Child pages
  • "Guest Identities" Survey
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 22 Current »

FINAL: Currently being put into SurveyMonkey for data collection. Thus this page has been frozen for now, with no further editing for the time being.

NOTE: You must be logged in to edit, see access instructions at

OR send mail with your comments and suggestions to Steve Olshansky, MACE-Dir Flywheel <steveo AT internet2 DOT edu>.


This survey seeks information about managing institutional "guests" - people, attributes, and affiliations with non-authoritative or non-vetted sources of data, such as self-assertion, or department-sponsored individuals.

NOTE: Contact info is for internal purposes only, for use in contacting you later if questions arise. Any public reports will EXCLUDE your info unless you give us permission to include it.

  1. Name
  2. Title
  3. Institution
  4. May we identify you in public reports resulting from this survey?

Guest survey questions

  1. Trigger or initiation of a guest identity
    • Who or what processes can trigger the provisioning of guest identity?
    • Are guest identities in a separate data store or in same data store as identities of employees and students?
    • Do guest identitiess require an explicit sponsor or approval - an explicitly designated person or unit or system responsible for the guest identity? 
  2. Guest identity data
    • What data is required about the guest? legal name, SS# or other government identifier, dob, email address, other?
    • Is supplied data verified or vetted?  Is data matched against existing systems of record to avoid duplicates?
    • (How) is the source of this data retained? (for example, saving a copy of a form, a copy of a photo ID)
    • Do guest receive a netID or local equivalent in the same namespace as employees and students?
      If a separate namespace, how is namespace collision avoided?
    • Is there an explicit indication in identity record of guest origin (for example, an indicator of the sponsor)?
    • What eduPersonAffiliation values are or may be provisioned to guests?  
  3. Uses of guest identity
    • Does the guest identity receive automatically-provisioned service accounts that employees or students automatically receive
      (e.g., automatically provisioned email account or address in the domain of the institution)?
    • Do guests appear in the institutional on-line directory?  Designated as guests or affiliates to distinguish from employees and students?  Sponsor shown with record?
    • Can guests edit their record with self-service data (contact information, description, etc.)?
    • How do guests receive an initial password, claim accounts, or reset passwords? 
    • Can guests rely on external authentication (e.g., Facebook or Google) for access to institutional information resources?  
      Has this feature been requested?
    • (How) are guest identities asserted with an explicit level of assurance?
  4. Deprovisioning
    • What is the maximum amount of time a person can be affiliated as a guest before requiring renewal?
    • What other events can lead to deprovisioning or invalidating a guest identity?
    • If guests are explicitly sponsored, what occurs when the sponsor leaves?
    • (How) do you control guest identities so as to provision only a single guest identity to a person?
    • Are guest accounts ever converted to non-guest identities using the same identifier?

  • No labels