[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: potential "federated" use cases
Potential use cases I am involved with are federated group provisioning and privilege & access management provisioning. So far these use cases do not seem to suggest changes to the SPMLv2 specification, rather, they may serve as example implementations potentially of interest to other parties wishing to encourage SPML. A potential issue with regard to federated group provisioning that we see is how to manage the group namespace across enterprises. This is not really an SPML issue, since lookup and search operations will allow parties to resolve identifiers. A suggested "best practice" for federated group naming may result. Privilege & access management provisioning may use XACML as the SPML payload, potentially requiring us to work out an XACML profile to SPML. Federated provisioning, whether of groups or privileges, requires relationships between RA's and PSP's that in higher-ed should leverage our existing SAML federations - perhaps something along the lines of SAML "provisioning assertions", with SPML as payload of the SAML protocol. SAML's Change Notify proposal is interesting because it supports multiple profiles, including SPML. Further alignment of SPML and SAML may result in greater adoption of SPML in higher-ed, otherwise, there are those that think SPML will be rendered unnecessary by extensions to SAML. Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]