Date: Thu, 28 Mar 2024 13:30:09 +0000 (UTC)
Message-ID: <1124605234.6463.1711632609746@ip-10-10-7-29.ec2.internal>
Subject: Exported From Confluence
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_Part_6462_360321635.1711632609743"
------=_Part_6462_360321635.1711632609743
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Content-Location: file:///C:/exported.html
External Identities Work Group Meeting - 2015-03-12
External Identities Work Group Meeting - 2015-03-12
Agenda=
Review and Discussion of Document draft at: https://docs.google.com/document/d/1IVDjmdC=
qToB9aGAlF5SVLCmVHskCqmtN7kW_jRhOWPs/edit?usp=3Dsharing
Minutes
Discussion addressed the following points. David and Eric to edit to inc=
orporate.
M=
issing items/topics
- Issue of social providers that will issue a globally unique, persistent=
identifier that=E2=80=99s not targeted.
- API call limits
- Privacy/Consent
- Should there be local and external ID consent?
- Is =E2=80=9Cyou=E2=80=9D (the audience) the SP or the IdP?
- Stronger call out of external identities with local identities and with=
out local credentials
- Describing identities versus credentials as a callout
- How do you initiate creation from external ID vs. linking
- Linking across providers=E2=80=A6 is that the bigger issue?
- Is password reset any different for external identifiers?
- If I lose my social ID (my credential) how do I regain access to my ide=
ntity?
Other t=
houghts
- Really comes down to attribute alignment and authorization
- Need to manage to =E2=80=9Cprospects=E2=80=9D, have people log in using=
an external identifier
- Use external credentials with an internal identity
- Only when they accept applications are they granted an internal credent=
ial
- At this point will have two credentials, possible different LoAs
- Applicant emails are increasingly high school provided addresses
------=_Part_6462_360321635.1711632609743--