Refeds


Subject Re: Re: [MACE-Dir] eduPersonSubjectIDGUID
From Nicole Harris <nicole.harris@xxxxxxxxx>
Date Thu, 22 Oct 2015 21:03:38 +0100

The Americas are noisy tonight :-)

I think I would just say "a clearinghouse could be set up" and drop the eduGAIN bit - not that it couldn't be there, but that might just distract people from the concept by declaring a home from the outset and you probably want them to focus on the concept right now.  There is no specific reason why this would be edugainish other than trusted source concepts.

I guess this was the first thing that came to mind when you raised this: http://projects.switch.ch/eduid/about/. Not the same approach, but similar problem set.


On 22/10/2015 17:34, Nick Roy wrote:
I say, "great idea" :-)

From: Keith Hazelton <keith.hazelton@xxxxxxxx>
Date: Thursday, October 22, 2015 at 10:33 AM
To: Nick Roy <nroy@xxxxxxxxxxxxx>
Subject: Re: [MACE-Dir] eduPersonSubjectIDGUID

Nick,

What do you think of posing this question on Refeds as well?    —Keith
-- 
email & jabber: keith.hazelton@xxxxxxxx

From: <mace-dir-request@xxxxxxxxxxxxx> on behalf of Nick Roy <nroy@xxxxxxxxxxxxx>
Date: Thursday, October 22, 2015 at 11:27
To: MACE-Dir <mace-dir@xxxxxxxxxxxxx>
Subject: [MACE-Dir] eduPersonSubjectIDGUID

Hello,

I've seen the subject of type 4 (https://en.wikipedia.org/wiki/Universally_unique_identifier#Version_4_.28random.29) UUIDs or GUIDs as a way to create a globally unique (with no need for scoping) identifier across systems without any kind of coordination or state sharing between them crop up recently.

With all the talk of nameIDs that can change/be reassigned, and targetedIDs not providing the type of valuable "collusion" (I prefer the word "coordination" in this positive context) that VOs need, and scoped IDs being hard for a lot of systems to deal with, I would like to ask this group:

Is it time for a new eduPerson attribute along the lines of "eduPersonSubjectIDGUID" (or whatever you want to call it) which is just a permanent-per-person, portable, non-reassignable, globally unique and non-scoped type 4 UUID?  This would allow it to be created for a person at their home institution at the time the home institution adopts this schema extension in their IAM system.  It could be used as a persistent ID and asserted to "everyone" "by default."  A clearinghouse of these values could be set up in eduGAIN and provide global account linking.  It could then become standard practice when someone leaves an institution to tell them to access this service with their account before they leave, and immediately access it with their new account when they get to their new institution.  When they access the service at the new institution, it could send them an email containing information about how to tell their local IAM people their existing value.  If an IAM system registers for messages from this service, it could get these values auto-provisioned.

Thoughts?

Thank you,

Nick

-- 
Nicole Harris
PROJECT DEVELOPMENT OFFICER
GÉANT - Amsterdam Office
M: +31 (0) 646105395
Skype: harrisnv

Networks • Services • People 

Learn more at www.geant.org​