Child pages
  • "Guest Identities" Survey

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

Deadline for finalizing the survey questions is Monday 21-Feb-2011TBD. After this date we will put the survey questions into SurveyMonkey for data collection.


  1. Trigger or initiation of a guest identity
    • Who or what processes can trigger the provisioning of guest identity?
    • Are guest identities in a separate store or in same store as identities of employees and students?
    • Do guests require an explicit sponsor or approval - an explicitly designated person or unit or system responsible for the guest identity? 
  2. Guest identity data
    • What data is required about the guest? legal name, SS# or other government identifier, dob, email address, other?
    • Is supplied data verified?  Matched against existing systems of record?
    • (How) is the source of this data retained? (save the paper or e-form, copy IDs,….)
    • Do guest receive a netID or local equivalent in the same namespace as employees and students?
      If a separate namespace, how is namespace collision avoided?
    • Is there an explicit indication of guest origin in identity record?
    • What eduPersonAffiliation values are or may be provisioned?
  3. Uses of guest identity
    • Does the guest identity receive automatically-provisioned service accounts as do employees or students
      (e.g., automatically provisioned email account or address in the domain of the institution)?
    • Do guests appear in the institutional on-line directory?  Designated as guests?  Sponsor shown with record?
    • Can guests edit their record with self-service data (contact information, description, etc.)?
    • How do guests receive an initial password, claim accounts, or reset passwords? 
    • Can guests rely on external authentication (e.g., Facebook or Google) for access to institutional information resources?  Has  
      Has this feature been requested?
    • (How) are guest identities asserted with an explicit level of assurance?
  4. Deprovisioning
    • What is the maximum amount of time a person can be affiliated on a guest account?
    • If guests are sponsored, what occurs when the sponsor leaves?
    • (How) do you control guest identities so as to provision only a single guest identity to a person?
    • Are guest accounts ever converted to non-guest identities using the same identifier?