Entity Category Use Case Scenarios

Entity Category Use Case Scenarios

The SeamlessAccess project has a number of initiatives that are designed to improve the wider world of federated authentication beyond just the SeamlessAccess service. Recognizing that existing solutions weren’t suitable for many of the use cases that libraries and publishers have in today’s information landscape, SeamlessAccess has led a number of efforts to improve the flow of authentication and authorization.

The first of these was the Entity Category working group. Entity categories represent agreements between identity providers (libraries or IT departments) and content providers (publishers or vendors) on the nature of user accessing a service. This working group proposed new Entity Categories for use in the configuration of federated authentication systems that outline which attributes about the user are passed from a subscribing organization to a service provider. These two new Entity Categories (Anonymous and Pseudonymous), which were approved by REFEDS earlier this year, give libraries and service providers the technical specifications needed to manage attribute sharing and protect user privacy. But, as we know, technical solutions aren’t always enough, and we discovered that there was a dearth of useful contract language currently that addresses federated authentication at all, much less specifies these new Entity Categories as the standards for technical implementations.

To help in this area, SeamlessAccess convened the Contract Language Working Group, whose job it is to build on the Entity Category work to produce a toolkit for use in contracts between libraries and service providers (and for service providers to have as a reference for library requirements). This group is working to develop model language that can be used to update contracts and documentation to help libraries and providers choose the appropriate entity category for the resource and outcomes they desire.

Today, the Contract Language Working Group is happy to release its Entity Category Use Case Scenarios document for comments. From the introduction to the document:

The goal of this document is to outline the various use cases in order to determine the overlap between user access, authentication and authorization, attribute release, and entity categories used in the federated authentication communication between the Identity Provider and the Service Provider. These use cases will be used to ground the contract language in real world examples.

Comments may be left directly on the Google Doc, and we will be revising as necessary as we move forward in our work and towards the release of the full Contract Language Toolkit. We look forward to your feedback.