[Openid-specs-fastfed] FastFed Requirements
Hardt, Dick
dick at amazon.com
Wed Jun 7 22:29:28 UTC 2017
Typos in my response
“Vendor is NOT quite the correct word”
On 6/7/17, 3:15 PM, someone claiming to be "Openid-specs-fastfed on behalf of openid-specs-fastfed at lists.openid.net" <openid-specs-fastfed-bounces at lists.openid.net on behalf of openid-specs-fastfed at lists.openid.net> wrote:
Vendor is quite the correct work.
I mean:
IdP implementer vs app implementer.
When we are talking about protocols, we are talking about implementers when it is how the code will work.
I don’t think the IdP admin is the right term. It is an admin that is setting up the federation. She may not be the admin for the IdP, just happens to be the person setting things up. She could easily be classified as the admin for the app, and getting the app setup requires her to configure things in her IdP implementation.
/Dick
On 6/7/17, 3:08 PM, someone claiming to be "Mike Schwartz" <mike at gluu.org> wrote:
Dick,
I really think you need to say "IDP-vendor" not IDP. Because IDP admins
are people too!
- Mike
On 2017-06-07 17:06, Hardt, Dick wrote:
> I understand the tenant. What is the assumption though? Are you
> questioning the tenant? A goal of a tenant would be to guide
> decisions. This one would guide us to push complexity to the IdP vs
> the app all other things being equal. Having tenants helps make
> decisions, which seems valuable.
>
> On 6/7/17, 2:50 PM, someone claiming to be "Phil Hunt (IDM)"
> <phil.hunt at oracle.com> wrote:
>
> Tenant 4. The one darin asked about.
>
> Phil
>
> On Jun 7, 2017, at 2:38 PM, Hardt, Dick <dick at amazon.com> wrote:
>
>> Which assumption are you referring to Phil?
>>
>> On 6/7/17, 2:22 PM, someone claiming to be "Phil Hunt (IDM)"
>> <phil.hunt at oracle.com> wrote:
>>
>> I am not seeing the value of the assumption.
>>
>> Phil
>>
>> On Jun 7, 2017, at 2:04 PM, McAdams, Darin via Openid-specs-fastfed
>> <openid-specs-fastfed at lists.openid.net> wrote:
>>
>> Anyone disagree with the tenet under discussion?
>>
>> # Tenet 4) Push Implementation Complexity onto IdPs
>>
>> The discussion has been about the numbers and ratios, but returning
>> to the main question: if we face a choice between pushing
>> implementation complexity onto an IdP implementer vs a SP
>> implementer, does anyone disagree about pushing complexity onto the
>> IdP implementer?
>>
>> The IdP __administrator__ (as opposed to the implementer) is also
>> important. When using a hosted provider, the admin should see
>> FastFed capabilities “just appear” when the provider launches
>> it. Admins running their own installation will upgrade to a newer
>> release to get the capabilities. The heavy lifting has been done by
>> their chosen vendor.
>>
>> FROM: Openid-specs-fastfed
>> <openid-specs-fastfed-bounces at lists.openid.net> on behalf of
>> "openid-specs-fastfed at lists.openid.net"
>> <openid-specs-fastfed at lists.openid.net>
>> ORGANIZATION: Gluu
>> REPLY-TO: Mike Schwartz <mike at gluu.org>
>> DATE: Wednesday, June 7, 2017 at 1:48 PM
>> TO: "Hardt, Dick" <dick at amazon.com>
>> CC: "openid-specs-fastfed at lists.openid.net"
>> <openid-specs-fastfed at lists.openid.net>
>> SUBJECT: Re: [Openid-specs-fastfed] FastFed Requirements
>>
>> I agree that IdP vendors < SaaS providers; I don't agree that IdP's
>> <
>>
>> SaaS providers. But if we're talking about admins, why aren't we
>> valuing
>>
>> IdP admins?
>>
>> Regarding the ratio... what we find is that the minority of SaaS
>>
>> providers support inbound SAML (and almost none support inbound
>> OpenID
>>
>> Connect). That's why so many SSO services are still pushing
>> passwords.
>>
>> Generally, SaaS providers get serious about supporting SAML when
>> they
>>
>> get a critical mass of requests from their customers. At that point,
>>
>>
>> they can justify the SAML investment. So it's mostly just the larger
>>
>>
>> SaaS providers. Even fewer support OpenID Connect (almost none,
>> Amazon
>>
>> being one of the exceptions).
>>
>> - Mike
>>
>> On 2017-06-07 15:06, Hardt, Dick wrote:
>>
>> On 6/7/17, 12:38 PM, someone claiming to be "Openid-specs-fastfed on
>>
>>
>> behalf of openid-specs-fastfed at lists.openid.net"
>>
>> <openid-specs-fastfed-bounces at lists.openid.net on behalf of
>>
>> openid-specs-fastfed at lists.openid.net> wrote:
>>
>> More organizations have IDPs then SaaS providers support
>> federated
>>
>> authentication. Frankly, SaaS providers only support federated
>>
>> authn
>>
>> when they get enough demand from customers, which sort of
>> speaks to
>>
>> the
>>
>> ratio I am positing.
>>
>> Mike: I’m confused what ratio you are implying here. Would you
>> clarify?
>>
>> _______________________________________________
>>
>> Openid-specs-fastfed mailing list
>>
>> Openid-specs-fastfed at lists.openid.net
>>
>> http://lists.openid.net/mailman/listinfo/openid-specs-fastfed [1]
>
>> _______________________________________________
>> Openid-specs-fastfed mailing list
>> Openid-specs-fastfed at lists.openid.net
>>
> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Dfastfed&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=hlvgBEMYkMpg3CZ6fBTaeFRmps3bOvInrfYzOzJj7Yo&s=c5yjyRPQz32cSzcuxUZ7jTwOqCBw7K82oEn2gJoi91c&e=
>
>
> Links:
> ------
> [1]
> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Dfastfed&d=DwMGaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=hlvgBEMYkMpg3CZ6fBTaeFRmps3bOvInrfYzOzJj7Yo&s=c5yjyRPQz32cSzcuxUZ7jTwOqCBw7K82oEn2gJoi91c&e=
_______________________________________________
Openid-specs-fastfed mailing list
Openid-specs-fastfed at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-fastfed
More information about the Openid-specs-fastfed
mailing list