Guest Affiliate System Self-Assessment Tool
Terms
For the purposes of this topic (and the referenced documents) the following terms are defined:
...
Overview (problem description)
Almost all institutions have a need to provide services to, or at least "track" non-traditional populations that have some relationship with their college or university. In many cases, the traditional populations of faculty, students, and staff are provided certain "default services" (email, network access, access to library services, parking access, learning management systems, etc.) as a result of their enrollment or employment at their institution. Being able to distinguish the traditional members of an institution from its affiliate populations requires some way of identifying an individual's affiliation, as well as being able to authorize access to the services they are entitled to.
This might all be handled by one system if an institution is starting from "scratch" - given that all users' affiliations are identified, and given there is a way to authorize or deny access to services. However, in many institutions, particularly those that have had an identity management infrastructure in place for some time, authentication implies authorization - meaning that if you can "log in", you are assumed to be a "member" and get access to many services across campus. Unless all your applications and services have the ability to make an access determination based on who you are (your affiliation type) and/or specific "entitlements", roles or group memberships, then you need to somehow separate these two major populations.
...
Also, the use of Social Identities for guest access is very much a "hot topic" in the IAM space. Please see the link to the Social Identity discussion Wiki under Links below.
Use Cases (examples)
Use Cases are examples that highlight a specific problem. In the case of guest systems, these would consist of situations where the current IAM environment or infrastructure does not adequately support guest identities. In many institutions "non members" are added to an existing system of record (such as the HR or Student system) in order to facilitate access to campus resources. This is usually less than ideal and there is frequently resistance on the part of the data steward responsible for that system.
...
Links
- Social and Organizational Identities Discussion Space (https://spaces.at.internet2.edu/display/socialid)
- IAM Online - Social Identities, Open IDs and Guest/Affiliate Access (recorded April 13, 2011)