< Return to Calendar

* Bi-weekly PSTC meeting (Conference Call)
Name * Bi-weekly PSTC meeting (Conference Call)
Time Monday, 12 March 2012, 02:00pm to 03:00pm EDT
(Monday, 12 March 2012, 06:00pm to 07:00pm UTC)
Description

1-866-682-4770 conference: 1938387 passcode: 123456
Minutes

Chair: Gary Cole

Attendees:
Gary Cole (Oracle)
Marco Fanti (Oracle)
Karsten Huneycutt (UNC-Chapel Hill)
Phil Hunt (Oracle)
Kent Spaulding (Oracle)
Prateek Mishra (Oracle)

1) Call Roll:
- Gary took roll.
- Quorum *was* achieved (5 of 5 voting members attended)
- Voting status changes: None.

2) Approve minutes from Feb 13, 2011 meeting.
- No one objected to approving the minutes as posted in the calendar-event.

3) Status of Volunteers: 
- [Richard] Draft a proposal for minimal requirements for a compliant provider: UNKNOWN; Richard did not attend.
- [Prateek] Review email on the PSTC alias (including minutes); identify and collect open issues: NO PROGRESS.
- [Richard] Use-Cases for RESTPML/SIMPLEST: UNKNOWN; Richard did not attend.

4) Status of other action-items:
- No response from OASIS regarding adding image to wiki-page.
- No response from OASIS regarding how to change schedule for PSTC meetings.

5) Discussed what SPML has that current proposal for SCIM lacks--and why.
- Multiple Targets.  SCIM is fundamentally an "endpoint-protocol" that allows clients to manage identities and group-memberships on a single target.
  -- An IDM system must expose multiple targets.
  -- A Gateway to a cloud-provider (or to any other host that administers application-instances) should expose multiple targets.
      --- Standing up a gateway for each application-instance scales poorly.
      --- Administration of connectivity, credentials, certificates, etc.
- From this follows logically the rest of the semantic overlay that supports management of identies:
  -- Person (as distinct from an Account, which is specific to a particular application-instance).
  -- Person-owns-Account relationships (i.e., a person owns zero-or-more account--what SCIM calls User).
  -- Distinction between Business-Roles (enterprise roles) and Application-Roles (application-specific entitlements)
  -- Entitltement-Definitions and entitlement-assignments (needed for request, provisioning, and compliance).
- The other gaps are minor by comparison:
  -- e.g., Synchronization: SCIM search by modification-date seems to lack "tombstones" to report deletion-events.
- Prateek sent along an informational link to the IETF BOF for SCIM.
- Phil asks whether we could help them along w/ understanding identity-management use-cases.
  -- Participants (and sponsoring companies) must decide which of these use-cases remain "strategic".
  -- SCIM's interest in addressing strategic use-cases will drive convergence with RESTPML and SIMPLEST.
  -- SCIM's disinterest in addressing strategic use-cases would differentiate RESTPML and SIMPLEST from SCIM.

6) AOB: None.
Agenda

1) Call Roll.

2) Approve minutes from Feb 13 meeting.

3) Status of Volunteers:
- [Richard] Draft a proposal for minimal requirements for a compliant provider.
- [Prateek] Review email on PSTC alias (including minutes); identify and collect open issues.
- [Richard] Use-Cases for RESTPML/SIMPLEST

4) Status of other action-items:
- [Gary] Add image (.PNG) graphic for ERD
- [Gary] Change PSTC schedule to monthly.

5) Discuss what SPML has that current proposal for SCIM lacks--and why.

6) AOB.
Submitter Gary Cole
GroupOASIS Provisioning Services TC
Access This event is visible to OASIS Provisioning Services TC and shared with
  • OASIS Open (General Membership)
  • General Public