...
Use Case | Brief Desc | Services | Client Relationship | Real-World Person Map? | Local IDM Entry? | Attribute Link? | AuthZ/Registration | Issues/Risks |
---|---|---|---|---|---|---|---|---|
Anonymous | Providing access with no ongoing user tracking. E.g., based on ePSA or ePE only. |
|
| No | No | No | External |
|
"Open" Affiliates | Non-business affiliates accessing "public" services |
|
| No | No | No | External |
|
Non-business Affiliates | Individual with local permissions for "non-core business" purposes |
|
| Yes? | Entry, no account | Yes? | Business Invite |
|
Ad-hoc personal affiliates | Non-business affiliates gaining access to targeted local resources |
|
| No | No | No | Personal Invite | Should real-world person map be "yes?" We want to know who is accessing targeted local resources. |
Business affiliates | Business affiliates with affiliation |
|
| Yes? | Entry, no account | Yes | Business Invite | Does tracking the invitation initiator (local uid) make sense to this id use? |
Inbound affiliate | Someone granted temporary access based on external credentials, but expected to migrate to (potentially more-highly vetted) internal credentials at a later point |
|
| Yes | Yes (but not immediately) | Transitional | Business Invite |
|
Outbound affiliate | Someone with internal credentials, who is expected to lose access to those credentials (and replace them with an external credential) |
|
| Yes | Yes | Yes | Self Linking |
|
Alternate factor | Using an external ID to provide privilege escalation in certain contexts |
|
| Yes | Yes | ??? | Self Linking |
|
...