1G/ “It’s a Pain In The Ass, But it’s Well Supported” (FIdM)

From IIW
Revision as of 20:05, 12 May 2017 by Nobnatu (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

“It’s a pain in the ass, but it’s well supported” (FIdM)

Thursday 1G

Convener: Alan Karp

Notes-taker(s): Judith Bush

Tags for the session - technology discussed/ideas considered:


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Current IDP systems can control authorization at RP at service level scale by choosing to issue SAML response or not based on internal grants (eg: by assignment to groups). Finer grained authorization is the open problem, that Alan believes should be handled at IdP and communicated via tokens to RP. The RP should not need to link an identity to an access profile.

Later, Alan noted that he was conflating the above with issues of chained delegation within the domain of the IdP and that issue can be kept separate from the issue of authentication/authorization.