[Openid-specs-fastfed] Meeting Notes from November 20, 2019
Erik Gustavson
erikgustavson at google.com
Wed Nov 20 17:05:12 UTC 2019
*Next meeting: In-person on Thursday, December 12, 2019 in Seattle Area.
Location to be announced later this week.*
Nov 20, 2019Attendees
-
Brian Rose, Sailpoint
-
Erik Gustavson, Google
-
Gokul Baskaran, Target
-
Pam Dingle, Microsoft
-
Wesley Dunnington, Ping
-
Zhen Chien Chia, Microsoft
Agenda
-
(Brian) Questions about SCIM provisioning
-
On SSO app provider is client, IdP is server. IdP hosts start
endpoint, etc... app provider kicks off process.
-
In the governance case, the governance provider is acting as the
client
-
Spec is symmetrical around exchange of oauth tokens but in the
provisioning/governance case, the app provider would send the tokens and
subsequently act as the SCIM server.
-
Topic to discuss at in-person meeting -- coming up with an example
sequence of calls for various scenarios would be useful for implementers.
-
(Zhen) SCIM questions
-
How client is going to figure out what attributes are required based
on the SCIM payload
-
Seeing examples in the wild were apps require optional attributes or
don’t implement required attributes from the advertised SCIM schema
-
(Erik) Intention is advertise up-front what is needed before trying
to make calls later that might fail
-
(Pam) we need to be careful about how we bind scim metadata into the
fastfed spec
-
(Wes) we wanted this to be symmetrical wrt to SAML and SCIM
-
Need to normalize language in 2.5.1 (“must” vs “will”)
-
Additionally in 2.5.2 what happens if providers do not agree on
the filters for required fields? I.e. App Provider requires
“middle name”
and IdP/governance provider only has that as optional.
-
(Gokul)
-
How do we exchange message level encryption keys for SAML/SCIM where
sensitive attributes are being passed around?
-
Is this in scope for FastFed? If not, we should specify that.
-
Symmetry of SCIM/SAML attribute passing argues that we should have an
opinion on this
-
(Erik) Anything we want to focus on for in-person
-
Update flows
-
Canonical examples of SCIM schemas
-
OIDC profile
-
Implementation guides
-
Message-level encryption support
-
AI for Erik: determine where in-person meeting will be held
-
Pam has offered MSFT in Redmond; Erik will follow-up off-list with
Darin and Pam.
--
Erik Gustavson
erikgustavson at google.com
Engineering Manager - Apps Core
415-736-3425 <(415)%20736-3425>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fastfed/attachments/20191120/1064739e/attachment.html>
More information about the Openid-specs-fastfed
mailing list