You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 31 Next »

Proposed Charter: External Identities Working Group

Name

External Identities Working Group

Sponsor

TBD

Group Leader (Chair)

Paul Caskey (UT System) <pcaskey@utsystem.edu>

Mission/Goals

(stated broadly) Moving towards the goal of making external identities useful and sufficiently trusted in a variety of use cases

The mission of the External Identities Working Group includes:

  • Exploring/developing deployment models for using external identities in a variety of risk profiles
  • Identifying and examining the components which are needed to make external identities useful across a broad array of services
  • Exploring account linking
  • Understanding differences between external identities and locally assigned identities
  • Exploring approaches to raising the trust associated with external identities (references to other work on trust elevation, e.g. OASIS Trust Elevation Subcommittee)

Membership

Membership in the subcommittee is open to all interested parties. Members join the subcommittee by joining the mailing list, phone calls, and otherwise participating actively in the work of the subcommittee.

The chair of the working group is selected by group members.

Deliverables

  1. Update (and make current) the set of use cases developed by the Social Identities WG.
  2. Review existing profile frameworks and assess the need to create or recommend practices  and/or  propose how to use existing risk profile frameworks to help campuses evaluate the use of social identity providers with those situations.
    1. The framework should include the criteria used to evaluate the practices of any unique identifier provider (eg campus IDP, social provider, etc) 
    2. The framework needs to include the criteria needed to evaluate the risk requirements of applications
    3. The framework should accommodate the functionality provided by the Trust Elevation techniques used in the world.
  3. Technical requirements for Interop/deployment profile for OpenID Connect (OIDC)
  4. Creation of an external identities chart explaining different implementation models
  5. Properties of an identity in a context or transaction that can be specified technically which help determine how much assurance to assign
  6. Develop the requirements of the S2S GW, for "representing" the LoA of a Social authentication to a campus SP.

Deliverables - DRAFT 2

  1. Update (and make current) the set of use cases developed by the Social Identities WG. This should include use cases for both situations: 
    1. Social account linked to a campus-issued identity
    2. Social account used by a non-community member.
  2. Identify and document properties of social accounts that could be of interest to an application accepting authN events from the prominent social account providers.
  3. Document, and identify properties and pro's and con's, of a central gateway approach versus a local gateway approach. 
  4. Define and document how a gateway would represent the properties of a social account to an application.
  5. Provide application owners with recommendations on risk profiles when using social identities. 
    1. Also, List and describe various approaches to trust elevation.
  6. Collect and comment on approaches that campuses are taking to do "account linking" within their Person Registry.
    1. Identify the  properties a social account could possess which would affect using it in this way.
    2.  (eg campus issued account, social account(s) used by the same person).
    3. Develop recommendations for ways that campus-owned attributes could be asserted in conjunction with a social account
  7. Produce a set of longer-lived recommendations (eg papers, not just wiki pages)

Out of Scope -- DRAFT 2

  1. (Note -- this WG will be looking at the use of personal social accounts; it will NOT be looking at situations where an enterprise is using a social provider as their IDP, for access to enterprise apps outside of google)
  2. Technical requirements for Interop/deployment profile for OpenID Connect (OIDC)
  3. Recommendations on approaches for elevating a social account authN event to LoA 2.
  4. Identify pro's and con's of having students continue to use their social account to access campus business systems during their student days. Identify an interim step toward this milestone.

Expected End Date

The working group is expected to complete all deliverables and either close or recharter.

Required Resources

  • wiki space 
  • phone line for conference calls: usual Internet2 conference call line
  • incommon.org group email list socialidentity@internet2.edu

Teleconferences

Reference Material

  • No labels