[Openid-specs-fastfed] notes from June 27, 2019

Thu Jun 27 19:35:13 UTC 2019

Hi,
Below are the notes from the WG meeting at Identiverse on June 27, 2019.
- Romain

*Attendees*

- Chuck Mortimer, Salesforce
- Darin McAdams, AWS
- Erik Gustavson, Google
- Jacob Frederick,  AWS
- Junfeng Wu, Cisco
- Matt Domsch, SailPoint
- Pamela Ding, Microsoft
- Rafael Kabesa, Salesforce
- Rob Otto, Ping
- Romain Lenglet, Google
- Sanjoli Ahuja, ADP
- Wesley Dunnington, Ping

*1. Feedback / questions from the demo at Identiverse*

- How can I control who can access this app?
- Will Ping Federate support FastFed?
- FastFed addresses a real problem. It will eliminate lots of manual work.
- Got some questions about protocol details.

*2. Draft updates*

Darin needs to incorporate the feedback notes from the last WG meeting.
Matt requested that the standard supports using a source other than an IdP
for user provisioning.

Updating a federation is not (yet) covered by the standard, e.g.
- Enabling provisioning after the fact.
- Update provider metadata.
- Turnoff (already discussed in the last session).
Even if we don't address that now, we should clarify the scope of the
standard, e.g. in a FAQ document.

Sailpoint and ADP determined the minimum set of attributes needed for HR
extensions, when provisioning from an HRIS to an IdP.
Matt will share with the WG.

*3. FastFed adoption*

Ping is interested in joining the WG.

It is not easy to get started working on FastFed.
We need a better website front page.
Jacob has sequence diagrams that would be useful for such docs.

There is currently no "security considerations" section in the spec.
We need to get security experts to review the spec. Google and ADT will get
resources.

We need to get more "pure" service providers involved to get feedback on
the usability of the protocol.
We need more specific guidance to implement FastFed.
In the long-term, integrating with frameworks (Spring, etc.) will help
adoption.

We need a test harness to help developers.
Ideally, it would be good to have a reference implementation / mock
endpoints.
Both the Google and AWS implementations of the SP and IdP endpoints for the
Identiverse demo were developed with that purpose in mind.
Google and AWS will open-source those as reference implementations.

*4. Timeline*

We'll have to clarify early whether implementers (Google, AWS, etc.) will
do any branding around FastFed.

To get broader adoption, we need bigger and more frequent meetings.
We decided to schedule meetings once per month.
We should advertise the meeting calendar on the website to get more
attendees.

Erik and Adam aim for an implementers' draft by Aug 2019.
The last review of the draft will be at IIW in Oct 2019.
We'll also try to do interop testing at IIW.

How to bootstrap adoption?
We will need a critical mass of IdPs (Google, Ping, Okta) and trailblazing
SPs.
Then we can focus on advertising the standard to a broader SP audience.

*5. Action items*

- [Jacob, Erik] Write up a FastFed introduction for the website's front
page.
- [Pamela] Give Erik access to edit the website.
- [Pamela] Get everyone signed up on the mailing list.
- [Erik, Sanjoli] Get Google and ADT to do a security review.
- [Matt] Share the set of attributes for HR extensions.
- [Erik, Romain, Jacob] Look into the processes to open-source the demo
implementations, esp. determine the timelines.
- [Erik] Schedule the next meeting.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fastfed/attachments/20190627/ee43942a/attachment-0001.html>