavy lifting has been done by
>> their chosen vendor.
>>
>> FROM: Openid-specs-fastfed
>> <openid-specs-fastfed-bounces at lists.openid.net> on behalf of
>> "openid-specs-fastfed at lists.openid.net"
>> <openid-specs-fastfed at lists.openid.net>
>> ORGANIZATION: Gluu
>> REPLY-TO: Mike Schwartz <mike at gluu.org>
>> DATE: Wednesday, June 7, 2017 at 1:48 PM
>> TO: "Hardt, Dick" <dick at amazon.com>
>> CC: "openid-specs-fastfed at lists.openid.net"
>> <openid-specs-fastfed at lists.openid.net>
>> SUBJECT: Re: [Openid-specs-fastfed] FastFed Requirements
>>
>> I agree that IdP vendors < SaaS providers; I don't agree that IdP's
>> <
>>
>> SaaS providers. But if we're talking about admins, why aren't we
>> valuing
>>
>> IdP admins?
>>
>> Regarding the ratio... what we find is that the minority of SaaS
>>
>> providers support inbound SAML (and almost none support inbound
>> OpenID
>>
>> Connect). That's why so many SSO services are still pushing
>> passwords.
>>
>> Generally, SaaS providers get serious about supporting SAML when
>> they
>>
>> get a critical mass of requests from their customers. At that point,
>>
>>
>> they can justify the SAML investment. So it's mostly just the larger
>>
>>
>> SaaS providers. Even fewer support OpenID Connect (almost none,
>> Amazon
>>
>> being one of the exceptions).
>>
>> - Mike
>>
>> On 2017-06-07 15:06, Hardt, Dick wrote:
>>
>> On 6/7/17, 12:38 PM, someone claiming to be "Openid-specs-fastfed on
>>
>>
>> behalf of openid-specs-fastfed at lists.openid.net"
>>
>> <openid-specs-fastfed-bounces at lists.openid.net on behalf of
>>
>> openid-specs-fastfed at lists.openid.net> wrote:
>>
>> More organizations have IDPs then SaaS providers support
>> federated
>>
>> authentication. Frankly, SaaS providers only support federated
>>
>> authn
>>
>> when they get enough demand from customers, which sort of
>> speaks to
>>
>> the
>>
>> ratio I am positing.
>>
>> Mike: I’m confused what ratio you are implying here. Would you
>> clarify?
>>
>> _______________________________________________
>>
>> Openid-specs-fastfed mailing list
>>
>> Openid-specs-fastfed at lists.openid.net
>>
>> http://lists.openid.net/mailman/listinfo/openid-specs-fastfed [1]
>
>> _______________________________________________
>> Openid-specs-fastfed mailing list
>> Openid-specs-fastfed at lists.openid.net
>>
> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Dfastfed&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=hlvgBEMYkMpg3CZ6fBTaeFRmps3bOvInrfYzOzJj7Yo&s=c5yjyRPQz32cSzcuxUZ7jTwOqCBw7K82oEn2gJoi91c&e=
>
>
> Links:
> ------
> [1]
> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Dfastfed&d=DwMGaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=hlvgBEMYkMpg3CZ6fBTaeFRmps3bOvInrfYzOzJj7Yo&s=c5yjyRPQz32cSzcuxUZ7jTwOqCBw7K82oEn2gJoi91c&e=
More information about the Openid-specs-fastfed
mailing list