Migrate to Federated Identity Use Case

From IDESG Wiki
Jump to: navigation, search

Status: Proposed This Use Case is under development by members of the use cases ad hoc group.


Title: Migration to Federated Identity / Identity Linking


Use Case Description: A human user that possess a username and password for a web site is able to link their federated identity to their identity on the web site, and use that identity to access the web site in the future.


Use Case Category: Authentication Related


Contributor: Adam Lewis - Individual - Unaffiliated


Use Case Details

Actors:


Goals / User Stories: The goal here is to aid migration to an NSTIC ecosystem. The average human user today has dozens of identities on the Internet, some may even have hundreds. The human user should be able to obtain an identity from an identity provider and use that identity to access their data on relying parties which hold a unique identity for the user. The user should be able to link these identities together such that in future visits to the relying party, they may use only their federated identity and be capapble of accessing their data. The user should also be provided the ability to delete their local password.

Assumptions: It is assumed that the user already has one or more identities provisioned at web sites on the Internet. It is assumed that the user has since created a federated identity that is authenticated by a third-party identity provider.


Requirements:

  • The relying party must enable the user to link their federated identity to their existing account info.
  • The relying party must enable the user have the option of destroying their password credential on the site.


Process Flow:


Success Scenario: The user's federated idetnity is linked to their legacy identity on the relying part.


Error Conditions:


Relationships

Extended by: Use Case:Remote Identity Proofing, Use Case:In-person Identity Proofing

References and Citations