Child pages
  • Account Linking Approaches with Risks

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info
titleDRAFT

The information on this page is DRAFT and still under discussion by the workgroup. In the end this information was presented in a different format in the workgroup's final report, but this page is left in tact as a record of some of the discussions that led to the information in that final report.

This page summarizes approaches that have been discussed within the workgroup for performing account linking between an Internal IdP (e.g., campus-run) and an External IdP (run by a third-party) IdP.

...

This model can support the following External ID  Use Case Categories:

  • Anonymous
  • Open Affiliates
  • Non-business affiliates
  • Ad-hoc personal affiliates
  • Inbound Affiliate (somewhat)

...

This model can support the following External ID  Use Case Categories:

  • Non-business affiliates
  • Business affiliates
  • Inbound affiliates
  • Outbound affiliates
  • Alternate factor (possibly)

...

In this model, an IdP operated by an external entity is authorized to assert IDs or attributes that are conceptually internal IDs of the campus IdP. An External IdP that is trusted to release a valid "Student ID" in support of an alumni service (see  Use Cases from External ID Workgroup Discussion, alumni use case) would fall into this category.

...

This model can support the following External ID  Use Case Categories:

  • Business affiliates
  • Outbound affiliates
  • Alternate factor (possibly)

...

This model can support the following External ID  Use Case Categories:

  • Non-Business affiliates
  • Ad-hoc personal affiliates (presuming an internal identity is created)
  • Business affiliates
  • Inbound affiliates (presuming an internal identity is created)
  • Outbound affiliates

...