Child pages
  • "Guest Identities" Survey

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  1. Trigger or initiation of a guest identity
    • Who or what processes can trigger the provisioning of guest identity?
    • Are guest identities in a separate data store or in same data store as identities of employees and students?
    • Do guest identitiess require an explicit sponsor or approval - an explicitly designated person or unit or system responsible for the guest identity? 
  2. Guest identity data
    • What data is required about the guest? legal name, SS# or other government identifier, dob, email address, other?
    • Is supplied data verified or vetted?  Is data matched against existing systems of record to avoid duplicates?
    • (How) is the source of this data retained? (for example, saving a copy of a form, a copy of a photo ID)
    • Do guest receive a netID or local equivalent in the same namespace as employees and students?
      If a separate namespace, how is namespace collision avoided?
    • Is there an explicit indication in identity record of guest origin (for example, an indicator of the sponsor)?
    • What eduPersonAffiliation values are or may be provisioned to guests?  
  3. Uses of guest identity
    • Does the guest identity receive automatically-provisioned service accounts as do that employees or students automatically receive
      (e.g., automatically provisioned email account or address in the domain of the institution)?
    • Do guests appear in the institutional on-line directory?  Designated as guests or affiliates to distinguish from employees and students?  Sponsor shown with record?
    • Can guests edit their record with self-service data (contact information, description, etc.)?
    • How do guests receive an initial password, claim accounts, or reset passwords? 
    • Can guests rely on external authentication (e.g., Facebook or Google) for access to institutional information resources?  
      Has this feature been requested?
    • (How) are guest identities asserted with an explicit level of assurance?
  4. Deprovisioning
    • What is the maximum amount of time a person can be affiliated on as a guest before requiring renewal?
    • What other events can lead to deprovisioning or invalidating a guest accountidentity?
    • If guests are explicitly sponsored, what occurs when the sponsor leaves?
    • (How) do you control guest identities so as to provision only a single guest identity to a person?
    • Are guest accounts ever converted to non-guest identities using the same identifier?