Clark Sanford gave me some insightful comments on my OAuth/UMA/SPML/Federated Provisioning post.
In particular he's trying to promote the use of SAML Attribute Query as the way to provide callback in Federated Provisioning:
In the scenario Nishant describes where the original Assertion doesn't contain all the attributes/claims they want for provisioning, in a SAML implementation why couldn't the SP service initiate the Assertion Query profile to retrieve the desired additional attributes from the IdP service?
I think it's important to keep in mind the real competition isn't between SAML or OAuth or SPML. Rather the real competition is to convince people that they shouldn't be doing manual data entry (and storage) of person/identity data. That it is in fact queryable. That's the big hurdle.
Then the second hurdle is actually how to implement this. While SAML Attribute Query would seem to be a preferred choice (standard, most if not all federation products support it) - I think it's still too hard for the average developer to deploy a solution.
For example - he is something I would like to see details on:
How would a PHP developer write a SAML Attribute Query back to a SAML IDP that worked with any server that supported SAML 2?