Use Cases: AAMC Identifier in Identity Management Systems
(Draft)

Below are some example use cases in which the AAMC (Association of American Medical Colleges) identifier may be well-positioned to function as the "glue" to uniquely identify users, *IF* they are members of a group for which the AAMC provides this service, e.g. physicians who attended medical school in the US, or faculty at US and Canadian medical schools have all been issued an AAMC identifier at first contact with a system or service provided by AAMC. According to their website, at the time this document was being prepared, AAMC currently represents:

• the 125 accredited U.S. medical schools
• the 17 accredited Canadian medical schools
• some 400 major teaching hospitals, including 98 affiliated health systems and 68 Veterans Affairs medical centers
• 94 academic and professional societies, representing 109,000 faculty members
• the nation's 67,000 medical students and 104,000 residents

NOTE: The following use cases are hypothetical, and for discussion purposes only. AAMC is not currently supporting any of these in any way.

Use Cases

(1) Problem: provide a resource to some category of medical personnel (e.g. training, certification), and you don’t have your own database of people – you haven’t issued them IDs. You want to authenticate users but you don’t want to manage their identities.

Proposed Technical Solution: AAMC is setup as a Shibboleth-enabled Identity Provider (IdP), the service providing access to AAMC identifiers is Shibboleth-enabled, when users attempt to access your resource they are directed to AAMC to login. You receive the AAMC identifier via system-to-system connection. Then the user is keyed by AAMC identifier for later access.

Requirements:

• AAMC acts as Shibboleth Identity Provider (IdP)
• Resource-providing institution offers the resource as a Shibboleth-protected service

Benefits of this solution:

• Eliminates the need for the organization housing the resource(s) to manage identities (e.g. account usernames/passwords), while enabling it to make informed access decisions for external users requesting access to the resource(s)
  
  

(2) Problem: You have identity records for people in your directory, but you want to add the AAMC identifier as an attribute in your system because it is a useful foreign key. You want to get the AAMC identifier authoritatively from AAMC directly..

Proposed Technical Solution: AAMC web service accepts certain demographic info about a person (e.g. provide at least 3), they return the AAMC identifier if they are able to match. Otherwise an error is returned.

Requirements:

• -

Benefits of this solution:

• Ability to utilize the AAMC identifier for non-AAMC purposes, e.g. as an aid to uniquely identify a user.

(3) Problem: You want to verify that a person is

[board certified | graduated from a US/Foreign medical school | specialty | completed residency in specialty | certified as X | *]

via a web service. If you provide their AAMC identifier can AAMC return the attributes it knows about that person, or confirm?

Proposed Technical Solutions:

1. If this is in the context of a Shibboleth exchange, subject to an Attribute Release Policy (ARP), AAMC web service accepts the AAMC identifier and returns the appropriate attributes.
2. If not in the context of a standard Shibboleth-protected web application, then offer this via a stand alone web service hosted by AAMC. The requester provides the AAMC identifier and specifies what is to be verified, and the AAMC web service responds appropriately if it is able, or returns an error.

Requirements:

• -

Benefits of this solution:

• Collecting person information from a number of sources, and uniquely resolving that to one unique individual, is often difficult to do. If each of the sources includes the AAMC Identifier, this is quite simple.