diff --git a/person-identifiers.adoc b/person-identifiers.adoc index e20fc28..12011fa 100644 --- a/person-identifiers.adoc +++ b/person-identifiers.adoc @@ -23,19 +23,19 @@ https://wiki.shibboleth.net/confluence/display/CONCEPT/NameIdentifiers ==== Unique across the IdPs population Y/N? - *COmanage*, external identifier are tuples: {Identifier for the external source, PersonID assigned by that source} -- Enter ePPN, or link in email for new ppl being added -- COmanage: In general, a multi-values list of identifiers paired with a source identifier; there is a non-shared internal ID -- Refereence ID: two match modes: Match up front; config. COmanage to match based on RefID. registry gets a ref id, and stores it -- Match API backend is just a database that understands ref id and sourceID, rovision to LDAP, point Grouper subject source at LDAP; +Enter ePPN, or link in email for new ppl being added + +COmanage: In general, a multi-values list of identifiers paired with a source identifier; there is a non-shared internal ID + +Refereence ID: two match modes: Match up front; config. COmanage to match based on RefID. registry gets a ref id, and stores it + +Match API backend is just a database that understands ref id and sourceID, rovision to LDAP, point Grouper subject source at LDAP - *Grouper* defines "id" as person identifier and "identifier" as potentially anything that can uniquely identify a person -- Person identifiers indicate a single person in a system, but any attribute unique to the person can serve as an identifier for search queries: E.g., email, name, LoginID,... -- Grouper external users: ePPN serves as the identifier in the subject source +Person identifiers indicate a single person in a system, but any attribute unique to the person can serve as an identifier for search queries: E.g., email, name, LoginID,... + +Grouper external users: ePPN serves as the identifier in the subject source + -*midPoint:* OID is permanent, not shared name is a name-based identifier (other could be added), can change if needed, could be a campus id that users tend to know -- globally unique by inclusion of a scope element or domain identifier -- mP can generate any other unique id and share with external systems +- *midPoint:* OID is permanent, not shared name is a name-based identifier (other could be added), can change if needed, could be a campus id that users tend to know + +globally unique by inclusion of a scope element or domain identifier + +mP can generate any other unique id and share with external systems + ==== name-based or otherwise recognizable? Y/N