Proposed developer user story for v1

[timcappalli]

Based on the discussion thus far in WG calls, GH comments, and Slack, here is my proposal for a scope for v1, presented as a developer user story.

As a developer building a new B2B SaaS application, I need to:

• set up user and group provisioning and deprovisioning between a customer's workforce IdP and my application
• set up user authentication via federated relationship with a customer's workforce IdP
• ensure end users only have access to what they need in my application at any given point in time
• be able to convey to the customer's IdP that I require a certain authentication level
• know whether that authentication level was met at the IdP during a sign in
• be notified when tokens have been revoked
• be notified when sessions have been invalidated
• receive real-time signals about changes in account posture or integrity

To make that happen, I need to know:

• which protocols I should use
• how to securely implement and deploy those protocols at scale
• how to implement those protocols in an interoperable manner

[mike-kiser-sp]

If we're talking workforce identity, maybe there's a place for governance capabilities to be called out as well; audit / compliance considered up front makes for better outcomes. (Not so much the case with CIAM, of course.....)

[dhs-BI]

Thanks @timcappalli, I think this is a good start and covers many of the use cases I saw in #2.

@mike-kiser-sp I agree on the governance front.

I look forward to discussing on the call today.

[timcappalli]

If we're talking workforce identity, maybe there's a place for governance capabilities to be called out as well; audit / compliance considered up front makes for better outcomes. (Not so much the case with CIAM, of course.....)

Can you work it into a developer user story statement for the list?

[mike-kiser-sp]

"* Set up integration with overall user lifecycle approach (including visibility and control of current access state) to allow for governance / compliance / audit"

Something like that, perhaps? Trying to make it wide enough to not be limiting, but proscriptive enough to be helpful.

This would pair up with the first bullet , I'd think.

[aaronpk]

As discussed on today's call, I broke out these user stories into a file in the repo so that we can make PRs to it.

https://github.com/openid/ipsie/blob/main/ipsie-v1-draft.md

@mike-kiser-sp feel free to add that item to the draft as well.

Next steps for everyone are to start picking bits out of existing protocols to achieve each goal in the doc! I'm going to close this issue and we will move the discussion into PRs that people create.