Cloud Directory Standards

From IIW

Issue/Topic: Cloud Directory Standards

Session: Wednesday 5C

Conference: IIW-11 November 2-4, Mountain View, Complete Notes Page

Convener: Eric Sachs, Patrick H., Chuck M.

Notes-taker(s): Eric Sachs

Tags:

Discussion notes:

Overview of the Cloud LDAP problem:

  • https://sites.google.com/site/oauthgoog/cloudldap
  • Pressure from customers that are using increased number of SaaS providers
  • Provisioning process often involves HR sending a spreadsheet every week
  • Want providers to have a simple and consistent mechanism to work with all of these different companies

Some conversation between a few of the vendors around a technical solution:

  • REST + OAuth
  • Market not ready for a specific format
  • SAML Assertion, batch push, run time pull, notifications on state change

Data schema

  • Looked at six cloud apps (box.net, google apps, sfdc, webex, travel app, HR app)
  • High disparity
  • Nearly ubiquitous across providers: username (email for some, not others), first name, last name
  • Questions about display name, internationalization. Most providers have optimized naming conventions for their home markets
  • Beyond above, huge disparity in required and optional fields across providers
  • Contact info, many don't care, others allow these fields as optional
  • timezone, locale, language required by sfdc

Next steps

  • match these fields against InetOrg and EduPerson persons
  • Lots of subtle difference in the use of attributes
  • mapping attribute names to providers is really hard
  • Assertion that lowest common denominator doesn't meet the needs of any service
  • Every app needs its own attributes and many definitions for common attributes overloaded