<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>

</head>

<body dir="ltr">

<div style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">

Thanks <a class="tWKOu mention ms-bgc-nlr ms-fcl-b" id="OWAAM735732" href="mailto:andrii.deinega@gmail.com">

@Andrii Deinega</a>.</div>

<div style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">

<br>

</div>

<div style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">

I will take a look at them.</div>

<div style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">

<br>

</div>

<div style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">

Regards,</div>

<div style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">

Monika</div>

<div id="appendonsend"></div>

<hr style="display:inline-block;width:98%" tabindex="-1">

<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Andrii Deinega <andrii.deinega@gmail.com><br>

<b>Sent:</b> Friday, June 27, 2025 6:54 AM<br>

<b>To:</b> Monika Avalur <Monika.Avalur@cyberark.com><br>

<b>Cc:</b> openid-specs-fastfed@lists.openid.net <openid-specs-fastfed@lists.openid.net>; Dick Hardt <dick.hardt@gmail.com><br>

<b>Subject:</b> Re: [Openid-specs-fastfed] Introduction and some questions!!</font>

<div> </div>

</div>

<div>

<table border="0" width="100%" cellspacing="0" cellpadding="0" align="left" style="height:20px; width:100%; font-family:Calibri; font-size:16px">

<tbody>

<tr style="height:20px">

<td style="background:#ffb900; padding:5pt 2pt; height:54px"> </td>

<td width="100%" style="background:#fff8e5; padding:5pt 4pt 5pt 12pt; height:20px">

<div style="color:#222222"><span style="color:#ff0000; font-weight:bold">CyberArk Security Warning:</span> This is an external email!</div>

</td>

</tr>

</tbody>

</table>

<p> </p>

<div>

<div dir="ltr">Hi Monika,

<div><br>

</div>

<div>I believe you introduced yourself at today's meeting (<a href="https://urldefense.com/v3/__https://openid.net/wg/connect/__;!!Pe07N362zA!wANZC_iCk7tiK1dYAQNAY0ihdavsn8N0tsLucJpsQoksYpO9HLE4a5-j16-BFaJZCA3OnHGEeF8m8OoF9jbsCFPyUAKYqg$">AB Connect Working

 Group</a>).</div>

<div><br>

</div>

<div>Not sure if it's safe to say this... but it seems like that this email list hasn't been very active for the past several years. I do love all the ideas behind FastFed, and hear you on this for sure (these things become very visible when you do these things

 at any scale and maybe, you want to automate that).</div>

<div><br>

</div>

<div>I won't tell you anything concrete about your first question (SCIM + FastFed), but I'd suggest you reach out to <a href="https://urldefense.com/v3/__https://datatracker.ietf.org/wg/scim/about/__;!!Pe07N362zA!wANZC_iCk7tiK1dYAQNAY0ihdavsn8N0tsLucJpsQoksYpO9HLE4a5-j16-BFaJZCA3OnHGEeF8m8OoF9jbsCFOsKicLdQ$">https://datatracker.ietf.org/wg/scim/about/</a>

 directly.</div>

<div><br>

</div>

<div>For machine identities there is a separate group called WIMSE (Workload Identity in Multi System Environments), this group has been very active recently. Have a look at

<a href="https://urldefense.com/v3/__https://datatracker.ietf.org/wg/wimse/about__;!!Pe07N362zA!wANZC_iCk7tiK1dYAQNAY0ihdavsn8N0tsLucJpsQoksYpO9HLE4a5-j16-BFaJZCA3OnHGEeF8m8OoF9jbsCFOrAOQGNA$">

https://datatracker.ietf.org/wg/wimse/about</a> for what they are working on.</div>

<div><br>

</div>

<div>There are also a couple of (draft) specifications like <a href="https://urldefense.com/v3/__https://openid.net/specs/openid-provider-commands-1_0.html__;!!Pe07N362zA!wANZC_iCk7tiK1dYAQNAY0ihdavsn8N0tsLucJpsQoksYpO9HLE4a5-j16-BFaJZCA3OnHGEeF8m8OoF9jbsCFMUttg_tw$">OpenID

