Comments on: My GlueCon Talk on “Federated Provisioning and the Cloud”

By: GLUE Conference – Gluecon speaker slides

GLUE Conference – Gluecon speaker slides — Sat, 12 Feb 2011 21:54:59 +0000

[...] Messina on XAuth Aaron Fulkerson – Web Oriented Architecture Jon Meredith – Riak in Ten Minutes Nishant Kaushik – Federated Provisioning and the Cloud Jeff Lindsay on Webhooks Jeff Lawson – Hacking Cloud Communications Monica Keller – Building [...]

By: Tatsuo Kudo

Tatsuo Kudo — Wed, 09 Jun 2010 07:23:21 +0000

+1 on deprovisioning. I'm wondering how the enterprise IdP can terminate or disable accounts in the RPs while the target users are offline.

By: Tatsuo Kudo

Tatsuo Kudo — Wed, 09 Jun 2010 00:23:21 +0000

+1 on deprovisioning. I'm wondering how the enterprise IdP can terminate or disable accounts in the RPs while the target users are offline.

By: How do you capitalize the “P” in federated provisioning – or – The Black Knight Always Triumphs

Thu, 03 Jun 2010 17:05:49 +0000

[...] week, Oracle’s Nishant Kaushik compressed a lot of thought into a very short presentation on federated provisioning and the cloud. Not only did he summarize challenges of federated provisioning, he also proposed 3 alternatives to [...]

By: Mat Hamlin

Mat Hamlin — Wed, 02 Jun 2010 18:04:17 +0000

As usual, great work describing and explaining the concepts and existing limitations around Federated Provisioning.

I'm interested to hear your follow on thoughts around how to solve the "missing pieces" problems. For the missing attributes, I like your #3 suggestion in the slides (OAuth + ArisID) since it does roundtrip all parties and allows for compliant attribute retrieval. The questions that should be answered are:

What attributes are required to provision an account (or role or entitlement) on the cloud based application? (CARML)
Where are those attributes sourced from? (identity sources and/or actual people)
How is the sourcing and use of attribute data authorized? (IAS, OAuth?)

In the enterprise provisioning realm, to answer these questions you could create a "provisioning policy", which defines per application how the attributes values are sourced? Do they come from the requestor, the application administrator, or are they mapped / calculated from known identity information? This becomes difficult in a cross domain scenario and will require the use of standards, as you suggest.

I'm also interested in your thoughts on deprovisioning, metering, and closing the audit and control loop with the enterprise-side Identity GRC system.

Cheers,

Mat Hamlin

By: Fear and loathing in Broomfield: a trip report from Gluecon

Fear and loathing in Broomfield: a trip report from Gluecon — Wed, 02 Jun 2010 15:24:56 +0000

[...] Kaushik (Oracle) offering new approaches to federated provisioning [...]

By: Federated Provisioning « Identity Blogger

Federated Provisioning « Identity Blogger — Wed, 02 Jun 2010 13:30:10 +0000

[...] 2, 2010 · Leave a Comment Nishant Kaushik has a great (and funny) slide deck on federated provisioning on his blog. He discusses some distinctions between two flavors of [...]

By: Tweets that mention My GlueCon Talk on “Federated Provisioning and the Cloud” – Talking Identity | Nishant Kaushik's Look at the World of Identity Management -- Topsy.com

Wed, 02 Jun 2010 01:49:44 +0000

[...] This post was mentioned on Twitter by Nishant Kaushik, Naohiro Fujie. Naohiro Fujie said: JIT Prov=クレーム渡し、という所か。 RT @NishantK: Federated Provisioning and the Cloud” http://bit.ly/d5aEZw #IdM #FedProv #GlueCon #Cloud /cc @defrag [...]