[Openid-specs-fastfed] FastFed Requirements

Wed Jun 7 23:03:11 UTC 2017

Yes. I don't get the value of the tradeoff. Is it to boost adoption by RPs? Do you mean operational or technical simplicity?

IMO saas admins aren't complaining about writing code. They are complaining about manual configuration of each relationship as a barrier to adoption. 

So yes we want operational simplicity. Technical simplicity isn't the biggest barrier if it is automated.  

Phil

> On Jun 7, 2017, at 3:06 PM, Hardt, Dick <dick at amazon.com> wrote:
> 
> I understand the tenant. What is the assumption though? Are you questioning the tenant? A goal of a tenant would be to guide decisions. This one would guide us to push complexity to the IdP vs the app all other things being equal. Having tenants helps make decisions, which seems valuable.
>  
> On 6/7/17, 2:50 PM, someone claiming to be "Phil Hunt (IDM)" <phil.hunt at oracle.com> wrote:
>  
> Tenant 4. The one darin asked about. 
> 
> Phil
> 
> On Jun 7, 2017, at 2:38 PM, Hardt, Dick <dick at amazon.com> wrote:
> 
> Which assumption are you referring to Phil?
>  
> On 6/7/17, 2:22 PM, someone claiming to be "Phil Hunt (IDM)" <phil.hunt at oracle.com> wrote:
>  
> I am not seeing the value of the assumption. 
> 
> Phil
> 
> On Jun 7, 2017, at 2:04 PM, McAdams, Darin via Openid-specs-fastfed <openid-specs-fastfed at lists.openid.net> wrote:
> 
> Anyone disagree with the tenet under discussion?
>  
>   #  Tenet 4) Push Implementation Complexity onto IdPs
>  
> The discussion has been about the numbers and ratios, but returning to the main question: if we face a choice between pushing implementation complexity onto an IdP implementer vs a SP implementer, does anyone disagree about pushing complexity onto the IdP implementer?
>  
> The IdP _administrator_ (as opposed to the implementer) is also important. When using a hosted provider, the admin should see FastFed capabilities “just appear” when the provider launches it. Admins running their own installation will upgrade to a newer release to get the capabilities. The heavy lifting has been done by their chosen vendor.
>  
> From: Openid-specs-fastfed <openid-specs-fastfed-bounces at lists.openid.net> on behalf of "openid-specs-fastfed at lists.openid.net" <openid-specs-fastfed at lists.openid.net>
> Organization: Gluu
> Reply-To: Mike Schwartz <mike at gluu.org>
> Date: Wednesday, June 7, 2017 at 1:48 PM
> To: "Hardt, Dick" <dick at amazon.com>
> Cc: "openid-specs-fastfed at lists.openid.net" <openid-specs-fastfed at lists.openid.net>
> Subject: Re: [Openid-specs-fastfed] FastFed Requirements
>  
> I agree that IdP vendors < SaaS providers; I don't agree that IdP's <
> SaaS providers. But if we're talking about admins, why aren't we valuing
> IdP admins?
>  
> Regarding the ratio... what we find is that the minority of SaaS
> providers support inbound SAML (and almost none support inbound OpenID
> Connect). That's why so many SSO services are still pushing passwords.
>  
> Generally, SaaS providers get serious about supporting SAML when they
> get a critical mass of requests from their customers. At that point,
> they can justify the SAML investment. So it's mostly just the larger
> SaaS providers. Even fewer support OpenID Connect (almost none, Amazon
> being one of the exceptions).
>  
> - Mike
>  
>  
>  
> On 2017-06-07 15:06, Hardt, Dick wrote:
> On 6/7/17, 12:38 PM, someone claiming to be "Openid-specs-fastfed on
> behalf of openid-specs-fastfed at lists.openid.net"
> <openid-specs-fastfed-bounces at lists.openid.net on behalf of
> openid-specs-fastfed at lists.openid.net> wrote:
>      More organizations have IDPs then SaaS providers support federated
>      authentication. Frankly, SaaS providers only support federated
> authn
>      when they get enough demand from customers, which sort of speaks to
> the
>      ratio I am positing.
> Mike: I’m confused what ratio you are implying here. Would you clarify?
> _______________________________________________
> Openid-specs-fastfed mailing list
> Openid-specs-fastfed at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fastfed
>  
> _______________________________________________
> Openid-specs-fastfed mailing list
> Openid-specs-fastfed at lists.openid.net
> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Dfastfed&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=hlvgBEMYkMpg3CZ6fBTaeFRmps3bOvInrfYzOzJj7Yo&s=c5yjyRPQz32cSzcuxUZ7jTwOqCBw7K82oEn2gJoi91c&e=
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fastfed/attachments/20170607/d0ff55df/attachment-0001.html>