Cloud Directory Standards
From IIW
Issue/Topic: Cloud Directory Standards
Session: Wednesday 5C
Conference: IIW-11 November 2-4, Mountain View, Complete Notes Page
Convener: Eric Sachs, Patrick H., Chuck M.
Notes-taker(s): Eric Sachs
Tags:
Discussion notes:
Overview of the Cloud LDAP problem:
- https://sites.google.com/site/oauthgoog/cloudldap
- Pressure from customers that are using increased number of SaaS providers
- Provisioning process often involves HR sending a spreadsheet every week
- Want providers to have a simple and consistent mechanism to work with all of these different companies
Some conversation between a few of the vendors around a technical solution:
- REST + OAuth
- Market not ready for a specific format
- SAML Assertion, batch push, run time pull, notifications on state change
Data schema
- Looked at six cloud apps (box.net, google apps, sfdc, webex, travel app, HR app)
- High disparity
- Nearly ubiquitous across providers: username (email for some, not others), first name, last name
- Questions about display name, internationalization. Most providers have optimized naming conventions for their home markets
- Beyond above, huge disparity in required and optional fields across providers
- Contact info, many don't care, others allow these fields as optional
- timezone, locale, language required by sfdc
Next steps
- match these fields against InetOrg and EduPerson persons
- Lots of subtle difference in the use of attributes
- mapping attribute names to providers is really hard
- Assertion that lowest common denominator doesn't meet the needs of any service
- Every app needs its own attributes and many definitions for common attributes overloaded