Length of association (one-shot vs. short term vs. etc.)
Identities that are tied to/dependent on existing Identities (e.g., Parent access to student’s grades or research partner access to local researcher’s project)
Associations that extend beyond traditional (local) IAM lifecycle (prospect, alum, ex-employees)
Sensitivity
Need for LoA
Need for MFA(?)
Other needs(?)
Level of linking to internal identities/environment/Level of Integration with IAM
Identities used to access a single SP
Linking external identifiers to (institutional) IAM entries (e.g., students using FB/Google as credential for campus account)
Creating new (institutional) IAM entries based on external IDs (e.g., VOs creating entities for external people)
Risks, Concerns and Issues of leveraging External IDs
Architectural Approaches for integrating external identities
Directly at the SP
With an invitation service
With an externalized authz service
Leveraging a gateway
Recommendations (do we need a separate section, or should these be in the previous sections?)
Specific Issues/Appendices (Items on the charge list not necessarily directly addressed above, or documents we've created to link to but not include directly)
Criteria for selecting external providers in a variety of usage scenarios
How a gateway would represent the properties of an external account to an application (?)
1 Comment
BREEN III