eIdentity Update

1
eIdentity Update

• October 17, 2002
• Eric Galyon
• Academic Computing and Networking Services
• etg_at_ColoState.EDU

2
Agenda

• General eIdentity Update
• eIdentity WebAuth
• Accessing and Using the Directory Data Warehouse
• Future eIdentity Initiatives

3
General eIdentity Update
4
eIdentity WebAuth
5
eIdentity WebAuth

• What is it?
• Allows Colorado State University web developers
  to use eIdentity for authentication
• Keeps eIdentity secure
• Language independent

6
eIdentity WebAuth

• How does it work?
• The eIdentity WebAuth login form is embedded on a
  web sites login page
• After eIdentity WebAuth processes the
  authentication, information is sent back to the
  originating web site

7
eIdentity WebAuth

• How does it work?

8
eIdentity WebAuth

• How do I use it?
• Create or modify your login page to call and
  embed the eIdentity WebAuth form
• Create or modify your login processing page to
  look for and process the values returned by
  eIdentity WebAuth
• Dont forget to perform your own authorization!
• Sample login page (code, web)
• Sample processing page (code)

9
eIdentity WebAuth

• How do I get access?
• Contact Eric Galyon at Academic Computing and
  Networking Services, etg_at_ColoState.EDU
• Currently, you do not need to sign up
• Note Future versions of eIdentity WebAuth will
  require web sites to be specifically registered!

10
eIdentity WebAuth

• More information
• http//www.colostate.edu/services/acns/eid/
• Eric Galyon, etg_at_ColoState.EDU

11
eIdentity WebAuth

• Questions? Comments?

12
Accessing and Using the Directory Data Warehouse
13
The Directory Data Warehouse

• What is it?
• A collection of Delphi tables and views
• A consolidated subset of information from other
  sources (Student, HR, and Associates systems)
• A bridge between information systems
• A simplified description of personal privacy
  settings
• A source for eIdentity information
• A change audit system for update propagation

14
The Directory Data Warehouse

• What is it for?
• Three main purposes
• Provide eIdentity Information
• Delivers eIdentity information to IT personnel
• Enhance Privacy
• Makes personal privacy settings easy to
  understand and respect
• Better Update Propagation
• Can enable granular update propagation instead of
  full updates of downstream systems

15
The Directory Data Warehouse

• What data is in it?
• Four general types of information
• eIdentity and linking information
• General information
• Employment information
• Student information
• Privacy information
• Change audit information

16
The Directory Data Warehouse

• eIdentity and linking information
• eNames and eID IRIDs
• Email addresses
• Links to the ISIS, HRMS, and Associates systems
• Account status flags
• Expiration and purging dates (live lag and dead
  lag)

17
The Directory Data Warehouse

• General information
• Name
• Mailing address
• Home phone

18
The Directory Data Warehouse

• Employment information
• Type of employee or associate
• Primary/secondary department
• Work titles
• Campus address
• Campus phone

19
The Directory Data Warehouse

• Student information
• Student level and classification
• Primary college/department
• Primary major

20
The Directory Data Warehouse

• Privacy information
• All privacy sensitive fields are accompanied by a
  Yes/No flag field
• Yes means the data must be kept absolutely
  private
• No means the data may be displayed
• All data, private or public, should be used
  for business purposes only and cannot be shared
  with others

21
The Directory Data Warehouse

• Change audit information
• Tracks updates, inserts and deletes of Directory
  Data
• The Directory Data is updated daily. Audit
  entries are added for any record that has
  changed.
• Audit entries only occur for individuals with
  eIdentities. People without eIdentities do not
  have audit information available.

22
The Directory Data Warehouse

• How is information consolidated?
• Only people with eIdentities are consolidated
• People without eIdentities may have multiple
  records. One for their student, one for their
  employment, and one for their associate
  information.
• The General Information source is prioritized
• 1) Employment data first, if available
• 2) Student data second, if available
• 3) Associates data last

23
The Directory Data Warehouse

• How is information consolidated continued
• Student data is available only for current
  students
• During the Fall Semester, a current student is
  anyone enrolled for the previous spring, previous
  summer, or current fall semester
• During the Spring Semester, a current student
  is anyone enrolled for the previous fall or
  current spring semester
• During the Summer Semester, a current student
  is anyone enrolled for the previous fall, current
  summer, or next spring semester

24
The Directory Data Warehouse

• How is information consolidated continued
• Employment data is based upon the persons home
  department
• If a person is both an employee and an associate,
  their associate information is added as the
  secondary employee fields
• If a person is an associate and not an employee,
  their employee type is Associate and their
  associate information is added as the primary
  fields

25
The Directory Data Warehouse
26
The Directory Data Warehouse

• What tables/views are available?
• WEID_DIR_PERSON_01
• Contains all data, public and private
• WEID_DIR_PERSON_02
• Contains only public data. eIdentities are
  included for every person even if their privacy
  settings have been enabled.
• WEID_DIR_PERSON_03
• Contains only public data. If the name privacy
  setting has been enabled, there will not be any
  record (thus no eID) for the person.
• WEID_DIR_PERSON_AUDIT_00
• Contains Update, Insert, and Delete audit
  information about Directory Data records

27
The Directory Data Warehouse

• What guidelines are there for using this data?
• Three main concerns
• Privacy issues need to be understood and
  respected.
• Email addresses should only be used as needed.
  Rely on RamMail.
• Data replicated to local systems must be updated
  regularly.

28
The Directory Data Warehouse

• How do I get access?
• Sign up form available at http//www.colostate.edu
  /services/acns/eid/
• Fill out the form and return it to the Director
  of Academic Computing and Networking Services
• Send to Linda McNamara between now and December
  31, 2002
• ACNS will route the document for additional
  approval
• You will be notified when the process is complete

29
The Directory Data Warehouse

• More information
• http//www.colostate.edu/services/acns/eid/
• Eric Galyon, etg_at_ColoState.EDU
• Vicki Johnson, johnsonv_at_lamar.colostate.edu

30
The Directory Data Warehouse

• Questions? Comments?

31
Future eIdentity Initiatives
32
Future eIdentity Initiatives

• December 2002
• Increased ePassword changing security
• January 2003
• Expiration and purging maintenance of eIdentity
  accounts
• June 2003
• eIdentity WebAuth 2.0 with additional security
  and SSO features

33
Future eIdentity Initiatives

• Kerberos authentication
• LDAP authentication
• Internet 2/NSF Middleware initiatives
• eduPerson
• DoDHE
• HEPKI/HEBCA
• Shibboleth
• WebISO

34
eIdentity Update

• October 17, 2002
• Eric Galyon
• Academic Computing and Networking Services
• etg_at_ColoState.EDU