diff --git a/person-identifiers.adoc b/person-identifiers.adoc index 12011fa..dd65d06 100644 --- a/person-identifiers.adoc +++ b/person-identifiers.adoc @@ -20,7 +20,7 @@ Editor: {Editor}, {Email} ==== Definitive Statement of Identifier Characteristics for HE and Research https://wiki.shibboleth.net/confluence/display/CONCEPT/NameIdentifiers -==== Unique across the IdPs population Y/N? +==== Unique across the IdPs population (Y/N) - *COmanage*, external identifier are tuples: {Identifier for the external source, PersonID assigned by that source} Enter ePPN, or link in email for new ppl being added + @@ -38,30 +38,34 @@ globally unique by inclusion of a scope element or domain identifier + mP can generate any other unique id and share with external systems + -==== name-based or otherwise recognizable? Y/N +==== name-based or otherwise recognizable? (Y/N) Generally, internal ida are not name-based -==== opaque (not name-based or otherwise recognizable) Y/N +==== opaque (not name-based or otherwise recognizable) (Y/N) -==== permanent +==== permanent (Y/N) Minimally: identifier is expected to represent the same person over time. Changes are rare but some situations in which identifier merges are necessary. -==== Non re-assignable (once assigned -A given identifier value will never be reused and assigned to another person) +==== Non re-assignable (Y/N) +Once assigned a given identifier value will never be reused and assigned to another person) + +==== Pairwise (formerly called targeted id) (Y/N) -==== Pairwise (formerly called targeted): A person has a different identifier for each service or resource provider with which they interact -=== What is the primary, wholly internal person identifier in your package? + +=== Discussion + +==== What is the primary, wholly internal person identifier in your package? COmanage: identifier modules to generate identifiers with the desired characteristics; KeithL: If you make a REST call: here's user, get the OID, use that in the actual REST call -=== What identifier(s) do you expose to other packages? Internal ID plus tuple source/identifier +==== What identifier(s) do you expose to other packages? Internal ID plus tuple source/identifier generate anything you want, configurable; DO NOT USE OID; mP API is a case where you could use OID, - Do you maintain a crosswalk between each external system identifier and your internal identifier?