Versions Compared

Old Version 8

changes.mady.by.user Kevin Foote

Saved on

compared with

New Version 9

changes.mady.by.user Kevin Foote

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Use Case

Brief Desc

Services

Client Relationship

Real-World Person Map?

Local IDM Entry?

Attribute Link?

AuthZ/Registration

Issues/Risks

Anonymous

Providing access with no ongoing user tracking. E.g., based on ePSA or ePE only.

  • Surveys
  • Wireless
  • Library
  • Any

No

No

No

External

 

"Open" Affiliates

Non-business affiliates accessing "public" services

  • Wikis
  • Local profiles (library, public services)
  • Researchers
  • External Colleagues

No

No

No

External
Personal Invite

 

Non-business Affiliates

Individual with local permissions for "non-core business" purposes

  • Facilities access
  • Food services
  • Summer camp attendees
  • Conference attendees

Yes?

Entry, no account

Yes?

Business Invite

 

Ad-hoc personal affiliates

Non-business affiliates gaining access to targeted local resources

  • Bill Review
  • Collaboration team
  • Extension  help desk
  • Parents
  • External Researchers
  • Volunteers

No

No

No

Personal Invite

Should real-world person map be "yes?" We want to know who is accessing targeted local resources.

Business affiliates

Business affiliates with affiliation

  • Business Systems
  • LMSes
  • Data repositories
  • Contractors
  • External Auditors
  • Cross-enrolling students
  • Guest Lecturers
  • VO members
  • BYOC

Yes?

Entry, no account

Yes

Business Invite

Does tracking the invitation initiator (local uid) make sense to this id use?

Inbound affiliate

Someone granted temporary access based on external credentials, but expected to migrate to (potentially more-highly vetted) internal credentials at a later point

  • Email
  • Applications (Emp and Student)
  • File access
  • Desktop access
  • Job applicants
  • Student applicants

Yes

Yes (but not immediately)

Transitional

Business Invite

 

Outbound affiliate

Someone with internal credentials, who is expected to lose access to those credentials (and replace them with an external credential)

  • Email
  • Transcripts
  • W-2s, Paystubs
  • Employment Verification
  • Alumni
  • Past Students
  • Separated Employees
  • Retirees

Yes

Yes

Yes

Self Linking
Business Invite?

 

Alternate factor

Using an external ID to provide privilege escalation in certain contexts

  • Password Reset
  • Validate sensitive operations
  • Any?

Yes

Yes

???

Self Linking
Business Invite

 

...