Proposal
By the GLN Policy implementation due date
- Campus IdPs must support release of Lived Name values in UCTrust-defined "Name attributes"
- Campus IdPs are not required to support communication of Legal Names through UCTrust SSO services
"Name attributes" refers to these attributes:
- First Name/givenname
- Last Name/sn
- Full Name/cn
- Display Name/displayname
Implications/Pros and Cons
Lived Name values in Name attributes
This portion of the proposal clarifies that applications receiving user "Name attributes" via UCTrust SSO can assume that the values they receive represent current Lived Name information.
UCTrust sees this as a necessary capability in support of the UC GLN policy. This should also greatly simplify GLN compliance for applications that leverage UCTrust SSO to capture user profile information.
Campuses SSO not required to provide Legal Name
Several campuses plan to exclude "Legal Name" information from their IAM and SSO systems. This point clarifies that applications leveraging UCTrust SSO cannot assume that Legal Name information will be available, even if the application has a justification for requiring access to this information. Applications that require access to authoritative Legal Name information will need to implement other mechanisms to obtain this information.
If there is a systemwide need for applications to be able to request Legal Name information via UCTrust SSO, this will require at least some campuses to develop new solutions for consuming, managing and tracking access to Legal Name information. For those campuses this will represent an increase in the scope of their local UC GLN policy implementation projects.
Disposition
Approved by unanimous vote of UCTrust attendees in December 2022. Communicated to CIOs (with no objections noted) in March 2023.
References
- UC Gender and Lived Name Policy: https://policy.ucop.edu/doc/2700693/GRLN
- UCTrust Standard Attributes
- UCTrust Names and UC GRLN Policy FAQ