Cloud Directory Standards

Issue/Topic: Cloud Directory Standards

Session: Wednesday 5C

Conference: IIW-11 November 2-4, Mountain View, Complete Notes Page

Convener: Eric Sachs, Patrick H., Chuck M.

Notes-taker(s): Eric Sachs

Tags:

Discussion notes:

Overview of the Cloud LDAP problem:
 * https://sites.google.com/site/oauthgoog/cloudldap
 * Pressure from customers that are using increased number of SaaS providers
 * Provisioning process often involves HR sending a spreadsheet every week
 * Want providers to have a simple and consistent mechanism to work with all of these different companies

Some conversation between a few of the vendors around a technical solution: Data schema
 * REST + OAuth
 * Market not ready for a specific format
 * SAML Assertion, batch push, run time pull, notifications on state change
 * Looked at six cloud apps (box.net, google apps, sfdc, webex, travel app, HR app)
 * High disparity
 * Nearly ubiquitous across providers: username (email for some, not others), first name, last name
 * Questions about display name, internationalization. Most providers have optimized naming conventions for their home markets
 * Beyond above, huge disparity in required and optional fields across providers
 * Contact info, many don't care, others allow these fields as optional
 * timezone, locale, language required by sfdc

Next steps
 * match these fields against InetOrg and EduPerson persons
 * Lots of subtle difference in the use of attributes
 * mapping attribute names to providers is really hard
 * Assertion that lowest common denominator doesn't meet the needs of any service
 * Every app needs its own attributes and many definitions for common attributes overloaded