Date: Fri, 29 Mar 2024 14:47:32 +0000 (UTC) Message-ID: <712698453.8121.1711723652750@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_8120_1668699931.1711723652748" ------=_Part_8120_1668699931.1711723652748 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Portability must be included as part of a thoroughgoing review/r= ewrite of the section of eduPerson (200806) on "Identifier Concepts:"
1) uniqueness
2) persistence
2a) reassignable
3) mutable
3a) resynchable
4) palatable
5) opacity
6) correlatable
7) privacy
8) portable
Many of these properties need to have more possible values than True or = False.
[Few of the properties] are properties of the identifiers themselves, mo= st are properties of the use of the identifiers in the context of many inte= racting systems.
Look at reassignment. It has to do with practices at the IdP, whether an= identifier continues to apply to the same entity or can be used for a diff= erent one. The identifier stays the same, it's the mapping to the "real wor= ld entities" that might change. So the model needs to include those entitie= s, the IdM system that maintains (or doesn't) the mapping, and the interest= of the RP in the continuity of the mapping.
|
Here's a trial run with further revisions (dependency is indicated by in= dentation)
From perspective of the University of Wisconsin-Madison as IdP
Properties of Identifier Usage |
ePPN |
UUID |
PVI |
ePTID |
---|---|---|---|---|
=E2=80=93 Scope |
wisc.edu |
wisc.edu |
wisc.edu |
wisc.edu |
|
within scope |
global |
within scope |
global |
=E2=80=93 Reversible |
reversible |
reversible |
reversible |
reversible |
=E2=80=93 Persistence |
persistent |
persistent |
persistent |
persistent |
=E2=80=93 Transparency |
transparent |
opaque |
opaque |
opaque |
|
palatable |
no |
palatable |
no |
=E2=80=93 Mutable |
mutable on approved user request |
mutable only in case of mistaken identity = |
mutable only in case of mistaken identity = |
mutable |
|
potentially |
no |
potentially |
no |
|
resynchable |
no |
no |
resynchable |
=E2=80=93 Correlatable |
correlatable |
correlatable |
correlatable |
only within specific application group |
=E2=80=93 Portable |
no |
potentially |
no |
no |
NOTE: Name identifiers are a threat to privacy to the extent that they a= re transparent, reversable, resynchable,
correlatable and portable