[Openid-specs-fastfed] Meeting Notes from November 20, 2019
McAdams, Darin
darinm at amazon.com
Tue Dec 3 23:51:22 UTC 2019
Hi all,
For those making travel plans, Amazon will host at 2121 8th Ave, Seattle, WA 98121
https://goo.gl/maps/hMb1QuoTUr21y9v67
This is downtown and walking distance from transit and hotels. As the date approaches, I’ll follow up with specific arrival instructions.
-Darin
From: Openid-specs-fastfed <openid-specs-fastfed-bounces at lists.openid.net> on behalf of Openid-specs-fastfed <openid-specs-fastfed at lists.openid.net>
Reply-To: Erik Gustavson <erikgustavson at google.com>
Date: Wednesday, November 20, 2019 at 9:06 AM
To: Openid-specs-fastfed <openid-specs-fastfed at lists.openid.net>
Subject: [Openid-specs-fastfed] Meeting Notes from November 20, 2019
Next meeting: In-person on Thursday, December 12, 2019 in Seattle Area. Location to be announced later this week.
Nov 20, 2019
Attendees
*
* Brian Rose, Sailpoint
*
*
* Erik Gustavson, Google
*
*
* Gokul Baskaran, Target
*
*
* Pam Dingle, Microsoft
*
*
* Wesley Dunnington, Ping
*
*
* Zhen Chien Chia, Microsoft
*
Agenda
*
* (Brian) Questions about SCIM provisioning
*
·
*
* On SSO app provider is client, IdP
* is server. IdP hosts start endpoint, etc... app provider kicks off process.
*
*
* In the governance case, the governance
* provider is acting as the client
*
*
* Spec is symmetrical around exchange of oauth tokens but in the provisioning/governance case, the app provider would send the tokens and subsequently act as the SCIM
* server.
*
*
* Topic to discuss at in-person meeting -- coming up with an example sequence of calls for various scenarios would be useful for implementers.
*
*
*
* (Zhen) SCIM questions
*
·
*
* How client is going to figure out
* what attributes are required based on the SCIM payload
*
*
* Seeing examples in the wild were apps
* require optional attributes or don’t implement required attributes from the advertised SCIM schema
*
*
* (Erik) Intention is advertise up-front
* what is needed before trying to make calls later that might fail
*
*
* (Pam) we need to be careful about
* how we bind scim metadata into the fastfed spec
*
*
* (Wes) we wanted this to be symmetrical
* wrt to SAML and SCIM
*
*
* Need to normalize language in 2.5.1
* (“must” vs “will”)
*
o
*
* Additionally in 2.5.2 what happens
* if providers do not agree on the filters for required fields? I.e. App Provider requires “middle name” and IdP/governance provider only has that as optional.
*
*
*
*
* (Gokul)
*
·
*
* How do we exchange message level encryption
* keys for SAML/SCIM where sensitive attributes are being passed around?
*
*
* Is this in scope for FastFed? If not,
* we should specify that.
*
*
* Symmetry of SCIM/SAML attribute passing
* argues that we should have an opinion on this
*
*
*
* (Erik) Anything we want to focus on
* for in-person
*
·
*
* Update flows
*
*
* Canonical examples of SCIM schemas
*
*
* OIDC profile
*
*
* Implementation guides
*
*
* Message-level encryption support
*
*
*
* AI for Erik: determine where in-person
* meeting will be held
*
·
*
* Pam has offered MSFT in Redmond; Erik
* will follow-up off-list with Darin and Pam.
*
*
--
[Image removed by sender.]
Erik Gustavson
erikgustavson at google.com<mailto:erikgustavson at google.com>
Engineering Manager - Apps Core
415-736-3425<tel:(415)%20736-3425>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fastfed/attachments/20191203/81e4c2e9/attachment-0001.html>
More information about the Openid-specs-fastfed
mailing list