Child pages
  • External Identities Work Group Meeting - 2015-03-12

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Review and Discussion of Document draft at:


Discussion addressed the following points. David and Eric to edit to incorporate.

Missing items/topics

  • Issue of social providers that will issue a globally unique, persistent identifier that’s not targeted.
    • API call limits
    • Privacy/Consent
      • Should there be local and external ID consent?
  • Is “you” (the audience) the SP or the IdP?
  • Stronger call out of external identities with local identities and without local credentials
  • Describing identities versus credentials as a callout
  • How do you initiate creation from external ID vs. linking
    • Linking across providers… is that the bigger issue?
    • Is password reset any different for external identifiers?
      • If I lose my social ID (my credential) how do I regain access to my identity?

Other thoughts

  • Really comes down to attribute alignment and authorization
  • Need to manage to “prospects”, have people log in using an external identifier
    • Use external credentials with an internal identity
    • Only when they accept applications are they granted an internal credential
      • At this point will have two credentials, possible different LoAs
  • Applicant emails are increasingly high school provided addresses