<div dir="ltr"><div><b>Next meeting: In-person on Thursday, December 12, 2019 in Seattle Area. Location to be announced later this week.</b></div><div><span id="gmail-docs-internal-guid-cc7e875f-7fff-07cd-3973-324ae678133b"><h1 dir="ltr" style="line-height:1.38;margin-top:20pt;margin-bottom:6pt"><span style="font-size:20pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Nov 20, 2019</span></h1><h2 dir="ltr" style="line-height:1.38;margin-top:18pt;margin-bottom:6pt"><span style="font-size:16pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Attendees</span></h2><ul style="margin-top:0px;margin-bottom:0px"><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Brian Rose, Sailpoint</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Erik Gustavson, Google</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Gokul Baskaran, Target</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Pam Dingle, Microsoft</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Wesley Dunnington, Ping</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Zhen Chien Chia, Microsoft</span></p></li></ul><h2 dir="ltr" style="line-height:1.38;margin-top:18pt;margin-bottom:6pt"><span style="font-size:16pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Agenda</span></h2><ul style="margin-top:0px;margin-bottom:0px"><li style="list-style-type:disc;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">(Brian) Questions about SCIM provisioning</span></p></li><ul style="margin-top:0px;margin-bottom:0px"><li style="list-style-type:circle;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">On SSO app provider is client, IdP is server. IdP hosts start endpoint, etc... app provider kicks off process.</span></p></li><li style="list-style-type:circle;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">In the governance case, the governance provider is acting as the client</span></p></li><li style="list-style-type:circle;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="white-space:pre-wrap">Spec is symmetrical around exchange of oauth tokens but in the provisioning/governance case, the app provider would send the tokens and subsequently act as the SCIM server.</span></p></li><li style="list-style-type:circle;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="white-space:pre-wrap">Topic to discuss at in-person meeting -- coming up with an example sequence of calls for various scenarios would be useful for implementers.</span></p></li></ul><li style="list-style-type:disc;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">(Zhen) SCIM questions</span></p></li><ul style="margin-top:0px;margin-bottom:0px"><li style="list-style-type:circle;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">How client is going to figure out what attributes are required based on the SCIM payload</span></p></li><li style="list-style-type:circle;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Seeing examples in the wild were apps require optional attributes or don’t implement required attributes from the advertised SCIM schema</span></p></li><li style="list-style-type:circle;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">(Erik) Intention is advertise up-front what is needed before trying to make calls later that might fail</span></p></li><li style="list-style-type:circle;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">(Pam) we need to be careful about how we bind scim metadata into the fastfed spec </span></p></li><li style="list-style-type:circle;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">(Wes) we wanted this to be symmetrical wrt to SAML and SCIM</span></p></li><li style="list-style-type:circle;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Need to normalize language in 2.5.1 (“must” vs “will”)</span></p></li><ul style="margin-top:0px;margin-bottom:0px"><li style="list-style-type:square;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Additionally in 2.5.2 what happens if providers do not agree on the filters for required fields? I.e. App Provider requires “middle name” and IdP/governance provider only has that as optional. </span></p></li></ul></ul><li style="list-style-type:disc;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">(Gokul)</span></p></li><ul style="margin-top:0px;margin-bottom:0px"><li style="list-style-type:circle;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">How do we exchange message level encryption keys for SAML/SCIM where sensitive attributes are being passed around?</span></p></li><li style="list-style-type:circle;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Is this in scope for FastFed? If not, we should specify that.</span></p></li><li style="list-style-type:circle;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Symmetry of SCIM/SAML attribute passing argues that we should have an opinion on this</span></p></li></ul><li style="list-style-type:disc;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">(Erik) Anything we want to focus on for in-person</span></p></li><ul style="margin-top:0px;margin-bottom:0px"><li style="list-style-type:circle;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Update flows</span></p></li><li style="list-style-type:circle;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Canonical examples of SCIM schemas</span></p></li><li style="list-style-type:circle;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">OIDC profile</span></p></li><li style="list-style-type:circle;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Implementation guides</span></p></li><li style="list-style-type:circle;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Message-level encryption support</span></p></li></ul><li style="list-style-type:disc;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">AI for Erik: determine where in-person meeting will be held</span></p></li><ul style="margin-top:0px;margin-bottom:0px"><li style="list-style-type:circle;font-size:11pt;font-family:"Google Sans",sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Pam has offered MSFT in Redmond; Erik will follow-up off-list with Darin and Pam.</span></p></li></ul></ul></span></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div dir="ltr" data-smartmail="gmail_signature" style="color:rgb(136,136,136)"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="font-size:12.8px"><div dir="ltr"><div dir="ltr"><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px"><div dir="ltr" style="margin-left:0pt"><table style="border:none;border-collapse:collapse"><colgroup><col width="85"><col width="539"></colgroup><tbody><tr style="height:0pt"><td style="border-width:1pt;border-style:solid;border-color:rgb(255,255,255);vertical-align:middle;padding:4.32pt"><p dir="ltr" style="line-height:1.2;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><img src="https://lh5.googleusercontent.com/fjIYLZoDK8rnd19hBZTbvgo9VtMEP6q-GK-1yR7Is5KGuwtfFOHfMSN_zY62PwuVn3-Gv6jpybFrQeeqapmkspqQ3PIzW9MkrLlBW5b-4ID0tC7q7IcqOaAHx8XtM8X6nl_0IqIf" width="73" height="65" class="CToWUd" style="border: none;"></span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(255,255,255);vertical-align:middle;padding:4.32pt"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:9pt;font-family:Arial;color:rgb(67,67,67);background-color:transparent;font-weight:700;vertical-align:baseline;white-space:pre-wrap">Erik Gustavson</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:9pt;font-family:Arial;color:rgb(67,67,67);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><a href="mailto:erikgustavson@google.com" target="_blank" style="color:rgb(17,85,204)">erikgustavson@google.com</a></span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:9pt;font-family:Arial;color:rgb(67,67,67);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Engineering Manager - Apps Core</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:9pt;font-family:Arial;color:rgb(67,67,67);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><a href="tel:(415)%20736-3425" value="+14157363425" target="_blank" style="color:rgb(17,85,204)">415-736-3425</a></span></p></td></tr></tbody></table></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>