(Final Release Candidate DRAFT 1, 5/427/2015)

Table of Contents

...

Executive Summary

Integration of External Identities into internal systems, either single Service Providers or institutional identity and access management systems, can afford multiple benefits, for example:

...

The next section addresses architectural patterns and infrastructure elements required for various uses of external identities, before we close with a list of business and technical criteria to be considered when selecting an External Identity Provider.

...

Defining Some Terms

Identity

...

• Is there any identity proofing done by the external provider that would allow a campus to trust Attributes other than Ext ID-sourced IDs (like "Account Name" and "email")

• Related to ID Proofing, what Attributes are collected and how are they proofed.

• Are identities re-vetted periodically?
  

• Stability of the External ID and Attributes over time

...

• Mission of the company, including:

• Importance of and motivation for providing quality identities
• Commercial
Private
• vs.
public
• non-commercial

• Privacy focus

• Certifications maintained by the company

• InCommon or FICAM assuranceLevels of Assurance (LoA)
  

• Industry standard audits

• Stability of the vendor and the service that the vendor offers

• Likely this is not directly measurable, and would be more along the lines of

• "how long in business"

• "how long service has been operational"

• "how many users using their IDs"

...