A table categorizing the identified use cases by their general characteristics.
Use Case |
Brief Desc |
Types of Services Accessed |
Example Scenarios |
Traceable Identity over Time |
Mapped to a Specific Person |
LoA Req |
Local ID |
Acct Link |
Relationship |
Registration Process |
Issues |
General Risks/Concerns |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
xxxTransient affiliatesxxx |
AuthN used for a individual transactions, with no user history |
|
|
|
|
Low |
No |
No |
None |
Implicit |
|
|
Short term guests |
AuthN for e.g., day visit access, conference attendee |
|
|
|
|
Low |
No |
No |
None |
Varies |
|
|
Short term affiliate |
AuthN for specific operation e.g., sign a form, edit document, guest lecturer, summer camps, conference attendee |
|
|
|
|
Med |
No |
No |
Business, Paying Guest |
Pre-login (by invitee) |
|
|
Wiki contributor |
AuthN to a specific system |
|
|
|
|
Med |
No |
No |
Any |
Implicit and Post-login |
|
|
Parent |
AuthN to see elements of student record (may be equiv to short term affiliate) |
|
|
|
|
Med |
No |
No |
|
Pre-login (by invitee) |
|
|
External Researcher/Loose VO |
AuthN to access multiple resources in institution (institution managed in one IdP) |
|
|
|
|
High |
Yes |
Implicit |
|
Managed via local IdM |
|
|
Prospects/Long term affiliate |
AuthN for participation prior to enrollment |
|
|
|
|
Initially Med |
No |
No |
|
Initially implicit |
|
|
Interim Access for Incoming Employees or Students |
AuthN while waiting for source system population (for training, etc) |
|
|
|
|
High |
No |
Yes |
|
Need clear path to merge record with source system record |
|
|
Alumni, separated employee (w/personal records access) |
AuthN for participation in mailing lists |
|
|
|
|
High |
Yes |
Yes |
|
Self-asserted with verification of both local and external ID? |
|
|
Cross enrollment |
AuthN at multiple institutions, each institution maintains local ID |
|
|
|
|
High |
Yes |
Yes |
|
Based on local IdM characteristics |
|
|
Bring Your Own Credential |
Local account exists but for external account used for user authN |
|
|
|
|
High |
Yes |
Yes |
|
Self-asserted with verification of both local and external ID? |
|
|
For Privilege Escalation |
Local account has low security, external has high. Leverage high account to get priv escalation |
|
|
|
|
High |
Yes |
Yes |
|
??? |
|
|
As alternate factor, password recovery |
AuthN allows reset of primary credential |
|
|
|
|
High |
Yes |
Yes |
|
Self-asserted by use of local ID |
|
|
What type of APIs would we want to support?