Child pages
  • "Guest Identities" Survey

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

Deadline for finalizing the survey questions is TBD. After this date we will put the survey questions FINAL: Currently being put into SurveyMonkey for data collection. Thus this page has been frozen for now, with no further editing for the time being.

NOTE: You must be logged in to edit, see access instructions at

OR send mail with your comments and suggestions to Steve Olshansky, MACE-Dir Flywheel <steveo AT internet2 DOT edu>.


Developing a This survey seeks information about managing institutional "guests" - people entries, attributes, and affiliations from with non-authoritative or non-vetted sources ...of data, such as self-assertion, or department-sponsored individuals.

NOTE: Contact info is for internal purposes only, for use in contacting you later if questions arise. Any public reports will EXCLUDE your info unless you give us permission to include it.


  1. Trigger or initiation of a guest identity
    • Who or what processes can trigger the provisioning of guest identity?
    • Are guest identities in a separate data store or in same data store as identities of employees and students?
    • Do guests guest identitiess require an explicit sponsor or approval - an explicitly designated person or unit or system responsible for the guest identity? 
  2. Guest identity data
    • What data is required about the guest? legal name, SS# or other government identifier, dob, email address, other?
    • Is supplied data verified or vettedMatched Is data matched against existing systems of record to avoid duplicates?
    • (How) is the source of this data retained? (save the paper or e-for example, saving a copy of a form, copy IDs,….a copy of a photo ID)
    • Do guest receive a netID or local equivalent in the same namespace as employees and students?
      If a separate namespace, how is namespace collision avoided?
    • Is there an explicit indication of guest origin in identity recordin identity record of guest origin (for example, an indicator of the sponsor)?
    • What eduPersonAffiliation values are or may be provisioned to guests?  
  3. Uses of guest identity
    • Does the guest identity receive automatically-provisioned service accounts as do that employees or students automatically receive
      (e.g., automatically provisioned email account or address in the domain of the institution)?
    • Do guests appear in the institutional on-line directory?  Designated as guests or affiliates to distinguish from employees and students?  Sponsor shown with record?
    • Can guests edit their record with self-service data (contact information, description, etc.)?
    • How do guests receive an initial password, claim accounts, or reset passwords? 
    • Can guests rely on external authentication (e.g., Facebook or Google) for access to institutional information resources?  
      Has this feature been requested?
    • (How) are guest identities asserted with an explicit level of assurance?
  4. Deprovisioning
    • What is the maximum amount of time a person can be affiliated on as a guest before requiring renewal?
    • What other events can lead to deprovisioning or invalidating a guest accountidentity?
    • If guests are explicitly sponsored, what occurs when the sponsor leaves?
    • (How) do you control guest identities so as to provision only a single guest identity to a person?
    • Are guest accounts ever converted to non-guest identities using the same identifier?