Chair: Gary Cole
Attendees:
Gary Cole (Oracle)
Marco Fanti (Oracle)
Karsten Huneycutt (UNC-Chapel Hill)
Phil Hunt (Oracle)
Kent Spaulding (Oracle)
Prateek Mishra (Oracle)
1) Call Roll:
- Gary took roll.
- Quorum *was* achieved (5 of 5 voting members attended)
- Voting status changes: None.
2) Approve minutes from Feb 13, 2011 meeting.
- No one objected to approving the minutes as posted in the calendar-event.
3) Status of Volunteers:
- [Richard] Draft a proposal for minimal requirements for a compliant provider: UNKNOWN; Richard did not attend.
- [Prateek] Review email on the PSTC alias (including minutes); identify and collect open issues: NO PROGRESS.
- [Richard] Use-Cases for RESTPML/SIMPLEST: UNKNOWN; Richard did not attend.
4) Status of other action-items:
- No response from OASIS regarding adding image to wiki-page.
- No response from OASIS regarding how to change schedule for PSTC meetings.
5) Discussed what SPML has that current proposal for SCIM lacks--and why.
- Multiple Targets. SCIM is fundamentally an "endpoint-protocol" that allows clients to manage identities and group-memberships on a single target.
-- An IDM system must expose multiple targets.
-- A Gateway to a cloud-provider (or to any other host that administers application-instances) should expose multiple targets.
--- Standing up a gateway for each application-instance scales poorly.
--- Administration of connectivity, credentials, certificates, etc.
- From this follows logically the rest of the semantic overlay that supports management of identies:
-- Person (as distinct from an Account, which is specific to a particular application-instance).
-- Person-owns-Account relationships (i.e., a person owns zero-or-more account--what SCIM calls User).
-- Distinction between Business-Roles (enterprise roles) and Application-Roles (application-specific entitlements)
-- Entitltement-Definitions and entitlement-assignments (needed for request, provisioning, and compliance).
- The other gaps are minor by comparison:
-- e.g., Synchronization: SCIM search by modification-date seems to lack "tombstones" to report deletion-events.
- Prateek sent along an informational link to the IETF BOF for SCIM.
- Phil asks whether we could help them along w/ understanding identity-management use-cases.
-- Participants (and sponsoring companies) must decide which of these use-cases remain "strategic".
-- SCIM's interest in addressing strategic use-cases will drive convergence with RESTPML and SIMPLEST.
-- SCIM's disinterest in addressing strategic use-cases would differentiate RESTPML and SIMPLEST from SCIM.
6) AOB: None. |