[Openid-specs-fastfed] Introduction and some questions!!

Monika Avalur Monika.Avalur at cyberark.com
Fri Jun 27 05:52:59 UTC 2025 

Thanks @Andrii Deinega<mailto:andrii.deinega at gmail.com>.

I will take a look at them.

Regards,
Monika
________________________________
From: Andrii Deinega <andrii.deinega at gmail.com>
Sent: Friday, June 27, 2025 6:54 AM
To: Monika Avalur <Monika.Avalur at cyberark.com>
Cc: openid-specs-fastfed at lists.openid.net <openid-specs-fastfed at lists.openid.net>; Dick Hardt <dick.hardt at gmail.com>
Subject: Re: [Openid-specs-fastfed] Introduction and some questions!!


CyberArk Security Warning: This is an external email!



Hi Monika,

I believe you introduced yourself at today's meeting (AB Connect Working Group<https://urldefense.com/v3/__https://openid.net/wg/connect/__;!!Pe07N362zA!wANZC_iCk7tiK1dYAQNAY0ihdavsn8N0tsLucJpsQoksYpO9HLE4a5-j16-BFaJZCA3OnHGEeF8m8OoF9jbsCFPyUAKYqg$>).

Not sure if it's safe to say this... but it seems like that this email list hasn't been very active for the past several years. I do love all the ideas behind FastFed, and hear you on this for sure (these things become very visible when you do these things at any scale and maybe, you want to automate that).

I won't tell you anything concrete about your first question (SCIM + FastFed), but I'd suggest you reach out to https://datatracker.ietf.org/wg/scim/about/<https://urldefense.com/v3/__https://datatracker.ietf.org/wg/scim/about/__;!!Pe07N362zA!wANZC_iCk7tiK1dYAQNAY0ihdavsn8N0tsLucJpsQoksYpO9HLE4a5-j16-BFaJZCA3OnHGEeF8m8OoF9jbsCFOsKicLdQ$> directly.

For machine identities there is a separate group called WIMSE (Workload Identity in Multi System Environments), this group has been very active recently. Have a look at https://datatracker.ietf.org/wg/wimse/about<https://urldefense.com/v3/__https://datatracker.ietf.org/wg/wimse/about__;!!Pe07N362zA!wANZC_iCk7tiK1dYAQNAY0ihdavsn8N0tsLucJpsQoksYpO9HLE4a5-j16-BFaJZCA3OnHGEeF8m8OoF9jbsCFOrAOQGNA$> for what they are working on.

There are also a couple of (draft) specifications like OpenID Provider Commands<https://urldefense.com/v3/__https://openid.net/specs/openid-provider-commands-1_0.html__;!!Pe07N362zA!wANZC_iCk7tiK1dYAQNAY0ihdavsn8N0tsLucJpsQoksYpO9HLE4a5-j16-BFaJZCA3OnHGEeF8m8OoF9jbsCFMUttg_tw$> and Enterprise Extensions<https://urldefense.com/v3/__https://openid.net/specs/openid-connect-enterprise-extensions-1_0.html__;!!Pe07N362zA!wANZC_iCk7tiK1dYAQNAY0ihdavsn8N0tsLucJpsQoksYpO9HLE4a5-j16-BFaJZCA3OnHGEeF8m8OoF9jbsCFOdIoj5Iw$> from Dick Hardt, and a separate working group<https://urldefense.com/v3/__https://openid.net/wg/ipsie__;!!Pe07N362zA!wANZC_iCk7tiK1dYAQNAY0ihdavsn8N0tsLucJpsQoksYpO9HLE4a5-j16-BFaJZCA3OnHGEeF8m8OoF9jbsCFPs7_J9IA$> focused on "The Interoperability Profiling for Secure Identity in the Enterprise" that you might find interesting, due to their overlap (at some degree.. if I may) with the FastFed.

All the best,
Andrii


On Thu, Jun 26, 2025 at 9:39 AM Monika Avalur via Openid-specs-fastfed <openid-specs-fastfed at lists.openid.net<mailto:openid-specs-fastfed at lists.openid.net>> wrote:
Hi,

I am Monika Avalur working as a product manager in IAM space in CyberArk. I have been assigned to this working group and have been going through the specs for FastFed.

Firstly I love FastFed as I am able to echo the pain in setting up federation with all that Schema mapping.

I have couple of questions/suggestion/use cases I see today that I would want to share with this group to check if we are doing anything in those terms.


  1.
Extending SCIM to sync any generic entities. i.e., today only users and groups can be provisioned using SCIM. Is there any plan to make this generic enough such that say certain app/device/AI agent/Org metadata can be provisioned or this data can be generically exchanged between two entities? This can extend to AI agents, machine identities etc.,
  2.
I don't see this particular draft talking about federation of machine identities, could be workload identities/AI agents/service users etc., In this case we mostly use STS/OAuth client creds/MTLS based authentication. So do we plan on supporting them as well?

Thanks & Regards,
Monika


_______________________________________________
Openid-specs-fastfed mailing list
Openid-specs-fastfed at lists.openid.net<mailto:Openid-specs-fastfed at lists.openid.net>
https://lists.openid.net/mailman/listinfo/openid-specs-fastfed<https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-fastfed__;!!Pe07N362zA!wANZC_iCk7tiK1dYAQNAY0ihdavsn8N0tsLucJpsQoksYpO9HLE4a5-j16-BFaJZCA3OnHGEeF8m8OoF9jbsCFPITjwkNQ$>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fastfed/attachments/20250627/c6dafc41/attachment-0001.htm>

More information about the Openid-specs-fastfed mailing list