Recording: https://www.youtube.com/watch?v=q7Fpf0JfLcM
- Tim Cappalli (Microsoft Identity)
- Mark Wahl (Microsoft Identity)
- Matt Domsch (Sailpoint)
- Wes Dunnington (Ping)
- Matt Peterson (OneIdentity)
- Dean Saxe (AWS)
- Pamela Dingle (Microsoft Identity)
- Paul Lanzi (Remediant)
- Anuradha
- Audrei (Slack)
- Danny Mayer
- Isanka Rajapaksha
- Imesh Chandrasiri
- Jacob Childress
- Jeremy Palenchar
- Minoli de Silva
- Quint Daenen (Elimity)
- Rashmini
- Vivek Thakyal (AWS)
- Yasin
{Mark}
- Lots of groups defining protocols. Used to be just IETF. Now OASIS, OIDF, etc. Challenges with terminology. May not know IETF specifics or behind the scenes assumptions
- MAY is an interesting word for interoperability. Heavily used in SCIM RFCs.
- Need a document that profiles certain common applications / use cases, that makes it more cookie cutter to implement.
- Payload should be more prescriptive
- List of "things you need"
- Existing expired internet draft
- {Matt Domsch} what about changes to objects (ex: many solutios today send webhooks on changes)
- {Jeremy} If IdP is always the client and the RP is always the server, we could eliminate the need for eventing.
- {Matt Peterson} use this as an opportunity to discuss best solution for object state changes
- {Mark} few active users, may not make sense to send all. Local cache vs uturn API call.
- {Matt Peterson} general invitation to everyone to email the list with their thoughts
- {Pam} dedicate time on the call to this topic?
- {Jeremy P} what is the history in the standards group of getting one of these profiles out there? And is it worth it adoption wise?
- {Pam} can submit a draft without a WG charter.
- {Mark} History around LDAP profiles in EDU (inetOrgPerson), etc. Profiles can provide the opportunity to remove unused things from the core spec prior to full standardization.
- {Jeremy P} soft deletion: should this become part of the profile?
- {Danny Mayer} We disable the account on a delete
- {Jeremy P} What happens when a new account comes in with the same email address at a later date
- {Vivek} Reclaiming an old user is definitely an issue
- {Pam} can anyone take a look at the soft-delete draft and report back?
- {Jeremy P} solution for drift / paging
- {Matt Domsch} Unidirectional or bidirectional?
- {Jeremy P} IdP is picking up changes from authoritative datasource and pushing to the RP. In the case where the application is authoritative for a piece of data, how do they notify IdP.
- {Matt Peterson} Mixing roles (clients and servers). Webhook model keeps things simple.
- {Pam} IETF 111, if we want BOF, need to take action now. Anyone opposed to BOF for 111? (no)