...
Several options were discussed regarding how to provision a user using their social identifier. Steven gave an example of an application where students will need to grant access to their supervisor from their summer internship, and the supervisor will be logging in via a social provider. Ideally, the user could just enter their supervisor’s social username into the application. Of course, this works great for services where you know the username, like Twitter and Facebook.
| Note | ||
|---|---|---|
| ||
Instead of asking end users to provide their social identifier (or the identifiers of others), ask them for an email address. Later, when the user logs into your app in response to an email invitation, map the identifier asserted by the social IdP to the email address originally provided by the user. |
Also on the topic of attributes, it is possible that instead of EPPN, the new eduPersonUniqueID could be used when the ID is not really EPPN-friendly (like Google’s profile ID and the Windows Live ID). Furthermore, these attributes could be used to seed a targeted ID.
...