Systems that Some systems cannot be federated easily per se (e.g. like non-web services, such as login to remote *nix machines, ...) need user accounts to be provisioned before they can login. 

We have a prototype of an instant deployment tool (FEUDAL).  It facilitates provisioning of user accounts on a per VO basis. It makes use of rabbit-MQ to instantly deploy credentials, allows for extension of VOs, provisioning and deprovisioning events. 

Feudal is based on OIDC: It is an OIDC client, and it simply transports the information of the /userinfo endpiont along.

Feudal is based on the concept of VOs (or authorisation Groups), i.e. the end services provide the information which VOs it supports. Feudal web fronted will only display services for provisioning to  a given user based on his VO membership.

Feudal features deprovisioning and comes with a REST interface for programmatic use.

#Please describe the goals of Activity, including what needs to be delivered, participants, the community(ies) that require a solution. Describe when the Activity is done and how to measure the success of it, in a SMART way. - delete this line after using the template#<Enter here>

Goals of the activity are:

• From the FEUDAL perspective:
  • Verify the approach taken (VO based approach, architecture)
  • Verify the decision of not  using SCIM  for provisioning (using unmodified /augmented information of the userinfo endpoint instead)