1G/ “It’s a Pain In The Ass, But it’s Well Supported” (FIdM)

From IIW

“It’s a pain in the ass, but it’s well supported” (FIdM)


Thursday 1G

Convener: Alan Karp

Notes-taker(s): Judith Bush


Tags for the session - technology discussed/ideas considered:

Authorization


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


Current IDP systems can control authorization at RP at service level scale by choosing to issue SAML response or not based on internal grants (eg: by assignment to groups). Finer grained authorization is the open problem, that Alan believes should be handled at IdP and communicated via tokens to RP. The RP should not need to link an identity to an access profile.


Later, Alan noted that he was conflating the above with issues of chained delegation within the domain of the IdP and that issue can be kept separate from the issue of authentication/authorization.

Thu1G.jpg

Thu1G2.jpg

Thu1G3.jpg