Versions Compared

Old Version 2

changes.mady.by.user Eric Goodman (ucop.edu)

Saved on

compared with

New Version Current

changes.mady.by.user Eric Goodman (ucop.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Agenda

Review and Discussion of Document draft at: https://docs.google.com/document/d/1IVDjmdCqToB9aGAlF5SVLCmVHskCqmtN7kW_jRhOWPs/edit?usp=sharing

Minutes

Discussion addressed the following points. David and Eric to edit to incorporate.

Missing items/topics

  • Issue of social providers that will issue a globally unique, persistent identifier that’s not targeted.
    • API call limits
    • Privacy/Consent
      • Should there be local and external ID consent?
  • Is “you” (the audience) the SP or the IdP?
  • Stronger call out of external identities with local identities and without local credentials
  • Describing identities versus credentials as a callout
  • How do you initiate creation from external ID vs. linking
    • Linking across providers… is that the bigger issue?
    • Is password reset any different for external identifiers?
      • If I lose my social ID (my credential) how do I regain access to my identity?

Other thoughts

  • Really comes down to attribute alignment and authorization
  • Need to manage to “prospects”, have people log in using an external identifier
    • Use external credentials with an internal identity
    • Only when they accept applications are they granted an internal credential
      • At this point will have two credentials, possible different LoAs
  • Applicant emails are increasingly high school provided addresses

...