...
Provisioning required? | Duplicates allowed? | Persistence required? | Strong match possible? | Recommended Identifier | Example Applications |
|---|---|---|---|---|---|
Y | Y | Y | Y | Kuali, Travel? | |
Y | Y | Y | HRLMS non-employees | ||
Y | Y | Y | ePPN | ||
Y | Y | ePPN | |||
Y | Y | Y | HRLMS employees | ||
Y | Y | Not feasible | |||
Y | Y | ||||
Y | Not feasible | ||||
Y | Y | Y | ePTID | ||
Y | Y | ePTID | Library services | ||
Y | Y | ePTID | |||
Y | ePTID | ||||
Y | Y | AYSO | |||
Y | Not feasible | ||||
Y | |||||
Not feasible |
The "Strong match possible?" column specifies whether it is possible to acquire SSN and date of birth from the target user community for the application (in order to assign a UCnetID).
Note that we have no recommended identifier for applications that require provisioining and persistence, and we are starting to see applications that require such identifiers. UC's new system-wide training management system is a good example of such an application.
Applications that Cannot Accomodate Long Identifiers
Other than UCnetID, all of the identifiers mentioned here can be very long. For example, if a UUID, which is typically written as 36 characters, were used for the campus part of the a scoped attribute, then the maximum length of the value of that attribute for UC Berkeley would be 49 characters (36 for the UID, plus 13 for "@berkeley.edu"). This is longer than the maximum length of a user ID for many applications, and eduPersonPrincipleName can be even longer.
Proposal
Implementation of the University of Washington's alternate implementation of eduPersonTargetedID (or waiting for it to become part of the standard Shibboleth distribution) should give us a fairly complete set of identifiers that can be used by applications within UCTrust, except for applications that cannot accomodate long identifiers.
...
Recognizing that migration to long identifiers will not be trivial for many applications, however, a new attribute, UCTrustCampusIDShort, will be available for a limited transition period, no more than five years. It will not exceed 12 characters in length, it will contain only alphanumeric characters, and its persistence will not be greater than five years. UCTrustCampusIDShort will also have the following properties: *
- It will be scoped in a non-standard way. The format will be two characters to designate the UC location, followed by no more than 10 alphanumeric characters assigned by that location. For example, "RI1234567890" could designate Jane Doe at UC Riverside. The following are the two-character location codes:
...
- BE - UC Berkeley
...
- DA - UC Davis
...
- IR - UC Irvine
...
- LA - UC Los Angeles
...
- ME - UC Merced
...
- RI - UC Riverside
...
- SD - UC San Diego
...
- SF - UC San Francisco
...
- SB - UC Santa Barbara
...
- SC - UC Santa Cruz
...
- OP - UC Office of the President
...
- LB - Lawrence Berkeley National Labs
...
- It will not be reassigned to more than one person by the same campus within the five-year lifetime of the identifier.
...
- Duplicate identifiers for an individual should be rare from a single campus, but are allowed. Duplicates will occur for people who are assigned UCTrustCampusIDShort's by multiple campuses.
...
- UCTrustCampusIDShort will be deprecated on or before August 1, 2012. If at any time before that date there are no current applications that need UCTrustCampusIDShort to operate, the UCTrust Work Group may choose to deprecate it sooner.