This page is being used to collect potential use cases related to a centrally manged Social-to-SAML Gateway. They will be discussed on the May 21, 2012 socialidentity working group conference call.

  1. Jane Doe invites John Smith (a member of the local community) to participate in her course for two weeks as an adjunct instructor. She goes to the campus instance of MACE Grouper and sends to John's personal Google account an invitation to become a member of the INSTRUCTORS group for her course. John receives the email, and clicks on the enclosed url. This takes John back to the campus instance of MACE Grouper, and he is asked to identify his Identity Provider; he selects Google. This takes him to the centrally managed Social-to-SAML Gateway, and on to Google. He authenticates at Google, approves releasing attributes, is returned transparently to the Social-to-SAML Gateway, which forwards him back to the campus instance of MACE Grouper, which now recognizes him as an authenticated user. John clicks ACCEPT, and is added as a member of the INSTRUCTORS group.
  2. Emily Doe invites Bucky Doe (her dad) to view her billing and grade information.  This information is stored in PeopleSoft.  She goes to the provided interface from which she provides her father's email address.  Bucky is sent an email and clicks on the enclosed URL.  This takes Bucky to a specialized PS page where he selects his Identity Provider (or some language more user friendly), and he selects Google. This takes him to the centrally managed Social-to-SAML Gateway, and on to Google. He authenticates at Google, approves releasing attributes, is returned transparently to the Social-to-SAML Gateway, which forwards him back to the campus PS service, which now recognizes him as an authenticated user.
  3. Chuck U. Farley has accepted a postion with the University.  Before his hiring can be completed, he must log into the campus PeopleSoft instance and complete information that will be used in a criminal background check.  Prior to accessing this workflow, he is directed to an interface where he provides his email address and identifies which Identity Provider this email address is associated with.  After completing this form, Chuck is sent an email and clicks on the enclosed URL.  This takes Chuck to a specialized PS page where he selects his Identity Provider (or some language more user friendly), and he selects Google. This takes him to the centrally managed Social-to-SAML Gateway, and on to Google. He authenticates at Google, approves releasing attributes, is returned transparently to the Social-to-SAML Gateway, which forwards him back to the campus PS service, which now recognizes him as an authenticated user.
  4. Systema D'Min manages the Visiting Committee Portal of which Don Or, a very influential person in the community, is a member of the committee. Systema needs to enable Don to access the private areas of the portal, and due to various reasons Don doesn't want to be bothered with yet another account and password. Systema, knowing Don's Google address, enters it into the local ACL for the portal and requests that Don login. Don follows the link, at the portal selects Google, is sent transparently through the central gateway to Google, authNs & consents, and is sent back to the portal.
  5. There is a conference being held at the university and the sponsor would like to grant wireless network access to the addendee's. The sponsor would prefer to collect the attendee's social identities in the registration process and have the guest network access to be granted the collected social identities. 
  6. A student needs to register for admissions status at the university.  At this stage in the process, we want to allow them to use social credentials to login to systems that they'll need to use throughout the admissions process, before provisioning a campus network ID for them.  When their net ID is eventually created, the social ID is kept in their identity record for future use, possibly for use case 7.
  7. Someone with a university network ID needs to reset their password in a low-assurance way.  Linkage of their existing net ID credential with a known social ID or IDs might enable this process.
  8. A contractor needs to be able to access a workflow system to sign off on a step in the workflow process.  We don't want to provision them a campus network ID to do this, so we allow them to sign off on the workflow using a social ID, sent via email to the address of their (gmail, office365, etc.) cloud provider, which is also their social IdP.
  9. Project Bamboo provides identity and access management services as part of its mission to support research projects in the humanities across institutions and national borders, including projects in which participants may be affiliated with a university or be 'citizen scholars.' Bamboo maintains a thin notion of user profiles, and also provides a Bamboo-namespaced identifier that permits users to identify themselves as the same "Bamboo person" via multiple identity providers (i.e., via an account linking service). Project Bamboo would welcome an opportunity to leverage another consortium's social-to-SAML gateway and discovery service in the same spirit it "oursources" identity provision to universities and social identity providers. An assumption of the account linking scenario is that Bamboo, as a Social-SAML gateway relying party, would expect to see both a user identifier and an identifier for the IdP used to authenticate in any given AuthN event on the gateway.
  10. Library "walk-in" user needs access to library services provided to all state citizens at a State University/College ... (would prefer someone more familiar with library systems to complete this one - if it's deemed a valid use case).  There would likely be a "local device" requirement for access to resources.
  11. Continuing Education is moving Brown Pre-College online courses to Canvas from a vendor (LogicBay).  In an effort to be more flexible, nimble with our design, and able to respond quickly to market changes in online learning, we plan to modularize some of the existing courses and offer modules for free to entice students to take the full course.  With a universal sign on, we have the ability to track and communicate with these potential students.  Merely making a course public does not allow a user to experience the course activities.  Target timeframe could be as early as Spring 2013 if the access issue is resolved.
  12. The IE Brown Program offers online Master Courses in the IE LMS (Blackboard) to highlight the calibre of its courses.  Anyone interested in the MBA program is able to attend these mini Master courses to get a feel for the online platform and content associated with the program.  We would like to provide a similar experience in Canvas for potential students in our other Executive Masters programs.
  13. Continuing Education currently offer lectures and free short-term courses to the public on a variety of topics.  CE would like tto offer similar programs and short courses online.
  14. Colleagues from other institutions often share course design and online formats.  (Colleagues have shared their online courses with Brown from Dartmouth, UF, UCF, and UND)  There should be an easy way for a course owner to provide access to a course without making it public.  The public option does not allow student participation, nor does it allow us to track participants in the way a universal sign on would.  
  15. The Brown Center for Alcohol and Addiction Studies offers a certification program for practitioners.  They would have liked to be able to use Canvas to delivery some of their courses, but had to go to an outside vendor (and pay considerably more) because their students would not have Brown credentials.
  16. Professors at other universities (who are doing more with online learning and technology integration) often invite guest lecturers, speakers, and other students to collaborate in the online space.  There should be an option for short and/or long term guest access to support this collaboration.
  17. Peer Institutions are offering free and open courses in a variety of different formats.  While Brown is not currently planning this, it could come up in the very near future.  We should be prepared for a variety of scenarios.
  18. There have been cross-institutional courses at Brown (such as the Brown/Tougaloo collaboration) where the students and instructor from the non-Brown institution needed access to the course management system and other teaching tools. (Could be addressed by the same solution as #1?)
  19. A Brown course may want to open an assignment or discussion to the outside world such as take a poll, answer a discussion questions of enter a chat. This would require authentication on the fly.
  20. A Brown class may want to allow an outside reviewer or researcher access to confidential class information (commenting on a final project, reviewing confidential research data). The outside expert would not only need access but also be given authorization to view confidential materials (some kind of sign-off).
  21. Brown may want to make some materials available to prospective students - need authentication on the fly - temporary access.