VCCS Security, Authentication and Account Automation Project

Technology Guidelines

Customer ID and Application Request Guideline

Version 3.0

Status: Proposed 7/10/01

Purpose:

This guideline provides the colleges with a detailed description of the customer driven account management system. This interface is supported by a messaging based platform to perform automated application account creation, facilitate password changes, lookup information, and to determine application access privileges granted.

Scope:

All VCCS students, staff, faculty and patrons will have access to the system to initiate customer account and application request activation directly from a web browser without direct administrator involvement. Account access will be based on pre-approved authorization via business rules and/or a college appointed administrator.

Applicability:

This guideline is applicable to all admitted students, staff, faculty, and approved patrons using applications and/or services within the VCCS.

Definition

The Directory and Security Models have matured into a tightly coupled, enterprise capable platform. The strategy is to provide students, staff, faculty and approved patrons the ability to self-enable customer id which may be used to access controlled and secured areas of the VCCS Intranet.

A patron is an individual or organization working on a project or partnership benefiting a community college as determined by the Chancellor or President. The Chancellor or President may delegate this role, but not the responsibility for the actions of an approved patron.

-------------------------------------------------------------------------------------------------

Guideline

All VCCS customers requiring access to VCCS Intranet services and/or applications will be required to obtain a customer id, password and create a related PIN#.

The customer will be able to access the web interface from any place, or time and provide information requested to create an appropriate id, password and PIN#. The messaging technology (message broker) passes the validation information from web to the Oracle People directory for authentication and for a validation check. If the customer is valid, the system then confirms what applications and services the customer is authorized to use, and/or have currently activated.

If the customer receives validation errors, the college appointed administrator and/or the utility must be contacted to update and/or correct validation information. This validation information is gleaned from existing student information system.

When the customer is not authorized to use a service, the college administrator and/or utility personnel will need to forward the request to the appropriate business unit personnel having the authority to grant the required access..

The Directory and the related applications will use the Message Broker to exchange information at the application layer of the OSI model. Thus any application providing a standard API interface may exchange information with other applications.

It is the ultimate goal of the project to use the capabilities of the message broker platform to service security and application requests between disparate systems through the enterprise.

Functions Supported:

Create Customer Identification and password. (Pseudo Single-SignOn)

Change Customer password and PIN#.

Review and update Application Authorization.

Change Student Information System(SIS) class and delete SIS login.

Create N-PLEX mail server(s) account id and password.

Provide web access to People Directory Services.

Look up EmplID assigned by SIS.

Directory Manager (DM)

This secure desktop client interface allows a college to authorize and remove customer’s access to services and applications. This tool may also be used for customer support.

Customer Account Administrative Manager (CAAM)

The web based interface that allows customers to validate themselves and activate a personal customer id, password and pin number. The first application services integrated and available for authorization/activation using the message broker concept are PeopleSoft Student Information System login, electronic mail and viva.

Both Customer ID and Electronic Mail Account names must be appropriate, unique, and permit changes. Some of this information will be stored in the directory for future authentication.

Error checking will notify customer of duplicate or pre-existing customer id and email accounts, inappropriate account names, invalid characters, and missing fields on entry.

Upon successful creation of customer and/or email account the browser will display message of the successful creation and server information to configure email client. (acct name, password and email server)

To change an account password or PIN#, the customer will re-enter validation information, old account name, password or old PIN# with new password or PIN# designated.

An option to lookup SIS Emplid is available when the customer supplies their full name and either SSN# or PIN#.

White Pages

A web interface provides a way to search for public email information from the directory.