Defining Use Cases for Federating Library Services

["Dale,Andy" <>]

I mentioned Kim Camerons ‘Law’ of Minimal Disclosure… not sure if it was a recognizable reference so here’s the link:

http://www.identityblog.com/?p=352 I don’t agree with Kim 100% but I certainly find the ‘Laws’ useful to keep in mind as sanity checks.

 

It appears that the months of threads on the OpenID, InfoCards and IdentityGang lists didn’t actually result in anyone writing anything down with regards to the definitions we were looking for.  However there are some useful definitions  and links at: http://wiki.idcommons.net/Lexicon and http://www.ituwiki.com/Living_List_of_Identity_Management_Terminology including links to the SAML glossary which is obviously close to our hearts.

 

In terms of the categorization of use cases it appears that our original 3 categories

 

1. re-identifiable

2. partially anonymous

3. mostly anonymous

 

Is actually identifying the types of identifiers that ‘should’ be used (could be used?).

 

In pure SAML terms they would map to:

1.         

2.     urn:oasis:names:tc:SAML:2.0:nameid-format:persistent

3.       urn:oasis:names:tc:SAML:2.0:nameid-format:transient

 

where anything that might fall into our original 1.; like student_ID, SSN# (god forbid), barcode… should probably be passed as an attribute associated with either a transient or persistent id.

 

The required transmission of such attributes would then be covered by the ‘Disclosure Requirements’ for the use case.

 

I think I actually missed the original problem statement that we were addressing with the usecase grouping so I may be totally off base.

 

Andy