Versions Compared

Old Version 2

changes.mady.by.user Eric Goodman (ucop.edu)

Saved on

compared with

New Version 3

changes.mady.by.user Eric Goodman (ucop.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

#

Description

Status

References

Next Steps

Comments

1

Update (i.e., make current) the set of use cases previously developed by the Social Identities Working Group. This should include use cases for the following situations

  1. Social account linked to a campus-issued account
  2. Social identity used by a non-community member

Complete

Status of ExtID Deliverables Use Cases for External Identities

N/A

 

2

Develop a set of criteria for selecting external providers in a variety of usage scenarios. Ensure that both social providers (e.g., Google, Facebook, Twitter) and non-social providers (e.g., Microsoft, PayPal, VeriSign) are included.

In Progress

Criteria for Evaluating External Identity Providers

  • Validate Criteria

 

3

Identify and document properties of external accounts that would be of interest to web application owners and other relying parties. This should include both

  1. how the account is managed for authentication purposes, and
  2. attributes asserted by the account provider.

In Progress

Criteria for Evaluating External Identity Providers

  • Collect recommendations
  • Coallate recommendations

 

4

Define and document how a gateway would represent the properties of an external account to an application.

Not Started

 

 

 

5

Contrast a central gateway with a local gateway. List the advantages and disadvantages of each deployment model.

In Progress

Account Linking Approaches with Risks

 

 

6

Provide application owners with recommendations regarding risk profiles when using external identities. (These profiles need not be based on the traditional 800-63 categories.) Describe various approaches to risk management.

In Progress

External Identities Workgroup Meeting at ACAMP - 2014-10-27

  •  Identity risk management approaches

Largely just started (risks gathered)

7

Document various approaches to account linking:

  1. Accounts can be linked either centrally (in a campus Person Registry, and visible via the campus IDP), or at a specific SP (application).
  2. Linking a campus account to a known external account, and linking an external account to an existing campus-issued account, where both accounts are used by the same person.
  3. Identify the properties that an external account must/should possess that would affect its use.
  4. Using an external authentication provider to authenticate to a campus-based service.
  5. Identify ways that campus-owned attributes could be asserted following authentication with an external account (e.g., group memberships)

In Progress

Account Linking Approaches with Risks

External Identities Workgroup Meeting at ACAMP - 2014-10-27

 

 

8

Produce a set of longer-lived recommendations for practitioners, roughly comparable to the NMI-DIR documents (e.g., papers, not just wiki pages).

Not Started

 

 

 

 

 

 

 

 

 

...