+1, this seems a better fit for openid. — Justin
> On Apr 6, 2016, at 9:05 AM, Brian Campbell <bcampb...@pingidentity.com> wrote: > > OpenID ... ? > > On Wed, Apr 6, 2016 at 9:59 AM, Anthony Nadalin <tony...@microsoft.com > <mailto:tony...@microsoft.com>> wrote: > Good question, since SCIM does not really provide an authorization model and > Oauth does not do provisioning this is sort of caught in the middle, so if I > had to pick I would pick Oauth as this is a generic server to server issue > > <> > From: Hardt, Dick [mailto:d...@amazon.com <mailto:d...@amazon.com>] > Sent: Wednesday, April 6, 2016 5:52 AM > To: Anthony Nadalin <tony...@microsoft.com <mailto:tony...@microsoft.com>> > Cc: Gil Kirkpatrick <gil.kirkpatr...@viewds.com > <mailto:gil.kirkpatr...@viewds.com>>; Nat Sakimura <n-sakim...@nri.co.jp > <mailto:n-sakim...@nri.co.jp>>; Phil Hunt (IDM) <phil.h...@oracle.com > <mailto:phil.h...@oracle.com>>; s...@ietf.org <mailto:s...@ietf.org>; > oauth@ietf.org <mailto:oauth@ietf.org> > Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment > > > > Sounds like there is interest. > > > > SCIM or OAUTH? > > -- Dick > > > On Apr 6, 2016, at 8:57 AM, Anthony Nadalin <tony...@microsoft.com > <mailto:tony...@microsoft.com>> wrote: > > I would be interested also > > > > Sent from my Windows 10 phone > > > > From: Gil Kirkpatrick <mailto:gil.kirkpatr...@viewds.com> > Sent: Wednesday, April 6, 2016 4:16 AM > To: 'Nat Sakimura' <mailto:n-sakim...@nri.co.jp>; 'Hardt, Dick' > <mailto:d...@amazon.com>; 'Phil Hunt (IDM)' <mailto:phil.h...@oracle.com> > Cc: s...@ietf.org <mailto:s...@ietf.org>; oauth@ietf.org > <mailto:oauth@ietf.org> > Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment > > > > That’s an issue we’re facing as well. Definitely interested. > > > > -gil > > > > From: OAuth [mailto:oauth-boun...@ietf.org <mailto:oauth-boun...@ietf.org>] > On Behalf Of Nat Sakimura > Sent: Wednesday, April 6, 2016 4:57 PM > To: 'Hardt, Dick' <d...@amazon.com <mailto:d...@amazon.com>>; 'Phil Hunt > (IDM)' <phil.h...@oracle.com <mailto:phil.h...@oracle.com>> > Cc: s...@ietf.org <mailto:s...@ietf.org>; oauth@ietf.org > <mailto:oauth@ietf.org> > Subject: Re: [OAUTH-WG] [scim] Simple Federation Deployment > > > > +1 for removing the manual cut-n-pastes! > > > > Nat > > > > -- > > PLEASE READ :This e-mail is confidential and intended for the > > named recipient only. If you are not an intended recipient, > > please notify the sender and delete this e-mail. > > > > From: scim [mailto:scim-boun...@ietf.org <mailto:scim-boun...@ietf.org>] On > Behalf Of Hardt, Dick > Sent: Wednesday, April 6, 2016 7:26 AM > To: Phil Hunt (IDM) <phil.h...@oracle.com <mailto:phil.h...@oracle.com>> > Cc: s...@ietf.org <mailto:s...@ietf.org>; oauth@ietf.org > <mailto:oauth@ietf.org> > Subject: Re: [scim] Simple Federation Deployment > > > > I’m talking about removing manual steps in what happens today where > configuring a SaaS app at an IdP (such as Google, Azure, Ping, Octa) requires > is a bunch of cutting and pasting of access tokens / keys / certs and doing a > bunch of config that is error prone and unique for each relationship. > > > > Don’t want to solve on the thread … looking to see if there is interest! > > > > On 4/5/16, 7:11 PM, someone claiming to be "scim on behalf of Phil Hunt > (IDM)" <scim-boun...@ietf.org <mailto:scim-boun...@ietf.org> on behalf of > phil.h...@oracle.com <mailto:phil.h...@oracle.com>> wrote: > > > > Is the idp the center of all things for these users? > > > > Usually you have a provisioning system that coordinates state and uses things > like scim connectors to do this. > > > > Another approach from today would be to pass a scim event to the remote > provider which then decides what needs to be done to facilitate the thingd > you describe. > > > > Iow. Either the idp (sender) or the sp (receiver) have a provisioning system > to do this. > > > > The solution and the simplicity depends on where the control needs to be. > > Phil > > > On Apr 5, 2016, at 18:59, Hardt, Dick <d...@amazon.com > <mailto:d...@amazon.com>> wrote: > > Use case: An admin for an organization would like to enable her users to > access a SaaS application at her IdP. > > > > User experience: > > Admin authenticates to IdP in browser > Admin selects SaaS app to federate with from list at IdP > IdP optionally presents config options > IdP redirects Admin to SaaS app > Admin authenticates to SaaS app > SaaS app optionally gathers config options > SaaS app redirects admin to IdP > IdP confirms successful federation => OIDC / SAML and SCIM are now configured > and working between IdP and SaaS App > Who else is interested in solving this? > > > > Is there interest in working on this in either SCIM or OAUTH Wgs? > > > > Any one in BA interested in meeting on this topic this week? > > > > — Dick > > _______________________________________________ > scim mailing list > s...@ietf.org <mailto:s...@ietf.org> > https://www.ietf.org/mailman/listinfo/scim > <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2fscim&data=01%7c01%7ctonynad%40microsoft.com%7c871da74138de485b0bb008d35deb6643%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=%2fILmgXPgRyLfCIn%2b2EbpBbIcHqKJbKZVYKJBpUL%2fKnY%3d> > _______________________________________________ > OAuth mailing list > OAuth@ietf.org <mailto:OAuth@ietf.org> > https://www.ietf.org/mailman/listinfo/oauth > <https://www.ietf.org/mailman/listinfo/oauth> > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
