OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

provision message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Groups - Event "Bi-weekly PSTC meeting" modified

Submitter's message
Please send to me any corrections to the minutes.
-- Gary Cole
Event Title: Bi-weekly PSTC meeting
Date: Monday, 23 April 2012, 02:00pm - 03:00pm ET
Description

1-866-682-4770 conference: 1938387 passcode: 123456


This meeting counts towards voter eligibility.
Agenda

1) Call Roll.

2) Approve minutes from March 12 meeting.

3) SCIM Strategy (Prateek Mishra / Phil Hunt)
    - Report on events at IETF related to SCIM
    - Outlook for convergence
    - Implications for PSTC

4) AOB


Minutes

Chair: Gary Cole

Attendees:
Gary Cole (Oracle)
Marco Fanti (Oracle)
Karsten Huneycutt (UNC-Chapel Hill)
Phil Hunt (Oracle)
Kent Spaulding (Oracle)
Prateek Mishra (Oracle)

1) Call Roll:
- Gary took roll.
- Quorum *was* achieved (5 of 5 voting members attended)
- Voting status changes: Phil Hunt now has voting status.

2) Approve minutes from Mar 12 meeting.
- No one objected to approving the minutes as posted in the calendar-event.

3) SCIM Strategy (Prateek Mishra / Phil Hunt)
    - Report on events at IETF related to SCIM
    - Outlook for convergence
    - Implications for PSTC

SCIM Consortium currently has Ping Identity, Salesforce, UnboundID (and sometimes Google in the background):
- Use-cases say they're solving the broader problem, but currently somewhat LDAP-centric.
- Writing objects into the directory server is seen as the only type of provisioning that is necessary.
- SCIM aimed currently mainly at "service-provider" (application-vendor):
  -- RESTful API to LDAP.
  -- single-endpoint.
- Managed objects tend to  become complex--e.g., denormalized blend of user attributes, accounts and entitlements.

Identity Management (in the context of provisioning) can involve "hubs", "gateways" and "spokes" (in Phil's terms):
- SCIM is currently oriented to a single-spoke.
- Both hubs (e.g, IDM systems) and gateways (e.g., cloud-vendor or decentralized-IDM node) expose multiple targets.

 Phil made "Targeting Proposal" to allow a SCIM server to expose multiple targets:
- Targeting Proposal adds a layer into URLs (i.e., "Targets/<TargetName>" before "/Users" and before "/Groups").
- Targeting Proposal also formalizes references from User on one target to accounts on other targets.

Outlook for convergence is currently unclear:
- Many members want only to approve SCIM 1.0 as-is.
- Charter-draft now mentions "targeting", if somewhat vaguely (and optionally).

Gary says that these gaps are critical from a provisioning perspective.

Karsten says that identity-management is broader than a single-endpoint.

Possible Courses of Action:
#1. Influence SCIM at IETF.  Try to build support for Targeting Proposal or equivalent.
#2. Define RESTPML to wrap SCIM.  Follow its style and add a layer to represent "targets".
#3. Define RESTPML independent of SCIM.  Consider SCIM merely an endpoint-protocol.

Phil suggests some combination of #1 and #2.  Wait a little longer until we see what happens with SCIM. 
Prateek agrees.

Karsten points out that REST won't do everything--unless you clearly define attributes:
- Without explicit operations, one must specify schema carefully (and each provider must honor the contract).
- Sometimes it's nicer if your provider stays "dumb"--implementation is simpler when operations are explicit.

4) AOB: None.


Owner: Gary Cole
Group: OASIS Provisioning Services TC
Sharing: This event is shared with the OASIS Open (General Membership), and General Public groups. Public Event Link
 
BEGIN:VCALENDAR
CALSCALE:GREGORIAN
METHOD:PUBLISH
VERSION:2.0
PRODID:-//Kavi Corporation//NONSGML Kavi Groups//EN
X-MS-OLK-FORCEINSPECTOROPEN:TRUE
BEGIN:VTIMEZONE
TZID:America/New_York
BEGIN:STANDARD
DTSTART:20001029T020000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T060000Z
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:STANDARD
DTSTART:20071104T020000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000402T020000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T070000Z
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20070311T020000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
CATEGORIES:MEETING
STATUS:CONFIRMED
TRANSP:OPAQUE
DTSTAMP:20120423T000000Z
DTSTART;VALUE=DATE-TIME;TZID=America/New_York:20120423T140000
DTEND;VALUE=DATE-TIME;TZID=America/New_York:20120423T150000
SEQUENCE:493
SUMMARY:Bi-weekly PSTC meeting
DESCRIPTION:1-866-682-4770 conference: 1938387 passcode:
  123456\n\nAgenda: 1) Call Roll.\n2) Approve minutes from
  March 12 meeting.\n3) SCIM Strategy (Prateek Mishra / Phil
  Hunt)\n    - Report on events at IETF related to SCIM\n    -
  Outlook for convergence\n    - Implications for PSTC\n4)
  AOB\nGroup: OASIS Provisioning Services TC\nCreator: Gary
  Cole
URL:http://www.oasis-open.org/apps/org/workgroup/provision/event.php?event_id=30862
UID:http://www.oasis-open.org/apps/org/workgroup/provision/event.php?event_id=30862
BEGIN:VALARM
ACTION:DISPLAY
DESCRIPTION:REMINDER
TRIGGER;RELATED=START:-PT00H15M00S
END:VALARM
END:VEVENT
END:VCALENDAR

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]