A table categorizing the identified use cases by their general characteristics.
Use Case |
Brief Desc |
LoA Req |
Local ID |
Acct Link |
Registration Process |
Issues |
General Risks/Concerns |
---|---|---|---|---|---|---|---|
Transient affiliates |
AuthN used for a individual transactions, with no user history |
None |
No |
No |
Implicit |
|
|
Short term guests |
AuthN for e.g., day visit access |
None |
No |
No |
Varies |
|
|
Short term affiliate |
AuthN for specific operation e.g., sign a form, edit document |
Low |
No |
No |
Pre-login (by invitee) |
|
|
Wiki contributor |
AuthN to a specific system |
None |
No |
No |
Implicit and Post-login |
|
|
Parent |
AuthN to see elements of student record (may be equiv to short term affiliate) |
Low |
No |
No |
Pre-login (by invitee) |
|
|
External Researcher/Loose VO |
AuthN to access multiple resources in institution (institution managed in one IdP) |
High |
Yes |
Implicit |
Managed via local IdM |
|
|
Prospects/Long term affiliate |
AuthN for participation prior to enrollment |
Initially |
No |
No |
Initially implicit |
|
|
Interim Access for Incoming Employees or Students |
AuthN while waiting for source system population (for training, etc) |
High |
No |
Yes |
Need clear path to merge record with source system record |
|
|
Alumni, separated employee (w/personal records access) |
AuthN for participation in mailing lists |
High |
Yes |
Yes |
Self-asserted with verification of both local and external ID? |
|
|
Cross enrollment |
AuthN at multiple institutions, each institution maintains local ID |
High |
Yes |
Yes |
Based on local IdM characteristics |
|
|
Bring Your Own Credential |
Local account exists but for external account used for user authN |
High |
Yes |
Yes |
Self-asserted with verification of both local and external ID? |
|
|
For Privilege Escalation |
Local account has low security, external has high. Leverage high account to get priv escalation |
High |
Yes |
Yes |
??? |
|
|
As alternate factor, password recovery |
AuthN allows reset of primary credential |
High |
Yes |
Yes |
Self-asserted by use of local ID |
|
|