Technology Guidelines

Directory

Version: 3.0
Status: Proposed: 11/29/00
Contact: Teresa Thomas

Purpose

To implement a Directory Services infrastructure that supports automated customer driven web interfaces, applications and services across the VCCS.

System Features

• The Directory shall serve as a repository of information about the staff, faculty, students and patrons of the VCCS community.  This information repository will provide Internet and VCCS Intranet customers a mechanism to create, update and delete customer account and application access and supporting information.

• In total the Directory shall accommodate approximately 250,000-350,000 customer records.

• The Directory shall be capable of storing photographs of members.

• The Directory shall be capable of storing descriptive information for each application or service available to customers.

• At a minimum the Directory shall include the following information for each member :
  • Member's name
  • Validation information
  • Email address
  • College
  • Position (Student, Faculty, Administrator, Public)
  • Default application flags
  • Supporting application fields

• Administrators will have the ability to insert and update information online from a client application.

• The Directory shall allow batch processes from existing databases and/or applications   to insert and update related information.

• The Directory shall provide the information required to access and track requests for Customer Account and applications authorization requests.  In addition to specific access authorization information, the Directory will support:
  • Submitting a request for a Customer Account and Password via the Internet
  • Submitting a request for application access via the Internet
  • Managing application access request fulfillment
  • Provide current application access status
  • Maintain application access history/audit information

• The Directory security must ensure that Administrators will have update capabilities only to their college information.

• The Directory shall provide a facility for ad hoc reporting.

Integration Features of Directory

• The Directory shall have a Web screen interface allowing customers to request a Customer Account from anywhere a web browser is available. This interface shall incorporate logic which limits the Customer's access to the Directory for this purpose only.
• The Directory shall have a Web screen interface allowing customers possessing a Customer Account to request access to an application. The Web interface shall be capable of immediately authorizing, screening (for appropriateness) and satisfying request for Customer Account and Email accounts. It shall log all access request which can not be satisfied immediately in a file accessible to application administrators and Information Technology Engineers (IT).
• The Directory shall allow VCCS administrators on-line query/update capabilities. These screens will provide administrators with the ability to review and update the status of customer information as needed.
• The Directory can be loaded by batch or automated updates from the Personnel and student information extracted from PMIS/HR and SIS. 
• Log all necessary audit information.
• Incorporate logic insuring Directory updates are committed on 'date last updated' logic to insure the accuracy of Directory information.
• Directory must support Public Key Infrastructure encryption standard.
• Directory must support Digital certificates based on X.509 industry standard.
• Directory must support application program interface (API) or LDAP data interchange format (LDIF)
• Integration toolkits for current and future applications is required.
• Management tools must be available to manage all access activities within the overall concept.
• Events triggered by customer or administrative actions should automatically update all applications affected by event.
• Secure Sockets Layer (SSL) version 3.x security for web based interfaces is required where sensitive information is being entered or requested.
• Multiple application data formats and transformation between different data sources must be supported.  ie.  Transformation from old application data codes into new application codes.
• The concept must support existing interfaces running on mainframe.  (IMS, CICS)

 

 

Supported Applications

General information will be available from the World Wide Web via an Oracle application.  These "white pages" will contain a minimum of fullname, location and email address. Any changes to applications updating the white pages will be automatically sychronized with the Directory or supporting application.   Displaying of a person's information is based on FERPA requirements.

Customer account and password may be created to gain access to the VCCS "doorway" to applications and services supported by Directory Services.   The account information is propagated, if authorized, to SIS to allow immediate logon to PeopleSoft Tools and web services.  Once an account is created, a PIN# is also created for future identification for other services requested by the customer.   Account names may not be changed and follows application guidelines for creation.

Email servers will have the ability to have email account and password pushed from the Directory to create and/or change information on the email account.  Email account names may not be changed and must be appropriate and non-offensive. 

Each college may authorize the use of Voice over IP (VoIP) off-net access to on-net.  This process is integrated into the Directory and uses customer information to validate the access status of the customer against stronger application security layers.

Interface

The online Directory Manager (DM) is an application which will allow for real-time access to Directory for on-line inserts and updates. 

The Customer Account Administrative Manger (CAAM) is a web based application that should be available from any current browser.  The CAAM allows a customer to create a customer account & PIN number, email account, change customer and email password and request additional services that are added in the future.  See CAAM specification for details.

Environment

• The Directory and supported applications shall operate on NT and UNIX platforms.
• Mainframe CICS and IMS applications shall also be supported in the concept.
• The Directory shall operate in a TCP/IP network environment.
• The Directory shall be developed using relational database technology.

 

---

Return to Guidelines