OpenID ... ? On Wed, Apr 6, 2016 at 9:59 AM, Anthony Nadalin <tony...@microsoft.com> wrote:
> Good question, since SCIM does not really provide an authorization model > and Oauth does not do provisioning this is sort of caught in the middle, so > if I had to pick I would pick Oauth as this is a generic server to server > issue > > > > *From:* Hardt, Dick [mailto:d...@amazon.com] > *Sent:* Wednesday, April 6, 2016 5:52 AM > *To:* Anthony Nadalin <tony...@microsoft.com> > *Cc:* Gil Kirkpatrick <gil.kirkpatr...@viewds.com>; Nat Sakimura < > n-sakim...@nri.co.jp>; Phil Hunt (IDM) <phil.h...@oracle.com>; > s...@ietf.org; oauth@ietf.org > *Subject:* Re: [scim] [OAUTH-WG] Simple Federation Deployment > > > > Sounds like there is interest. > > > > SCIM or OAUTH? > > -- Dick > > > On Apr 6, 2016, at 8:57 AM, Anthony Nadalin <tony...@microsoft.com> wrote: > > I would be interested also > > > > Sent from my Windows 10 phone > > > > *From: *Gil Kirkpatrick <gil.kirkpatr...@viewds.com> > *Sent: *Wednesday, April 6, 2016 4:16 AM > *To: *'Nat Sakimura' <n-sakim...@nri.co.jp>; 'Hardt, Dick' > <d...@amazon.com>; 'Phil Hunt (IDM)' <phil.h...@oracle.com> > *Cc: *s...@ietf.org; oauth@ietf.org > *Subject: *Re: [scim] [OAUTH-WG] Simple Federation Deployment > > > > That’s an issue we’re facing as well. Definitely interested. > > > > -gil > > > > *From:* OAuth [mailto:oauth-boun...@ietf.org <oauth-boun...@ietf.org>] *On > Behalf Of *Nat Sakimura > *Sent:* Wednesday, April 6, 2016 4:57 PM > *To:* 'Hardt, Dick' <d...@amazon.com>; 'Phil Hunt (IDM)' < > phil.h...@oracle.com> > *Cc:* s...@ietf.org; oauth@ietf.org > *Subject:* Re: [OAUTH-WG] [scim] Simple Federation Deployment > > > > +1 for removing the manual cut-n-pastes! > > > > Nat > > > > -- > > PLEASE READ :This e-mail is confidential and intended for the > > named recipient only. If you are not an intended recipient, > > please notify the sender and delete this e-mail. > > > > *From:* scim [mailto:scim-boun...@ietf.org <scim-boun...@ietf.org>] *On > Behalf Of *Hardt, Dick > *Sent:* Wednesday, April 6, 2016 7:26 AM > *To:* Phil Hunt (IDM) <phil.h...@oracle.com> > *Cc:* s...@ietf.org; oauth@ietf.org > *Subject:* Re: [scim] Simple Federation Deployment > > > > I’m talking about removing manual steps in what happens today where > configuring a SaaS app at an IdP (such as Google, Azure, Ping, Octa) > requires is a bunch of cutting and pasting of access tokens / keys / certs > and doing a bunch of config that is error prone and unique for each > relationship. > > > > Don’t want to solve on the thread … looking to see if there is interest! > > > > On 4/5/16, 7:11 PM, someone claiming to be "scim on behalf of Phil Hunt > (IDM)" <scim-boun...@ietf.org on behalf of phil.h...@oracle.com> wrote: > > > > Is the idp the center of all things for these users? > > > > Usually you have a provisioning system that coordinates state and uses > things like scim connectors to do this. > > > > Another approach from today would be to pass a scim event to the remote > provider which then decides what needs to be done to facilitate the thingd > you describe. > > > > Iow. Either the idp (sender) or the sp (receiver) have a provisioning > system to do this. > > > > The solution and the simplicity depends on where the control needs to be. > > Phil > > > On Apr 5, 2016, at 18:59, Hardt, Dick <d...@amazon.com> wrote: > > Use case: An admin for an organization would like to enable her users to > access a SaaS application at her IdP. > > > > User experience: > > 1. Admin authenticates to IdP in browser > 2. Admin selects SaaS app to federate with from list at IdP > 3. IdP optionally presents config options > 4. IdP redirects Admin to SaaS app > 5. Admin authenticates to SaaS app > 6. SaaS app optionally gathers config options > 7. SaaS app redirects admin to IdP > 8. IdP confirms successful federation => OIDC / SAML and SCIM are now > configured and working between IdP and SaaS App > > Who else is interested in solving this? > > > > Is there interest in working on this in either SCIM or OAUTH Wgs? > > > > Any one in BA interested in meeting on this topic this week? > > > > — Dick > > _______________________________________________ > scim mailing list > s...@ietf.org > https://www.ietf.org/mailman/listinfo/scim > <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2fscim&data=01%7c01%7ctonynad%40microsoft.com%7c871da74138de485b0bb008d35deb6643%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=%2fILmgXPgRyLfCIn%2b2EbpBbIcHqKJbKZVYKJBpUL%2fKnY%3d> > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
