This might be a very useful contribution to the BoK if we solve this problem for ourselves in a clean way. Agree backend provisioning is an anti-pattern - but especially with Confluence (where there are no invites, and it's not realistic for IdPs to send attributes that would clearly mark the privileges), I've been using it quite often as the only usable way. A clean best-practice document avoiding backend provisioning would be greatly appreciated I believe. Cheers, Vlad PS: Solution-wise, I can imagine a separate service where users (with identities possibly scattered across a number of administrative domains) would get invited to join a group, and the target service would pull the privileges from this service .... but we are not there yet and we use backend provisioning :-) On 17 November 2016 at 05:51, Sarah Squire <sarah@engageidentity.com> wrote:
Can we make "backend manual permissions provisioning" against the code of conduct?
Sarah Squire Engage Identity http://engageidentity.com
On Wed, Nov 16, 2016 at 8:49 AM, David Brossard < david.brossard@axiomatics.com> wrote:
Sounds like someone could use runtime fine-grained authorization ;-)
On Nov 16, 2016 9:41 AM, "Dobbs, George" <gdobbs@massmutual.com> wrote:
Thanks Andrew… I’ll sit tight unless I hear otherwise.
-- George
*From:* Andrew Hughes [mailto:andrewhughes3000@gmail.com] *Sent:* Wednesday, November 16, 2016 10:38 AM *To:* Dobbs, George *Cc:* Thorsten H. Niebuhr [WedaCon GmbH]; DG-IDPro@kantarainitiative.org; megan@kantarainitiative.org; Shannon Taylor Kantara *Subject:* [EXTERNAL]Kantara wiki access [was: Re: [DG-IDPro] Call for participation: Project teams forming now]
Hi George - there's a backend manual permissions provisioning step - it takes a day or so to take effect.
andrew.
*Andrew Hughes *CISM CISSP Independent Consultant *In Turn Information Management Consulting*
o +1 650.209.7542 m +1 250.888.9474 1249 Palmer Road, Victoria, BC V8P 2H8 AndrewHughes3000@gmail.com ca.linkedin.com/pub/andrew-hughes/a/58/682/ *Identity Management | IT Governance | Information Security *
On Wed, Nov 16, 2016 at 7:34 AM, Dobbs, George <gdobbs@massmutual.com> wrote:
Thorsten –
Can you suggest how I can get access to make the updates indicated? I got an ID at Kantara but don’t seem to have access to the confluence page.
-- George
*From:* dg-idpro-bounces@kantarainitiative.org [mailto: dg-idpro-bounces@kantarainitiative.org] *On Behalf Of *Thorsten H. Niebuhr [WedaCon GmbH] *Sent:* Wednesday, November 16, 2016 6:29 AM *To:* DG-IDPro@kantarainitiative.org; megan@kantarainitiative.org; Shannon Taylor Kantara *Subject:* [EXTERNAL]Re: [DG-IDPro] Call for participation: Project teams forming now
Thanks Andrew!
So I just started on the wiki for the subgroup ( https://kantarainitiative.org/confluence/pages/viewpage.act ion?pageId=85492303) and added the name of those in it (as far as I am informed). I also added a quick comment to that page with a short summary on what was discussed in the meetings so far on this point. Feel free to add missing points
May I ask the participants of the subgroup to add their (faked) mailadresses and timezones, so we can quickly agree on a Schedule for our calls?
@Megan/Shannon: what would be the next steps to get the dial-in details?
@all: I might not be available for the call today (sorry wednesday 18:00 (my time) is one of the points in time I am really hard to manage...)
Thx,
Thorsten
This e-mail transmission may contain information that is proprietary, privileged and/or confidential and is intended exclusively for the person(s) to whom it is addressed. Any use, copying, retention or disclosure by any person other than the intended recipient or the intended recipient's designees is strictly prohibited. If you are not the intended recipient or their designee, please notify the sender immediately by return e-mail and delete all copies.
_______________________________________________ DG-IDPro mailing list DG-IDPro@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idpro
_______________________________________________ DG-IDPro mailing list DG-IDPro@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idpro
_______________________________________________ DG-IDPro mailing list DG-IDPro@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idpro
-- *Vladimir Mencl* Senior Software Engineer *Research & Education * *Advanced Network NZ Ltd* P +64 3 364 3012 M +64 21 997352 E vladimir.mencl@reannz.co.nz www.reannz.co.nz