...
- Update (i.e., make current) the set of use cases previously developed by the Social Identities Working Group. This should include use cases for the following situations:
- Social account linked to a campus-issued account
- Social identity used by a non-community member
- Develop a set of criteria for selecting external providers in a variety of usage scenarios. Ensure that both social providers (e.g., Google, Facebook, Twitter) and non-social providers (e.g., Microsoft, PayPal, VeriSign) are included.
- Identify and document properties of external accounts that would be of interest to web application owners and other relying parties.
- Define and document how a gateway would represent the properties of an external account to an application.
- Contrast a central gateway with a local gateway. List the advantages and disadvantages of each deployment model.
- Provide application owners with recommendations regarding risk profiles when using external identities. (These profiles need not be based on the traditional 800-63 categories.) Describe various approaches to trust elevationrisk management.
- Document various approaches to account linking:
- Accounts can be linked either centrally (in a campus Person Registry, and visible via the campus IDP), or at a specific SP (application).
- Linking a campus account to a known external account, and linking an external account to an existing campus-issued account, where both accounts are used by the same person.
- Identify the properties that an external account must/should possess that would affect its use.
- Using an external authentication provider to authenticate to a campus-based service.
- Identify ways that campus-owned attributes could be asserted following authentication with an external account (e.g., group memberships)
- Produce a set of longer-lived recommendations for practitioners, roughly comparable to the NMI-DIR documents (e.g., papers, not just wiki pages).
...