Simple Cloud Identity Management
Session Topic:Simple Cloud Identity Management – Overview and Use Cases (T1H)
Convener:Chuck Mortimer, Patrick Harding & Darran Rolls
Notes-taker(s): Darran Rolls
Tags for the session - technology discussed/ideas considered:
Simple Cloud Identity Management (SCIM) Provisioning LDAP REST
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Where can I find more information – charter, use cases etc?
What is the licensing & IP model?
- It’s initially under the Open Web Foundation Contributor License V 1.0, but there has been some talk of moving it to IETF if the community so desires
Why is this activity not simply taking an explicit AuthN token approach – why move around identities at all?
Lots of discussion on why accounts are needed outside of the IDP
Not the same issue – this is explicitly for creating accounts based on direct specific requests and protocol flows
Where are we today?
Draft core schema doc available for review – please comment
Draft REST API bindings available for review – please comment
Draft scenarios (use cases) available for review – please add/comment
What other schema initiatives did you look at?
- inetorgperson
- Portable Contacts
- 8 separate cloud providers
- SPML/DSML
- Eduperson
Will SCIM support OpenID and XRI identifiers
Yes multiple identifiers are available
How could policy and controls to applied to the exchange?
- There’s a space in the draft spec for that – yes you could use IGF
Based on the proposed charter (as read) the following points were made:
- This is federated identity with explicit account creation on the back-side
- There may be issues handling volume sync operation of the front channel
- Just In Time flows are key but the spec hopes to cover batch operations too
- Spec is specifically not addressing AuthZ
- Designed to meet needs for enterprise, consumer and mobile
- If possible make an incentive for implementers to stick to the core schema