Migrate to Federated Identity Use Case
Status: Proposed This Use Case is under development by members of the use cases ad hoc group.
Title: Migration to Federated Identity / Identity Linking
Use Case Description: A human user that possess a username and password for a web site is able to link their federated identity to their identity on the web site, and use that identity to access the web site in the future.
Use Case Category: Authentication Related
Contributor: Adam Lewis - Individual - Unaffiliated
Use Case Details
- Actor:Human User – wants to obtain access to the web resource
- Actor:Identity Service Provider – performs primary authentication of the claimant using credentials
- Actor:Relying Party – wants to have some level of assurance about the identity of the claimant
Goals / User Stories: The goal here is to aid migration to an NSTIC ecosystem. The average human user today has dozens of identities on the Internet, some may even have hundreds. The human user should be able to obtain an identity from an identity provider and use that identity to access their data on relying parties which hold a unique identity for the user. The user should be able to link these identities together such that in future visits to the relying party, they may use only their federated identity and be capapble of accessing their data. The user should also be provided the ability to delete their local password.
Assumptions: It is assumed that the user already has one or more identities provisioned at web sites on the Internet. It is assumed that the user has since created a federated identity that is authenticated by a third-party identity provider.
- The relying party must enable the user to link their federated identity to their existing account info.
- The relying party must enable the user have the option of destroying their password credential on the site.
Success Scenario: The user's federated idetnity is linked to their legacy identity on the relying part.
References and Citations