The current FICAM Roadmap Section 12 (this repo) and Relying Party guidance (this repo) seems to have many different audiences?
Section
Page
Audience
Notes
Introduction
index.md
Program Managers, Engineers/Architects
States that "intended for ICAM Program Managers". However, content assumes a familiarity with technical terminologies. Also states "also contains guidance for implementers and engineers who are looking for guidance around the technical implementation of federation at their agencies". Lack of plain language.
Establish Federation Guidance
1_step-1.md
Program Managers, Policy
Information is presented out of order.
Identify Business Considerations
2_step-2.md
Program Managers
Information is presented out of order; too generic; lack of plain language. Incorporate shared services.
Understand the RP Environment
3_step-3.md
Program Managers, Engineers/Architects
Lack of plain language; relying party is out of nowhere; lack of plain language; focused on assessments.
Determine Applicability to Security and Privacy Controls
4_step-4.md
Program Managers, Engineers/Architects
Lack of plain language; could be consolidated into the previous step.
Determine Acceptable Credentials
5_step-5.md
Program Managers, Engineers/Architects
Focus more on Analyze User Population; lack of plain language; Analyze user population should be in "Business Considerations"?
Partner with an Identity Provider(s)
6_step-6.md
Program Managers
Needs to be updated to focus on shared services; removal of TFP specific terminology; consolidated previous three sections; can just 'reference' capabilities available in govt for certifications
Evaluate Existing Infrastructure
7_step-7.md
Program Managers
Out of order; include with understanding the environment
Evaluate Optimal Solution Architecture
8_step-8.md
Engineers/Architects
Out of order; update to focus on shared services (enterprise and government wide); divide by G2G, B2G, C2G; architectures could be migrated to the FICAM Architecture: Federation?; use examples versus theoretical;
Integrated with CSP
9_step-9.md
Engineers/Architects
Switched context and use of terminology; lack of plain language; repeated from other sections; missing elements are Usability considerations; focus could be on Usability, notice, intent;
Create and Manage User Accounts
10_step-10.md
Engineers/Architects
Consolidates too much across internal and external users; tendency to apply internal user policies and processes to external users; focus it on account management principles and patterns for external users; linking patterns are good but wordy; the FAQ is out of context (focused on internal agency users?); account linking and resolving account linking issues should use an example as a story board rather than all the words; align with 800-63-3; table at end is out of order and context
Account Management
11_step-11.md
Program Managers, Engineers/Architects
Out of order; should consider account management scenarios and patterns during business considerations; the information is on high level architecture patterns at first then dives into prescriptive items more related to creating and managing user accounts; this is duplicative with 10_step-10
Check with @paul-grassi if NIST is working on a 800-63-3 and federation playbook.
Who is the overall audience for this playbook?
The current FICAM Roadmap Section 12 (this repo) and Relying Party guidance (this repo) seems to have many different audiences?
Check with @paul-grassi if NIST is working on a 800-63-3 and federation playbook.