I think it is worth discussing in oauth wg. While SCIM has issues, I think it represents a broader use case that other applications have that are deployed widely.
Phil @independentid www.independentid.com <http://www.independentid.com/>phil.h...@oracle.com <mailto:phil.h...@oracle.com> > On Apr 6, 2016, at 9:52 AM, Hardt, Dick <d...@amazon.com> wrote: > > Sounds like there is interest. > > SCIM or OAUTH? > > -- Dick > > On Apr 6, 2016, at 8:57 AM, Anthony Nadalin <tony...@microsoft.com > <mailto:tony...@microsoft.com>> wrote: > >> I would be interested also >> >> Sent from my Windows 10 phone >> >> From: Gil Kirkpatrick <mailto:gil.kirkpatr...@viewds.com> >> Sent: Wednesday, April 6, 2016 4:16 AM >> To: 'Nat Sakimura' <mailto:n-sakim...@nri.co.jp>; 'Hardt, Dick' >> <mailto:d...@amazon.com>; 'Phil Hunt (IDM)' <mailto:phil.h...@oracle.com> >> Cc: s...@ietf.org <mailto:s...@ietf.org>; oauth@ietf.org >> <mailto:oauth@ietf.org> >> Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment >> >> That’s an issue we’re facing as well. Definitely interested. >> >> -gil >> >> From: OAuth [mailto:oauth-boun...@ietf.org <mailto:oauth-boun...@ietf.org>] >> On Behalf Of Nat Sakimura >> Sent: Wednesday, April 6, 2016 4:57 PM >> To: 'Hardt, Dick' <d...@amazon.com <mailto:d...@amazon.com>>; 'Phil Hunt >> (IDM)' <phil.h...@oracle.com <mailto:phil.h...@oracle.com>> >> Cc: s...@ietf.org <mailto:s...@ietf.org>; oauth@ietf.org >> <mailto:oauth@ietf.org> >> Subject: Re: [OAUTH-WG] [scim] Simple Federation Deployment >> >> +1 for removing the manual cut-n-pastes! <> >> >> Nat >> >> -- >> PLEASE READ :This e-mail is confidential and intended for the >> named recipient only. If you are not an intended recipient, >> please notify the sender and delete this e-mail. >> >> From: scim [mailto:scim-boun...@ietf.org <mailto:scim-boun...@ietf.org>] On >> Behalf Of Hardt, Dick >> Sent: Wednesday, April 6, 2016 7:26 AM >> To: Phil Hunt (IDM) <phil.h...@oracle.com <mailto:phil.h...@oracle.com>> >> Cc: s...@ietf.org <mailto:s...@ietf.org>; oauth@ietf.org >> <mailto:oauth@ietf.org> >> Subject: Re: [scim] Simple Federation Deployment >> >> I’m talking about removing manual steps in what happens today where >> configuring a SaaS app at an IdP (such as Google, Azure, Ping, Octa) >> requires is a bunch of cutting and pasting of access tokens / keys / certs >> and doing a bunch of config that is error prone and unique for each >> relationship. >> >> Don’t want to solve on the thread … looking to see if there is interest! >> >> On 4/5/16, 7:11 PM, someone claiming to be "scim on behalf of Phil Hunt >> (IDM)" <scim-boun...@ietf.org <mailto:scim-boun...@ietf.org> on behalf of >> phil.h...@oracle.com <mailto:phil.h...@oracle.com>> wrote: >> >> Is the idp the center of all things for these users? >> >> Usually you have a provisioning system that coordinates state and uses >> things like scim connectors to do this. >> >> Another approach from today would be to pass a scim event to the remote >> provider which then decides what needs to be done to facilitate the thingd >> you describe. >> >> Iow. Either the idp (sender) or the sp (receiver) have a provisioning system >> to do this. >> >> The solution and the simplicity depends on where the control needs to be. >> >> Phil >> >> On Apr 5, 2016, at 18:59, Hardt, Dick <d...@amazon.com >> <mailto:d...@amazon.com>> wrote: >> >> Use case: An admin for an organization would like to enable her users to >> access a SaaS application at her IdP. >> >> User experience: >> Admin authenticates to IdP in browser >> Admin selects SaaS app to federate with from list at IdP >> IdP optionally presents config options >> IdP redirects Admin to SaaS app >> Admin authenticates to SaaS app >> SaaS app optionally gathers config options >> SaaS app redirects admin to IdP >> IdP confirms successful federation => OIDC / SAML and SCIM are now >> configured and working between IdP and SaaS App >> Who else is interested in solving this? >> >> Is there interest in working on this in either SCIM or OAUTH Wgs? >> >> Any one in BA interested in meeting on this topic this week? >> >> — Dick >> _______________________________________________ >> scim mailing list >> s...@ietf.org <mailto:s...@ietf.org> >> https://www.ietf.org/mailman/listinfo/scim >> <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2fscim&data=01%7c01%7ctonynad%40microsoft.com%7c871da74138de485b0bb008d35deb6643%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=%2fILmgXPgRyLfCIn%2b2EbpBbIcHqKJbKZVYKJBpUL%2fKnY%3d>
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
