...
Tom thinks now is the right time to start to address this. The whole "cloud-sourcing" thing that CIO's and CFO's love is one pressing reason, which will involve federated provisioning, for which we are completely unprepared. The Oracle purchase of Sun is another auspicious event. It's a likely workshop topic for the next CSG meeting.
Scott thinks the SPML solution is more sensible from the federated provisioning standpoint, because there are many scenarios that involve multiple identities. But there's a proposal in the SAML committee that's a little weird and doesn't really suit our community well because it provisions information from SP's back into IdP's. But a single identity represented in SAML form might be an appropriate provisioning mechanisms for some applications.
OCLC is developing a cloud-sourced backend office. The large universities are not anticipated clients; community colleges are envisioned. An IdP that will either accept identities from the college that has an IdP, or act as a primary IdP for universities that don't. They'd like to track a variety of information about these individuals that could be batch feeds, or so forth. This is an example use case that we'd like to be able to address with a system.
Deliverables
The short term implementation goals at UNC will be fairly inviolate given how pressing their needs are. A variety of schools were quite interested in seeing the work at its completion, and the work performed seemed very similar to what a lot of other schools were doing.
...
Does there need to be one group that is generically focused on provisioning, and one on SPML, and perhaps involvement with the standards space? Brad has said SPML specifically, but Tom and others could see the work done separately.
Scott thinks the SPML solution is more sensible from the federated provisioning standpoint, because there are many scenarios that involve multiple identities. But there's a proposal in the SAML committee that's a little weird and doesn't really suit our community well because it provisions information from SP's back into IdP's. But a single identity represented in SAML form might be an appropriate provisioning mechanisms for some applications.
OCLC is developing a cloud-sourced backend office. The large universities are not anticipated clients; community colleges are envisioned. An IdP that will either accept identities from the college that has an IdP, or act as a primary IdP for universities that don't. They'd like to track a variety of information about these individuals that could be batch feeds, or so forthSAML will definitionally be always about an individual, not bulk data. But there may be space in here for a SAML-based solution to part of the problem. Conversations have occurred in the past regarding binding of SPML messages to SAML, but it doesn't seem as if those profiles were ever finished.