(note, these use cases supplement the list of use cases collected on the Use Cases for External Identities page)
Use Case 1 - Link social credential(s) to alumni record
Category: Outbound Affiliate
Many campuses, even those who preserve local NetID for life for their alumni, are interested in allowing alum to access university services via social credentials after they graduate (they will use their campus credentials less and less over time, be more likely to forget them, and need more help desk support, whereas they are likely using one or more social credentials regularly and will consider it a convenience if they can use them to log into alumni services). In these cases, the campuses would like to link the alum's existing campus alumni identifier to one or more social identities. One proposed implementation is to have the alumni service owners notify students before they graduate that they can log into an "account linking" service to establish their account linking before they graduate. The student would log into the SAML-enabled, federated account linking service using their campus credentials. The integration would need to be set up in advance so that the local IdP would release the campus' unique alumni ID to the account linking Service Provider. After logging in with their campus credential, the student would then be asked to register one or more social identities. Registration would involve the user logging in to the social provider(s) and the account linking service consuming required attributes from the social provider (at a minimum the provider's best option for unique identifiers). In cases where the campus alumni services requires attributes not provided by a social provider (e.g. Twitter does not assert email), the campus would either have to disallow registration of those social providers in their initial integration with the account linking service, or the account linking service would need to prompt the user to supply required attributes directly. Once the registration and account linking process was complete, the service could be coupled with a gateway service that could handle both authenticating the user via the external identity, and the assertion of the campus' unique alumni ID to the campus alumni Service Provider.
Use Case 2 - Grad student (or faculty) participating in one research project via multiple affiliations
Category: Outbound Affiliate / Business Affiliate
The use case is a grad student at University A who is participating in a cross-campus research project. Let's say that grad student completes her PhD at University A and then has no university affiliation over the summer before her postdoc starts at University B. It would be helpful to have an account linking service where the grad student could start by logging in with her University A credentials, link one or more social credentials over the summer, and then link University B credentials once her postdoc had started. Combining this account linking service with a gateway/bridge, the user could migrate through these various credentials, while the authentication gateway/bridge continues to assert the same unique identifier to the cross-campus research project Service Provider.