[Openid-specs-fastfed] Introduction and some questions!!

Andrii Deinega andrii.deinega at gmail.com
Fri Jun 27 03:54:37 UTC 2025 

Hi Monika,

I believe you introduced yourself at today's meeting (AB Connect Working
Group <https://openid.net/wg/connect/>).

Not sure if it's safe to say this... but it seems like that this email list
hasn't been very active for the past several years. I do love all the ideas
behind FastFed, and hear you on this for sure (these things become very
visible when you do these things at any scale and maybe, you want to
automate that).

I won't tell you anything concrete about your first question (SCIM +
FastFed), but I'd suggest you reach out to
https://datatracker.ietf.org/wg/scim/about/ directly.

For machine identities there is a separate group called WIMSE (Workload
Identity in Multi System Environments), this group has been very active
recently. Have a look at https://datatracker.ietf.org/wg/wimse/about for
what they are working on.

There are also a couple of (draft) specifications like OpenID Provider
Commands <https://openid.net/specs/openid-provider-commands-1_0.html>
and Enterprise
Extensions
<https://openid.net/specs/openid-connect-enterprise-extensions-1_0.html>
from Dick
Hardt, and a separate working group <https://openid.net/wg/ipsie> focused
on "The Interoperability Profiling for Secure Identity in the Enterprise"
that you might find interesting, due to their overlap (at some degree.. if
I may) with the FastFed.

All the best,
Andrii


On Thu, Jun 26, 2025 at 9:39 AM Monika Avalur via Openid-specs-fastfed <
openid-specs-fastfed at lists.openid.net> wrote:

> Hi,
>
> I am Monika Avalur working as a product manager in IAM space in CyberArk.
> I have been assigned to this working group and have been going through the
> specs for FastFed.
>
> Firstly I love FastFed as I am able to echo the pain in setting up
> federation with all that Schema mapping.
>
> I have couple of questions/suggestion/use cases I see today that I would
> want to share with this group to check if we are doing anything in those
> terms.
>
>
>    1. Extending SCIM to sync any generic entities. i.e., today only users
>    and groups can be provisioned using SCIM. Is there any plan to make this
>    generic enough such that say certain app/device/AI agent/Org metadata can
>    be provisioned or this data can be generically exchanged between two
>    entities? This can extend to AI agents, machine identities etc.,
>    2. I don't see this particular draft talking about federation of
>    machine identities, could be workload identities/AI agents/service users
>    etc., In this case we mostly use STS/OAuth client creds/MTLS based
>    authentication. So do we plan on supporting them as well?
>
>
> Thanks & Regards,
> Monika
>
>
> _______________________________________________
> Openid-specs-fastfed mailing list
> Openid-specs-fastfed at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-fastfed
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fastfed/attachments/20250626/5d1152a4/attachment-0001.htm>

More information about the Openid-specs-fastfed mailing list