[Openid-specs-fastfed] Notes from 1/29 FastFed Meeting

McAdams, Darin darinm at amazon.com
Wed Feb 5 04:51:20 UTC 2020 

Attendees:

  *   Darin McAdams (AWS)
  *   Erik Gustavson (Google)
  *   Matt Domsch (Sailpoint)
  *   Brian Rose (Sailpoint)
  *   Adam Hampton (Sailpoint)

A reminder was put out of the group’s self-imposed March 1 goal for advertising a proposed implementors draft to the OIDF membership. A few weeks remain. Please get feedback in. (See links below)

3 issues were called out as requiring final closure.

(1) Icon/Logo images
Questions for the group:  Do you need both icons and logos, or just one?  What dimensions and sizes do you need?  Is the spec too strict on aspect ratios?

(2) Discovery
Currently, discovery uses WebFinger. This implies hosting a WebFinger server. However, the vast majority of installations are expected to have a static answer for discovery. They would benefit from the simplicity of hosting a static file, avoiding the complexity of running a full-featured WebFinger service. Open question whether this is achievable via the WebFinger specification, or whether an alternative is necessary.

(3) SCIM interop profile
SCIM provides at least 3 ways to achieve common operations, such as updating a User. Identity Providers have wide variation in the approaches they take, forcing Application owners to support all possible approaches, or be incompatible with a subset of IdPs. This puts undue burden on Application owners that is antithetical to the FastFed tenet to prefer shifting complexity onto IdP vendors, when possible.

There was discussion on whether FastFed should avoid these waters and launch a parallel conversation in the SCIM group on interop profiles. However, there was reluctance to completely forego prescriptive guidance in FastFed since it already appears in other profiles such as SAML, and is a core necessity to the FastFed goal of “click a button and it will work”.

An opinionated FastFed SCIM profile will, by necessity, require work by some IdPs to confirm to it. However, the group didn’t have the data on whether such effort was significant enough to risk adoption rates. Therefore, an action was taken to quickly propose the FastFed Interop Profile for a quick straw poll of the group regarding the level of effort to conform. I (Darin) have the action to come back with this.

-Darin

--------------------------------------------
SPEC REVIEW LINKS

To facilitate collaboration, I uploaded everything to Google Docs.
https://drive.google.com/drive/folders/1ld_SRjGoTaxuIY12sWd_rh83uehCCTdu

Easiest feedback approach is to add comments into the Google Docs.

Here’s quick links to get started on reviews:

  *   Begin with overview #1A https://drive.google.com/open?id=1W1lBM9Kt5MGZYhQLLpJW6FrAEoq8bSGu
  *   Contrast with #1B: https://drive.google.com/open?id=1Dwg4-bfJF4-CWQ8k6ZSguXKZrQLGJMC1
  *   Then, dive into the detailed spec: https://drive.google.com/open?id=19hebPRKZT_CdAixstuVXh4094-JMQ6CU
     *   Ignore the formatting issues. Google Docs munged things.
     *   You can always find the source files by downloading the repo<https://bitbucket.org/openid/fastfed/downloads/>.
  *   Finally, look at the SAML profile: https://drive.google.com/open?id=1LvYL3BBY3_VDh6tDeYkKDxkzN0h7UvXo
  *   And, the SCIM profile: https://drive.google.com/open?id=1qV1eFWN5dZHZspWS-rOT9NbSvOf417aW


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fastfed/attachments/20200205/0036c043/attachment.html>

More information about the Openid-specs-fastfed mailing list