1G/ “It’s a Pain In The Ass, But it’s Well Supported” (FIdM)
“It’s a pain in the ass, but it’s well supported” (FIdM)
Thursday 1G
Convener: Alan Karp
Notes-taker(s): Judith Bush
Tags for the session - technology discussed/ideas considered:
Authorization
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Current IDP systems can control authorization at RP at service level scale by choosing to issue SAML response or not based on internal grants (eg: by assignment to groups). Finer grained authorization is the open problem, that Alan believes should be handled at IdP and communicated via tokens to RP. The RP should not need to link an identity to an access profile.
Later, Alan noted that he was conflating the above with issues of chained delegation within the domain of the IdP and that issue can be kept separate from the issue of authentication/authorization.