[Openid-specs-ipsie] Fwd: OpenID Foundation IPSIE WG

Tue Mar 25 02:57:18 UTC 2025

 IPSIE WG,

Last week at IETF122 Aaron spoke about IPSIE at the SCIM WG.  Following his
presentation, I agreed to bridge work between the two WGs and keep the SCIM
WG in the loop regarding IPSIE WG’s work.  Please see my note to the SCIM
WG below.

I want to emphasize that IPSIE WG does not intend to create or update
existing specs where there is already a natural home that work is taking
place.  If IPSIE determines that new features in SCIM are desirable for
IPSIE, those features should be proposed and standardized in the SCIM WG.
This is similar to how we’re working with AB Connect on the tenancy
requirements, except there is no formal agreement in place between the
OpenID Foundation and IETF.

If there are any questions, please let me know.

-dhs

--
Dean H. Saxe, CIDPRO <https://idpro.org/cidpro/> (he/him)
Principal Engineer
Office of the CTO
Beyond Identity
dean.saxe at beyondidentity.com

---------- Forwarded message ---------
From: Dean Saxe <dean.saxe at beyondidentity.com>
Date: Mar 19, 2025 at 11:42:04 PM
Subject: OpenID Foundation IPSIE WG
To: SCIM WG <scim at ietf.org>

Hello SCIM WG,

Following Aaron Parecki’s presentation on IPSIE yesterday (video
<https://meetecho-player.ietf.org/playout/?session=IETF122-SCIM-20250319-0830>,
notes <https://notes.ietf.org/notes-ietf-122-scim>), I’d like to follow up
on the mailing list with more details about IPSIE and the intersection with
the SCIM WG.

*What is IPSIE? *
The Interoperability Profiling for Secure Identity in the Enterprise
(IPSIE) Work Group develops interoperability and security profiles of
existing specifications that enable secure identity management within the
enterprise.
https://openid.net/wg/ipsie/

*How does IPSIE intersect with SCIM WG?*
As written in our charter <https://openid.net/wg/ipsie/ipsie-charter/>:

This working group will develop profiles of existing specifications with
the primary goal of achieving independent implementations being
interoperable, while also prioritizing secure defaults within the
specifications.

The initial problem space of the working group is focused around:

   - Single Sign-On
      - *User Lifecycle Management*
      - *Entitlements*
      - Risk Signal Sharing
      - Logout
      - Token Revocation

Although we have not chosen specific protocols for user lifecycle
management and entitlements, SCIM represents an existing set of protocols
that may be profiled by IPSIE as part of our scope of work.  If we profile
SCIM, we want to work closely with the IETF SCIM WG to do so.  Should there
be a need to add to the SCIM protocols, that work is best carried out
within the SCIM WG.  IPSIE does not intend to create new protocols or
update existing protocols as part of its work.  We would prefer that work
is completed in its natural home, e.g. the SCIM WG.

*What is the current state of IPSIE?*
As of today, we have completed our initial work to define IPSIE “levels”
<https://github.com/openid/ipsie/blob/main/ipsie-levels.md> in two tracks:
Identity Lifecycle (IL) and Session Lifecycle (SL).  Each track specifies
the capabilities we wish to achieve for both the identity services and
applications used by an enterprise.  SCIM fits into the IL series of
capabilities:

*What next? How can I help?*
Now that we have defined the levels, the WG has started work on defining
the profiles for SL1 and IL1.  Our intent is to deliver a draft profile
later this year so that we may hold an interop event at Gartner IAM in
December, 2025.  At this time, we do not have a draft profile for IL1. We
welcome members of the SCIM WG to contribute to a IL1 profile.
Contributors do not need to be OpenID Foundation members, however, they
must sign the OpenID Foundation contribution agreement
<https://openid.net/intellectual-property/openid-foundation-contribution-agreements/>
.

*Where can I find more information?*

As co-chair of the IPSIE WG, I’ll serve as the bridge between the two
groups and provide future updates to the SCIM WG about the work in IPSIE WG.

IPSIE WG Homepage <https://openid.net/wg/ipsie/>
IPSIE WG GitHub Repo <https://github.com/openid/ipsie/> - current documents
and meeting minutes can all be found here
IPSIE WG Mailing List
<https://lists.openid.net/mailman/listinfo/openid-specs-ipsie?_gl=1*1oiaoif*_ga*NzI0Nzg4OTMyLjE3MjYwNjU5OTg.*_ga_NF8HNLNJJE*MTc0MjQ1MDg2OC4zNy4xLjE3NDI0NTI3MjkuMC4wLjA.&_ga=2.196557412.91786334.1742450871-724788932.1726065998>
The IPSIE chairs (myself and Aaron Parecki) can be reached at
openid-specs-ipsie-owner at lists.openid.net.

The WG meets weekly on Tuesday at 09:00 Pacific Time (GMT-7 until November,
2025).  Call details can be found on the OpenID Calendar
<https://openid.net/calendar/>.

If you have any questions, please let me know.

Respectfully,
-dhs

--
Dean H. Saxe, CIDPRO <https://idpro.org/cidpro/> (he/him)
Principal Engineer
Office of the CTO
Beyond Identity
dean.saxe at beyondidentity.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ipsie/attachments/20250324/c8650eb9/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screenshot 2025-03-20 at 1.27.19?PM.png
Type: image/png
Size: 402722 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ipsie/attachments/20250324/c8650eb9/attachment-0001.png>