Skip to Content.
Sympa Menu

mace-opensaml-users - Re: SAML for Provisioning

Subject: OpenSAML user discussion

List archive

Re: SAML for Provisioning


Chronological Thread 
  • From: "RL 'Bob' Morgan" <>
  • To: Prasad <>
  • Cc:
  • Subject: Re: SAML for Provisioning
  • Date: Thu, 29 Sep 2005 14:40:25 -0700 (PDT)


I came across several discussion where people believed that SAML can be used as a tool/protocol for User Provisioning. As far as my knowledge goes, and I am well familiar with SAML 1.X but less with SAML 2.0, I don't think User Provisioning is something that falls in SAMLs territory.

Is my understanding correct or am I missing something ? Also, can anyone think of any use cases where SAML (1.1 and 2.0) or Liberty Alliance can be leveraged for doing User Provisioning ?

So I think the summary is: if what you want to do is account creation at user signon time, including possibly filling in lots of user attributes that would affect that account, then that could certainly be done, and in fact is a desirable thing for many of us.

If what you want is a classic "provisioning service", meaning a metadirectory-like thing that munges user data and reaches out a bunch of services to do operations like "create account" and "modify user permissions", independent of any user interaction, then SAML doesn't do that, or at least not without a lot of work that would amount to creation of a new profile.

Liberty defines a lot of SOAP-based services but I don't think addresses classic provisioning directly (though there's a lot there, maybe I missed it).

- RL "Bob"




Archive powered by MHonArc 2.6.16.

Top of Page