Simple Cloud Identity Management

From IIW
Jump to: navigation, search

Session Topic:Simple Cloud Identity Management – Overview and Use Cases (T1H)

Convener:Chuck Mortimer, Patrick Harding & Darran Rolls

Notes-taker(s): Darran Rolls

Tags for the session - technology discussed/ideas considered:

Simple Cloud Identity Management (SCIM) Provisioning LDAP REST

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Where can I find more information – charter, use cases etc?


What is the licensing & IP model?

- It’s initially under the Open Web Foundation Contributor License V 1.0, but there has been some talk of moving it to IETF if the community so desires

Why is this activity not simply taking an explicit AuthN token approach – why move around identities at all?

Lots of discussion on why accounts are needed outside of the IDP

Not the same issue – this is explicitly for creating accounts based on direct specific requests and protocol flows

Where are we today?

Draft core schema doc available for review – please comment

Draft REST API bindings available for review – please comment

Draft scenarios (use cases) available for review – please add/comment

What other schema initiatives did you look at?

  • inetorgperson
  • Portable Contacts
  • 8 separate cloud providers
  • Eduperson

Will SCIM support OpenID and XRI identifiers

Yes multiple identifiers are available

How could policy and controls to applied to the exchange?

  • There’s a space in the draft spec for that – yes you could use IGF

Based on the proposed charter (as read) the following points were made:

  • This is federated identity with explicit account creation on the back-side
  • There may be issues handling volume sync operation of the front channel
  • Just In Time flows are key but the spec hopes to cover batch operations too
  • Spec is specifically not addressing AuthZ
  • Designed to meet needs for enterprise, consumer and mobile
  • If possible make an incentive for implementers to stick to the core schema