Scribing Template -Tues., Nov 12, 2013 at 1pm - Monterey Room
TOPIC: Account Linking, Part II
See also Account Linking Part I
CONVENER: Roland Hedberg
SCRIBE: Mark Scheible, Adele Guerzon
# of ATTENDEES:15
MAIN ISSUES DISCUSSED:
Users have multiple accounts, many passwords to remember
Use different credentials for access to different services, and could have multiple credentials accessing the same resource (user may not remember which credential they used) (e.g. University credential and a Social Identity) * Could present a big problem when the accounts have different LOAs
For example:
- Applicant to university using social identity to apply (credential) and be given access to some lower risk applications
- Then after admission, is granted a university credential and might now use the university credential to access the same resources
- After graduation, user is migrated back to the social credential for accessing alumni resources
- Any life-cycle transitions of a University member, particularly when there are "gaps" in membership (maybe using a social identity)
Roland has money to fund research/development for 3 people for 3 years - exploring Account Linking in Europe
Possible use of ORCID (identity "outside" of University), however, they don't want to be used in this way (to link?)
Linking of accounts, however, individual identities would also likely be captured/linked
Linking service would need to know all the protocols (?)
Could be used to enrich a profile about an individual (capturing information about the user from different account sources)
If any of the accounts is compromised, access to resources used by all of the linked accounts may also be compromised (or at least accessible)
Some mitigation of phished accounts if the user is logging in primarily from the United States, and is suddenly accessing resources from a login in another country at the same time
Central linking service that resolves user accounts as belonging to an individual (multiple accounts/identifiers) - possibly issue another credential from the linking service?
Persistence of identifier (account) is critical - two different individuals could end up owning the same credential (issued by the same vendor) that could be linked to other accounts
Possibly Linking Service could limit the timeframe that the "linking" is good for (might need to be re-linked after a period of time?)
Another example - Continuing Education (or Distance Education, or MOOCs) might allow users to use a Social Identity to register, even if they have a campus credential (linking those user accounts somehow?)
User-centric credential might be more useful than institutional credentials (particularly for shorter-term timeframes)
"Lifetime" accounts that are frequently issued by a university have a low percentage of use after the individual leaves the university
Is maintaining a credential beyond "membership" worth the effort? ( they don't really use the resources after they leave)
Maintaining an individual's identity after they leave (for all students) is likely not worth it - credential ONLY the users that require (and come back for) services
Account linking for the service Roland has in mind would be voluntary (not a requirement)
ACTIVITIES GOING FORWARD / NEXT STEPS:
Follow Roland's adventures, and hear about the project at the next ACAMP!
If slides are used in the session, please ask presenters to convert their slides to PDF and email them to acamp-info@incommon.org