DRAFT - Outline for Final Report - DRAFT

• Executive Summary
• Types of IDs
• Internal SP Identity
• Institutional Identity
• Federated Identities
• Social Identities
• Known Assurance Identities
• Use Case Dimensions
• Longevity of identity
• Length of association (one-shot vs. short term vs. etc.)
• Identities that are tied to/dependent on existing Identities (e.g., Parent access to student’s grades or research partner access to local researcher’s project)
• Associations that extend beyond traditional (local) IAM lifecycle (prospect, alum, ex-employees)
• Sensitivity
• Need for LoA
• Need for MFA(?)
• Other needs(?)
• Level of linking to internal identities/environment/Level of Integration with IAM
  • Identities used to access a single SP
• Linking external identifiers to (institutional) IAM entries (e.g., students using FB/Google as credential for campus account)
• Creating new (institutional) IAM entries based on external IDs (e.g., VOs creating entities for external people)
• Risks, Concerns and Issues of leveraging External IDs
• Discussion of ACAMP concerns/issues list (External Identities Workgroup Meeting at ACAMP - 2014-10-27)
• Architectural Approaches for integrating external identities
• Directly at the SP
• With an invitation service
• With an externalized authz service
• Leveraging a gateway
• Recommendations (do we need a separate section, or should these be in the previous sections?)
• Specific Issues/Appendices (Items on the charge list not necessarily directly addressed above, or documents we've created to link to but not include directly)
  
  • Criteria for selecting external providers in a variety of usage scenarios
  • How a gateway would represent the properties of an external account to an application (?)
  • Approaches to account linking