Simple Cloud Identity Management

Session Topic:Simple Cloud Identity Management – Overview and Use Cases (T1H)

Convener:Chuck Mortimer, Patrick Harding & Darran Rolls

Notes-taker(s): Darran Rolls

Tags for the session - technology discussed/ideas considered:

Simple Cloud Identity Management (SCIM) Provisioning LDAP REST

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Where can I find more information – charter, use cases etc?

At http://simplecloud.info

What is the licensing & IP model?

- It’s initially under the Open Web Foundation Contributor License V 1.0, but there has been some talk of moving it to IETF if the community so desires

Why is this activity not simply taking an explicit AuthN token approach – why move around identities at all?

Lots of discussion on why accounts are needed outside of the IDP

Not the same issue – this is explicitly for creating accounts based on direct specific requests and protocol flows

Where are we today?

Draft core schema doc available for review – please comment

Draft REST API bindings available for review – please comment

Draft scenarios (use cases) available for review – please add/comment

What other schema initiatives did you look at?
 * inetorgperson
 * Portable Contacts
 * 8 separate cloud providers
 * SPML/DSML
 * Eduperson

Will SCIM support OpenID and XRI identifiers

Yes multiple identifiers are available

How could policy and controls to applied to the exchange?
 * There’s a space in the draft spec for that – yes you could use IGF

Based on the proposed charter (as read) the following points were made:
 * This is federated identity with explicit account creation on the back-side
 * There may be issues handling volume sync operation of the front channel
 * Just In Time flows are key but the spec hopes to cover batch operations too
 * Spec is specifically not addressing AuthZ
 * Designed to meet needs for enterprise, consumer and mobile
 * If possible make an incentive for implementers to stick to the core schema