Hi all,
I just started to look at the mentioned APIs and I'm with Niko, that those APIs are strongly related to each other but do not fit together not only because of the scope, but also from a resource model point of.
Actually we have a need to implement those APIs or at least provide similar functionalities for our APIs. If I look at TMF672 User Roles and Permissions I found that the last Update is back in 2017 and since then there is not reference implementation. Is there any reason behind this?
It seems that TMF691 has been designed without looking into TMF672, too much and is kind of a "read only" API enhancing OIDC. Basically a good idea, but which API is then managing the data provided through TMF672 Federated Identity? Maybe the idea is to use an Identity Management System for this. Don't know that.
Maybe I can ask for some feedback and opinion about whether or not to implement those APIs or if it is better to wait until further development happend.
Thanks for your feedback.
BR
------------------------------
Reiner Mertens
IAM Architect - Deutsche Telekom IT
------------------------------
------------------------------
Reiner Mertens
Deutsche Telekom AG
------------------------------
Original Message:
Sent: Mar 13, 2020 03:00
From: Niko Kolari
Subject: Difference between TMF672 and TMF691
Hi Shibin & all,
To me this difference is clearly stated in the use cases of the APIs.
Federated Identity API is about Identity management "The management of principals of any kind (persons, objects, …)". The can be identities of Parties or Resources (Device).
User Roles and Permissions is about Access Management ie. the API you would use to Create and Update Roles and Permissions of Identities defined by the previous API.
Both are in the domain of Identity and Access management and these services are usually in the same system/platform. The do need to reference each others data.
It is obvious that those APIs are defined by different teams and some of their terminology and use cases don't match. For example TMF672 is scoped only for Party(type=Individual), but you do need to manage permissions of Identities of Resources as well.
But that is seen across the TMForum API spectrum. And they will evolve.
------------------------------
Niko Kolari
DNA Plc
Original Message:
Sent: Mar 11, 2020 00:35
From: Shibin CK
Subject: Difference between TMF672 and TMF691
Hi All,
What's the main difference between the TMF691 Federated ID API and TMF672 User Roles and Permissions API?. The first one seems to wrap the open id connect api. But both talk about assets users are able to manage and the permissions and actions they can perform on that asset.
------------------------------
Shibin CK
Tecnotree
------------------------------