|
|
|
Account linking is, in principle, a simple process of joining user’s digital identities. Users have to prove that they own two or more digital identities, which are consecutively linked together in the identity management system. CESNET has very positive feedback on ELIXIR workflow for account linking. User signs in with one identity, then with a second one, and the identities are linked. The positive feedback is coming not only from the ELIXIR community but also from users from other communities, even outside the life-science area. The significant issue of the workflow is its user interface, which is still too complicated for users to navigate through smoothly. Because the process consists of several steps, skipping one step or leaving the linking process unfinished makes it even more prone to errors. Users need a straightforward interface that will guide them step-by-step through the whole process. |
| The goal of the topic is to develop a new web application for account linking, test it with end-users and improve it based on user feedback. The application has to support a recommendation system that tries to guess linkable identities. It also has to deal with all possible situations in a user-friendly way. The situations include linking identities that already belong to different registered users or linking identities neither of which belongs to a registered user. |
The account linking application will work with the OIDC protocol only. Based on the AARC Blueprint architecture, the proxy component can translate other protocols to OIDC, so the account linking application does not have to handle other protocols. Most of the application logic will be standalone but it will expect an IdM system as a backend for storing linked identities. |
From the view of authentization proxy is the benefit for consolidating and for user is benefiting in a way he can login with any of his accounts. The migration between the home organization would become very simple. And because of linking we can use multiple attributes from all the accounts. |
It might happen that someone works already on a similar project or publishes before the activity ends. Another one is that the application wont be used outside of the Perun project. Another risk is with the self-sovereign identities the account linking won't be needed anymore. |
Application is not the privacy hotspot itself, other components will be. Application will be designed to work with the smallest amount of data. The data will be stored at backend, which is not part of the application. |
|
The application will be part of the ecosystem of Perun. |
| A working prototype including architecture documentation was created. |
Date | Activity | Owner |
|---|---|---|
15.10.21 | Incubator on hands | Niels van Dijk |
| 22.02.22 | Public demo | Niels van Dijk |
| 03.05.22 | Final demo | Niels van Dijk |
