Versions Compared

Old Version 39

changes.mady.by.user trscavo@internet2.edu

Saved on

compared with

New Version 40

changes.mady.by.user trscavo@internet2.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The mission of the External Identities Working Group is to move the community of knowledge towards the goal of making external identities useful and sufficiently trusted in a variety of campus-based use cases. This group is focused on the use of external identities by individuals, rather than an enterprise using an external identity provider as their enterprise IdP.

Specific Goals goals for the External Identities Working Group include:

  • Exploring/developing deployment models for using external identities in a variety of risk profiles
  • Identifying and examining the technical components that are needed to make external identities useful across a broad array of services
  • Exploring the notion of account linking between a campus-issued account and an external account
  • Understanding the differences between external identities and locally assigned local identities
  • Exploring various approaches that raise the level of trust associated with external identities (references to other work on trust elevation, e.g. OASIS Trust Elevation Subcommittee)

...

  1. Update (i.e., make current) the set of use cases previously developed by the Social Identities Working Group. This should include use cases for the following situations:
    1. Social account linked to a campus-issued account
    2. Social identity used by a non-community member
  2. Develop a set of criteria for selecting external providers in a variety of usage scenarios. Ensure that both social providers (e.g., Google, Facebook, Twitter) and non-social providers (e.g., Microsoft, PayPal, VeriSign) are included.
  3. Identify and document properties of external accounts that would be of interest to web applications application owners and other relying parties.
  4. Define and document how a gateway would represent the properties of an external account to an application.
  5. Document and identify the advantages and disadvantages of Contrast a central gateway approach versus with a local gateway approach. List the advantages and disadvantages of each deployment model.
  6. Provide application owners with recommendations regarding risk profiles when using external identities. (These profiles need not be based on the traditional 800-63 categories.) List and describe Describe various approaches to trust elevation.
  7. Document various approaches to account linking: Collect and comment on approaches that campuses are taking to do "account linking"
    1. Identify the properties that an external account must/should possess that would affect its use.
    2. Linking a campus account to a known external account, and linking an external account to an existing campus-issued account, where both accounts are used by the same person.
    3. Using an external authentication provider to authenticate to a campus-based service.
    4. Recommend ways that campus-owned attributes could be asserted following authentication with an external account (e.g., group memberships)
  8. Produce a set of longer-lived recommendations for practitioners, roughly comparable to the NMI-DIR documents (e.g., papers, not just wiki pages).

...