Proposed Charter: External Identities Working Group
Name
External Identities Working Group
Sponsor
TBD
Group Leader (Chair)
Paul Caskey (UT System) <pcaskey@utsystem.edu>
Mission/Goals
The Mission of the External Identities Working Group is to move the community of knowledge towards the goal of making external identities useful and sufficiently trusted in a variety of campus-based use cases. This group is focused on the use of these identities by individuals, rather than an enterprise using a social provider as their enterprise IDP.
Specific Goals for the External Identities Working Group include:
- Exploring/developing deployment models for using external identities in a variety of risk profiles
- Identifying and examining the components which are needed to make external identities useful across a broad array of services
- Exploring account linking
- Understanding differences between external identities and locally assigned identities
- Exploring approaches to raising the trust associated with external identities (references to other work on trust elevation, e.g. OASIS Trust Elevation Subcommittee)
Membership
Membership in the subcommittee is open to all interested parties. Members join the subcommittee by joining the mailing list, phone calls, and otherwise participating actively in the work of the subcommittee.
The chair of the subcommittee is appointed by the InCommon TAC and is responsible for keeping the TAC informed regarding subcommittee status.
Deliverables
- Update (and make current) the set of use cases developed by the Social Identities Working Group. This should include use cases for both of these situations:
- Social account linked to a campus-issued identity
- Social account used by a non-community member.
- Identify and document properties of social accounts that could be of interest to an application accepting authentication events from the prominent social account providers.
- Define and document how a gateway would represent the properties of a social account to an application.
- Document, and identify properties and pro's and con's of, a central gateway approach versus a local gateway approach.
- Provide application owners with recommendations on risk profiles when using social identities. (These profiles need not be based on the traditional 800-63 categories.) List and describe various approaches to trust elevation.
- Collect and comment on approaches that campuses are taking to do "account linking".
- Identify the properties a social account must/could possess which would affect using it in this way.
- Linking a campus account to a known social account, and linking a social account to an existing campus-issued account, where both accounts are used by the same person.
- Using a social account's credentials and authentication method to authenticate to a campus-issued account.
- Develop recommendations for ways that campus-owned attributes could be asserted following authentication with a social account (eg group memberships)
- Produce a set of longer-lived recommendations for practitioners, roughly comparable to the NMI-DIR documents (eg papers, not just wiki pages).
Potential Deliverables Considered to be Out of Scope for this Phase
- This WG will be looking at the use of personal social accounts; it will NOT be looking at situations where an enterprise is using a social provider as their IDP, for access to enterprise apps outside of google.
- Technical requirements for Interop/deployment profile for OpenID Connect (OIDC)
- Recommendations on approaches for elevating a social account authentication event to LoA 2.
- Identify and document pro's and con's of having students continue to use their social account to access campus business systems during their student days. Identify an interim step toward this milestone.
Expected End Date
The working group is expected to complete all deliverables by Dec 31, 2014.
Required Resources
- wiki space
- phone line for conference calls: usual Internet2 conference call line
- incommon.org group email list socialidentity@internet2.edu