[Openid-specs-fastfed] Introduction and some questions!!

Dean H. Saxe dean at thesax.es
Sun Jun 29 20:44:19 UTC 2025 

Monika,

​

For all intents and purposes, FastFed is no longer operational as a WG.  No
large provider committed to implementation of the spec.  Although there
have been a few attempts to revive FastFed and implement it for other
protocols such as SCIM, I have not seen anything that indicate such efforts
will be successful.

​

Andrii mentioned the IPSIE WG, which I co-chair, in his email.  While IPSIE
WG is tackling enterprise profiles of common standards, we have not
discussed any profiles of FastFed to date.  This doesn’t mean we won’t do
any work with FastFed, but we have none planned at this time.

​

Thanks,

-dhs

​

On Fri, 27 Jun 2025 05:53:23 GMT Monika Avalur via Openid-specs-fastfed
wrote:

Thanks @Andrii Deinega <andrii.deinega at gmail.com>.


​

I will take a look at them.


​

Regards,

Monika
------------------------------

*From:* Andrii Deinega <andrii.deinega at gmail.com>
​*Sent:* Friday, June 27, 2025 6:54 AM
​*To:* Monika Avalur <Monika.Avalur at cyberark.com>
​*Cc:* openid-specs-fastfed at lists.openid.net <
openid-specs-fastfed at lists.openid.net>; Dick Hardt <dick.hardt at gmail.com>
​*Subject:* Re: [Openid-specs-fastfed] Introduction and some questions!!





*CyberArk Security Warning:* This is an external email!



Hi Monika,


​

I believe you introduced yourself at today's meeting (AB Connect Working
Group
<https://urldefense.com/v3/__https://openid.net/wg/connect/__;!!Pe07N362zA!wANZC_iCk7tiK1dYAQNAY0ihdavsn8N0tsLucJpsQoksYpO9HLE4a5-j16-BFaJZCA3OnHGEeF8m8OoF9jbsCFPyUAKYqg$>
).


​

Not sure if it's safe to say this... but it seems like that this email list
hasn't been very active for the past several years. I do love all the ideas
behind FastFed, and hear you on this for sure (these things become very
visible when you do these things at any scale and maybe, you want to
automate that).


​

I won't tell you anything concrete about your first question (SCIM +
FastFed), but I'd suggest you reach out to
https://datatracker.ietf.org/wg/scim/about/
<https://urldefense.com/v3/__https://datatracker.ietf.org/wg/scim/about/__;!!Pe07N362zA!wANZC_iCk7tiK1dYAQNAY0ihdavsn8N0tsLucJpsQoksYpO9HLE4a5-j16-BFaJZCA3OnHGEeF8m8OoF9jbsCFOsKicLdQ$>
directly.


​

For machine identities there is a separate group called WIMSE (Workload
Identity in Multi System Environments), this group has been very active
recently. Have a look at https://datatracker.ietf.org/wg/wimse/about
<https://urldefense.com/v3/__https://datatracker.ietf.org/wg/wimse/about__;!!Pe07N362zA!wANZC_iCk7tiK1dYAQNAY0ihdavsn8N0tsLucJpsQoksYpO9HLE4a5-j16-BFaJZCA3OnHGEeF8m8OoF9jbsCFOrAOQGNA$>
for
what they are working on.


​

There are also a couple of (draft) specifications like OpenID Provider
Commands
<https://urldefense.com/v3/__https://openid.net/specs/openid-provider-commands-1_0.html__;!!Pe07N362zA!wANZC_iCk7tiK1dYAQNAY0ihdavsn8N0tsLucJpsQoksYpO9HLE4a5-j16-BFaJZCA3OnHGEeF8m8OoF9jbsCFMUttg_tw$>
 and Enterprise Extensions
<https://urldefense.com/v3/__https://openid.net/specs/openid-connect-enterprise-extensions-1_0.html__;!!Pe07N362zA!wANZC_iCk7tiK1dYAQNAY0ihdavsn8N0tsLucJpsQoksYpO9HLE4a5-j16-BFaJZCA3OnHGEeF8m8OoF9jbsCFOdIoj5Iw$>
from Dick
Hardt, and a separate working group
<https://urldefense.com/v3/__https://openid.net/wg/ipsie__;!!Pe07N362zA!wANZC_iCk7tiK1dYAQNAY0ihdavsn8N0tsLucJpsQoksYpO9HLE4a5-j16-BFaJZCA3OnHGEeF8m8OoF9jbsCFPs7_J9IA$>
focused
on "The Interoperability Profiling for Secure Identity in the Enterprise"
that you might find interesting, due to their overlap (at some degree.. if
I may) with the FastFed.


​

All the best,

Andrii


​


​

On Thu, Jun 26, 2025 at 9:39 AM Monika Avalur via Openid-specs-fastfed <
openid-specs-fastfed at lists.openid.net> wrote:
​

Hi,


​

I am Monika Avalur working as a product manager in IAM space in CyberArk. I
have been assigned to this working group and have been going through the
specs for FastFed.


​

Firstly I love FastFed as I am able to echo the pain in setting up
federation with all that Schema mapping.


​

I have couple of questions/suggestion/use cases I see today that I would
want to share with this group to check if we are doing anything in those
terms.


​

   1.

   Extending SCIM to sync any generic entities. i.e., today only users and
   groups can be provisioned using SCIM. Is there any plan to make this
   generic enough such that say certain app/device/AI agent/Org metadata can
   be provisioned or this data can be generically exchanged between two
   entities? This can extend to AI agents, machine identities etc.,
   2.

   I don't see this particular draft talking about federation of machine
   identities, could be workload identities/AI agents/service users etc., In
   this case we mostly use STS/OAuth client creds/MTLS based authentication.
   So do we plan on supporting them as well?


​

Thanks & Regards,

Monika


​


​

_______________________________________________
​Openid-specs-fastfed mailing list
​Openid-specs-fastfed at lists.openid.nethttps://lists.openid.net/mailman/listinfo/openid-specs-fastfed
<https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-fastfed__;!!Pe07N362zA!wANZC_iCk7tiK1dYAQNAY0ihdavsn8N0tsLucJpsQoksYpO9HLE4a5-j16-BFaJZCA3OnHGEeF8m8OoF9jbsCFPITjwkNQ$>
​
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fastfed/attachments/20250629/3e33505d/attachment.htm>

More information about the Openid-specs-fastfed mailing list