A table categorizing the identified use cases by their general characteristics.
Use Case |
Brief Desc |
LoA Req |
Local ID |
Acct Link |
AuthZ Process |
Issues |
General Risks/Concerns |
|---|---|---|---|---|---|---|---|
Transient affiliates |
AuthN used for privacy, but with no user history |
None |
No |
No |
Implicit |
|
|
Short term guests |
AuthN for e.g., day visit access |
None |
No |
No |
Varies |
|
|
Short term affiliate |
AuthN for specific operation e.g., sign a form, edit document |
Low |
No |
No |
Pre-login (by invitee) |
|
|
Wiki contributor |
AuthN to a specific system |
None |
No |
No |
Implicit and Post-login |
|
|
Parent |
AuthN to see elements of student record (may be equiv to short term affiliate) |
Low |
No |
No |
Pre-login (by invitee) |
|
|
External Researcher/Loose VO |
AuthN to access multiple resources in institution (institution managed in one IdP) |
High |
Yes |
Implicit |
Managed via local IdM |
|
|
Incoming Students/Prospects |
AuthN for participation prior to enrollment |
Initially Low |
Eventually |
One time (transition) |
Initially implicit, later by local IdM |
|
|
Alumni, separated employee (w/personal records access) |
AuthN for participation in mailing lists |
High |
Yes |
Yes |
Self-asserted with local ID? |
|
|
Cross enrollment |
AuthN at multiple institutions, each institution maintains local ID |
High |
Yes |
Yes |
Based on local IdM characteristics |
|
|
Bring Your Own Credential |
Local account exists but for external account used for user authN |
High |
Yes |
Yes |
Self-asserted with local ID? |
|
|
For Privilege Escalation |
Local account has low security, external has high. Leverage high account to get priv escalation |
High |
Yes |
Yes |
??? |
|
|
As alternate factor, password recovery |
AuthN allows reset of primary credential |
High |
Yes |
Yes |
Self-asserted with local ID |
|
|