 Provider Commands</a> and <a href="https://urldefense.com/v3/__https://openid.net/specs/openid-connect-enterprise-extensions-1_0.html__;!!Pe07N362zA!wANZC_iCk7tiK1dYAQNAY0ihdavsn8N0tsLucJpsQoksYpO9HLE4a5-j16-BFaJZCA3OnHGEeF8m8OoF9jbsCFOdIoj5Iw$">Enterprise

 Extensions</a> from Dick Hardt, and a separate <a href="https://urldefense.com/v3/__https://openid.net/wg/ipsie__;!!Pe07N362zA!wANZC_iCk7tiK1dYAQNAY0ihdavsn8N0tsLucJpsQoksYpO9HLE4a5-j16-BFaJZCA3OnHGEeF8m8OoF9jbsCFPs7_J9IA$">working group</a> focused on "The

 Interoperability Profiling for Secure Identity in the Enterprise" that you might find interesting, due to their overlap (at some degree.. if I may) with the FastFed.</div>

<div><br>

</div>

<div>All the best,</div>

<div>Andrii</div>

<div><br>

</div>

<div></div>

</div>

<br>

<div class="x_gmail_quote x_gmail_quote_container">

<div dir="ltr" class="x_gmail_attr">On Thu, Jun 26, 2025 at 9:39 AM Monika Avalur via Openid-specs-fastfed <<a href="mailto:openid-specs-fastfed@lists.openid.net">openid-specs-fastfed@lists.openid.net</a>> wrote:<br>

</div>

<blockquote class="x_gmail_quote" style="margin:0px 0px 0px 0.8ex; border-left:1px solid rgb(204,204,204); padding-left:1ex">

<div class="x_msg6343280204511546534">

<div dir="ltr">

<div style="margin:0px; font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

Hi,</div>

<div style="margin:0px; font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

<br>

</div>

<div style="margin:0px; font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

I am Monika Avalur working as a product manager in IAM space in CyberArk. I have been assigned to this working group and have been going through the specs for FastFed.</div>

<div style="margin:0px; font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

<br>

</div>

<div style="margin:0px; font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

Firstly I love FastFed as I am able to echo the pain in setting up federation with all that Schema mapping.</div>

<div style="margin:0px; font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

<br>

</div>

<div style="margin:0px; font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

I have couple of questions/suggestion/use cases I see today that I would want to share with this group to check if we are doing anything in those terms.</div>

<div style="margin:0px; font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

<br>

</div>

<ol start="1" style="margin-top:0px; margin-bottom:0px; list-style-type:decimal">

<li style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

<div role="presentation" style="margin:0px">Extending SCIM to sync any generic entities. i.e., today only users and groups can be provisioned using SCIM. Is there any plan to make this generic enough such that say certain app/device/AI agent/Org metadata can

 be provisioned or this data can be generically exchanged between two entities? This can extend to AI agents, machine identities etc.,</div>

</li><li style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

<div role="presentation" style="margin:0px">I don't see this particular draft talking about federation of machine identities, could be workload identities/AI agents/service users etc., In this case we mostly use STS/OAuth client creds/MTLS based authentication.

 So do we plan on supporting them as well?</div>

</li></ol>

<div style="margin:0px; font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

<br>

</div>

<div style="margin:0px; font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

Thanks & Regards,</div>

<div style="margin:0px; font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

Monika</div>

<div style="margin:0px; font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

<br>

</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

<br>

</div>

</div>

_______________________________________________<br>

Openid-specs-fastfed mailing list<br>

<a href="mailto:Openid-specs-fastfed@lists.openid.net" target="_blank">Openid-specs-fastfed@lists.openid.net</a><br>

<a href="https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-fastfed__;!!Pe07N362zA!wANZC_iCk7tiK1dYAQNAY0ihdavsn8N0tsLucJpsQoksYpO9HLE4a5-j16-BFaJZCA3OnHGEeF8m8OoF9jbsCFPITjwkNQ$" rel="noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-fastfed</a><br>

</div>

</blockquote>

</div>

</div>

</div>

</body>

</html>