Background:

As part of our discussions around deprecating SAML PersistentID and eduPersonTargetedID, we need to gather information from the community about their current use of identifiers and their needs.  The results can guide our decisions about recommending replacement identifiers and alternative solutions.

/[TODO/] add additional framing and background material on the various identifiers and challenges associated with them, frame the questions we are trying to answer.

 

This survey was never sent, instead we encouraged various groups such as REFEDS members to join the discussion in our working group and changed the time of the calls to be more accessible to international participants. We also asked various identifier-related questions on relevant mailing lists.

 

Notes:

What population is this survey targeting?

Should we ask leading questions to guide respondents in a particular direction?

How to deal with identifier changes, such as username changes?  eduPersonPrincipalNamePrior?  Perhaps the identifier should be multi-valued and have a primary value.

Possible Survey Questions

For IDP operators

  1. Are you using SAML persistent nameID with any of the following?
    1. With local campus SPs
    2. With InCommon Federation members
    3. With vendor hosted services
    4. Other (fill-in)
  2. Are you using eduPersonTargetedID with any of the following?
    1. With local campus SPs
    2. With InCommon Federation members
    3. With vendor hosted services
    4. Other (fill-in)
  3. What is your preferred identifier to release?
    1. SAML persistent nameID
    2. eduPersonTargetedID
    3. eduPersonPrincipalName
    4. eduPersonUniqueID
    5. username/uid/samAccountName
    6. transientID
    7. Email address
    8. Other (fill-in)
    9. No preference
  4. Which of the following identifier properties are important to you?
    1. non-reassignable (identifier cannot be assigned to another identity)
    2. correlatable?
      1. No - identifier is targeted (for a single identity, a different identifier each released to each SP or group of SPs)
      2. Yes (the same identify is released to every SP)
      3. Don't care
    3. persistent (identifier cannot change)
    4. human-friendly
    5. name-based
    6. Other (fill-in)
  5. Would your IDP support SAML Logout requests from SPs, if that support were to be enabled by InCommon?

For SP operators

  1. Are you using SAML persistent nameID with any of the following?
    1. With your local campus IDP
    2. With InCommon Federation members
    3. With vendor IDPs
    4. Other (fill-in)
  2. Are you using the eduPersonTargetedID attribute with any of the following?
    1. With your local campus IDP
    2. With InCommon Federation members
    3. With vendor IDPs
    4. Other (fill-in)
  3. Do you support or plan to support SAML Logout?
  4. What is your use case for identifiers?
    1. Personalization
    2. Correlate with pre-provisioned data
    3. Support collaboration across multiple SPs
    4. Anonymous
    5. Unspecified (don't care)
    6. Other (fill-in)
  5. Which of the following identifier properties are important to you?
    1. non-reassignable (identifier cannot be assigned to another identity)
    2. correlatable?
      1. No - identifier is targeted (for a single identity, a different identifier each released to each SP or group of SPs)
      2. Yes (the same identify is released to every SP)
      3. Don't care
    3. persistent (identifier cannot change over time)
    4. human-friendly
    5. name-based
    6. Other (fill-in)
  6. Do you allow identifiers to change?
    1. No, a new identifier is a new user
    2. Yes, but manual intervention is necessary
    3. Yes, automatically updated
  7. Do you support multiple identifiers for a single user, such as the current identifier plus all previous identifiers?
  8. Is it realistic for you to re-key your systems to use a new identifier?
  • No labels