Good question, since SCIM does not really provide an authorization model and Oauth does not do provisioning this is sort of caught in the middle, so if I had to pick I would pick Oauth as this is a generic server to server issue
From: Hardt, Dick [mailto:d...@amazon.com] Sent: Wednesday, April 6, 2016 5:52 AM To: Anthony Nadalin <tony...@microsoft.com> Cc: Gil Kirkpatrick <gil.kirkpatr...@viewds.com>; Nat Sakimura <n-sakim...@nri.co.jp>; Phil Hunt (IDM) <phil.h...@oracle.com>; s...@ietf.org; oauth@ietf.org Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment Sounds like there is interest. SCIM or OAUTH? -- Dick On Apr 6, 2016, at 8:57 AM, Anthony Nadalin <tony...@microsoft.com<mailto:tony...@microsoft.com>> wrote: I would be interested also Sent from my Windows 10 phone From: Gil Kirkpatrick<mailto:gil.kirkpatr...@viewds.com> Sent: Wednesday, April 6, 2016 4:16 AM To: 'Nat Sakimura'<mailto:n-sakim...@nri.co.jp>; 'Hardt, Dick'<mailto:d...@amazon.com>; 'Phil Hunt (IDM)'<mailto:phil.h...@oracle.com> Cc: s...@ietf.org<mailto:s...@ietf.org>; oauth@ietf.org<mailto:oauth@ietf.org> Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment That's an issue we're facing as well. Definitely interested. -gil From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Nat Sakimura Sent: Wednesday, April 6, 2016 4:57 PM To: 'Hardt, Dick' <d...@amazon.com<mailto:d...@amazon.com>>; 'Phil Hunt (IDM)' <phil.h...@oracle.com<mailto:phil.h...@oracle.com>> Cc: s...@ietf.org<mailto:s...@ietf.org>; oauth@ietf.org<mailto:oauth@ietf.org> Subject: Re: [OAUTH-WG] [scim] Simple Federation Deployment +1 for removing the manual cut-n-pastes! Nat -- PLEASE READ :This e-mail is confidential and intended for the named recipient only. If you are not an intended recipient, please notify the sender and delete this e-mail. From: scim [mailto:scim-boun...@ietf.org] On Behalf Of Hardt, Dick Sent: Wednesday, April 6, 2016 7:26 AM To: Phil Hunt (IDM) <phil.h...@oracle.com<mailto:phil.h...@oracle.com>> Cc: s...@ietf.org<mailto:s...@ietf.org>; oauth@ietf.org<mailto:oauth@ietf.org> Subject: Re: [scim] Simple Federation Deployment I'm talking about removing manual steps in what happens today where configuring a SaaS app at an IdP (such as Google, Azure, Ping, Octa) requires is a bunch of cutting and pasting of access tokens / keys / certs and doing a bunch of config that is error prone and unique for each relationship. Don't want to solve on the thread ... looking to see if there is interest! On 4/5/16, 7:11 PM, someone claiming to be "scim on behalf of Phil Hunt (IDM)" <scim-boun...@ietf.org<mailto:scim-boun...@ietf.org> on behalf of phil.h...@oracle.com<mailto:phil.h...@oracle.com>> wrote: Is the idp the center of all things for these users? Usually you have a provisioning system that coordinates state and uses things like scim connectors to do this. Another approach from today would be to pass a scim event to the remote provider which then decides what needs to be done to facilitate the thingd you describe. Iow. Either the idp (sender) or the sp (receiver) have a provisioning system to do this. The solution and the simplicity depends on where the control needs to be. Phil On Apr 5, 2016, at 18:59, Hardt, Dick <d...@amazon.com<mailto:d...@amazon.com>> wrote: Use case: An admin for an organization would like to enable her users to access a SaaS application at her IdP. User experience: 1. Admin authenticates to IdP in browser 2. Admin selects SaaS app to federate with from list at IdP 3. IdP optionally presents config options 4. IdP redirects Admin to SaaS app 5. Admin authenticates to SaaS app 6. SaaS app optionally gathers config options 7. SaaS app redirects admin to IdP 8. IdP confirms successful federation => OIDC / SAML and SCIM are now configured and working between IdP and SaaS App Who else is interested in solving this? Is there interest in working on this in either SCIM or OAUTH Wgs? Any one in BA interested in meeting on this topic this week? - Dick _______________________________________________ scim mailing list s...@ietf.org<mailto:s...@ietf.org> https://www.ietf.org/mailman/listinfo/scim<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2fscim&data=01%7c01%7ctonynad%40microsoft.com%7c871da74138de485b0bb008d35deb6643%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=%2fILmgXPgRyLfCIn%2b2EbpBbIcHqKJbKZVYKJBpUL%2fKnY%3d>
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
