This page captures relevant criteria upon which External ID providers might be assessed, along with group members' comments. Its purpose was only to structure discussion of the criteria and should not be considered a final product of the work group.
Should Required vs. Desired vs. Optional answers be identified separate from assertions? Note that if so, which answers are Required, etc. will vary based on which solution approach is taken.
Desired Reponses from... |
Reassign |
Pwd Policies |
MFA |
ID Proof |
Attributes |
Attr Stability |
Release |
Consent |
Consent Expr |
MFA Expr |
Directed vs. Static |
Mission |
Stability |
EULA/ Terms |
Cost |
Audits |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Eric Goodman |
No reuse/ |
Ideally Silver compatible |
Ideally |
Varies by use case |
Required: UserID; |
Indefinite |
Ideally granular |
Ideally |
SAML Attribute |
SAML AuthnContext (and/or attribute?) |
Static preferred. In some use cases static is required. |
Non-user tracking/privacy preserving is ideal |
Always good |
??? |
$0 or low |
NIST LoA 1 |
David Walker |
Non-reassigned identifier available |
Silver / LoA-2, but depends on use case. |
Yes, but depends on use case |
Depends on use case |
Non-reassigned identifier, email |
Documented |
Documented |
Yes |
Documented |
SAML AuthnContext (and/or attribute?) |
Documented |
Non-user tracking/privacy preserving is ideal |
Always good |
Documented |
$0 or low |
NIST LoA 1 (LoA 2 desired) |
Mary Dunker |
never reassign unique identifier |
Comparable to Bronze or Silver - depending on use case |
a desirable option |
Varies by use case. Important to publish ID Proofing, if any is done |
R&S attributes |
Document |
Document |
yes - required |
SAML Attribute |
SAML AuthnContext (and/or attribute?) |
Document |
Non-user tracking/privacy preserving is ideal |
Good - Document |
Document |
$0 |
NIST LoA 1 |
John Breen |
No reuse |
Depends on use case. |
Support Required |
By use case |
non-reassigned id |
Documented |
Documented |
Case by case. Some attr. no consent (unique id). |
SAML attribute |
SAML AuthnContext (and/or attribute?) |
Documented |
Non-user tracking/privacy preserving is ideal |
Good - provable via documentatioin/metrics |
Documented |
$0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Legend