Subject Re: Re: [MACE-Dir] eduPersonSubjectIDGUID
From Nick Roy <nroy@xxxxxxxxxxxxx>
Date Thu, 22 Oct 2015 17:46:27 +0000

On 10/22/15, 11:17 AM, "mace-dir-request@xxxxxxxxxxxxx on behalf of Peter Schober" <mace-dir-request@xxxxxxxxxxxxx on behalf of peter.schober@xxxxxxxxxxxx> wrote:

>* Nick Roy <nroy@xxxxxxxxxxxxx> [2015-10-22 18:27]:
>> Is it time for a new eduPerson attribute along the lines of
>> "eduPersonSubjectIDGUID" (or whatever you want to call it) which is
>> just a permanent-per-person, portable, non-reassignable, globally
>> unique and non-scoped type 4 UUID?
>I'm not aware of some of the issues with current identifiers you hint
>at, but are we not confronted with several proposals for wide-scale
>deployment of omni-directional (non-targeted, correlatable)
>identifiers these days?  Both eduPersonUniqueID as well as ORCID seem
>to fill most of that (percieved) gap? ORCID also comes with an
>authentication service, possibly linked to existing federated

The only difference is using a type 4 UUID lets you not have this be scoped, and guarantee universality without coordination.

>I have not yet taken the time to fully understand the part about the
>linking service and IDP of last resort, but I take it that's a
>consequence of your permanent-per-person / portable requirement?
>  Much like the auEduPersonSharedToken[1], which IIRC was defined to be
>portable from one institution to another, though I have yet to hear a
>secure process for doing that?
>  So in order to avoid the issues of communicating identifiers between
>institutions the subjects themselfs now need to take care of that by
>linking accounts in time (while they can)?


>Anyway, maybe a bit early for a cross-post to REFEDS...

Possibly... oh well.

>Best regards,