DRAFT - Outline for Final Report - DRAFT
- Executive Summary
- Types of IDs
- Internal SP Identity
- Institutional Identity
- Federated Identities
- Social Identities
- Known Assurance Identities
- Use Case Dimensions
- Longevity of identity
- Length of association (one-shot vs. short term vs. etc.)
- Identities that are tied to/dependent on existing Identities (e.g., Parent access to student’s grades or research partner access to local researcher’s project)
- Associations that extend beyond traditional (local) IAM lifecycle (prospect, alum, ex-employees)
- Sensitivity
- Need for LoA
- Need for MFA(?)
- Other needs(?)
- Level of linking to internal identities/environment/Level of Integration with IAM
- Identities used to access a single SP
- Linking external identifiers to (institutional) IAM entries (e.g., students using FB/Google as credential for campus account)
- Creating new (institutional) IAM entries based on external IDs (e.g., VOs creating entities for external people)
- Risks, Concerns and Issues of leveraging External IDs
- Architectural Approaches for integrating external identities
- Directly at the SP
- With an invitation service
- With an externalized authz service
- Leveraging a gateway
- Recommendations (do we need a separate section, or should these be in the previous sections?)
- Specific Issues/Appendices (Items on the charge list not necessarily directly addressed above, or documents we've created to link to but not include directly)
- Criteria for selecting external providers in a variety of usage scenarios
- How a gateway would represent the properties of an external account to an application (?)
- Approaches to account linking