Version: 4.0
Status: Proposed: 07/05/01
Contact: Teresa Thomas
The Virginia Community College System will create and maintain a repository that will contain information about staff, faculty, students and patrons. It will contain a minimum of a person's fullname, validation information, systems administration access fields and E-mail address. General security access controls, pseudo single sign-on and digital certificates will also be supported.
The Directory is populated from the Student Information System (SIS) Bio-demo data. The following fields are required to complete the directory insertion: EmplID, First name, Lastname, Birthdate, Type and Agency. If SSN is available, that information will also be captured.
The two primary purposes of the Directory:
Repository
The Directory will contain identifying information for all VCCS staff, faculty, students and patrons. Additionally, digital certificates, application information, and pseudo single sign-on will be supported by the Directory.
As part of the repository's role, applications or interfaces will access the directory and be able to retrieve information and/or update specific fields.
System Access and Security Management
The Directory will serve as the authorizing agent for system access. It will contain information specifying which applications and/or services a customer is authorized to access and which applications have been activated. Based on their customer status, (student, faculty, administrator, etc.) individuals will be established in the Directory eligible for appropriate default services. This information will be used to grant or deny requests for a Customer Account or access to an application.
Default customer accounts will be established upon the successful addition to the Directory. This account will allow access to SIS web, desktop client and IVR.
For applications requiring additional administrative fields and/or digital certificates those will also be stored in the Directory. Applications will utilize the common customer account and password and administer security based on that information. See the Distributed Security Model for more information on this concept.
The appropriate College Personnel, Application Administrators and IT System Engineers will be provided with a client interface required to manage and complete requests for application access. Update history information will be maintained for the client modifying a record.
Supported Applications
Pseudo Single Sign-on
In an effort to reduce the number of customer accounts and passwords required to access VCCS services, the Directory shall support Pseudo Single Sign-on. This capability enables a single customer account id and password combination to access applications that are supported by the Directory.
White Pages
General information located in the Directory will be available for real-time ad hoc search/queries. Anyone with Internet access and a web browser may access the White Pages. Staff, faculty, students and patrons may view more detailed information depending on the additional level of security within the Directory. Ferpa guidelines denote whether a record is displayed.
Email Accounts
Email servers will have the ability to have email account and password pushed from the Directory to create and/or change information on the email account. Email account names may not be changed and must be appropriate and non-offensive.
Voice Over IP
Each college may authorize the use of Voice over IP (VoIP) off-net access to on-net. This process is integrated into the Directory and uses customer information to validate the access status of the customer against stronger application security layers.
Interface Options
There are two methods to access the directory:
Online
Customers drive the process through the automated web interface. The customer may choose to customize or lookup their account information via the Customer Account Administration Manager (CAAM).
The Directory Manager (DM) desktop client is used by administrators to create accounts, lookup and/or modify existing records. This client provides for an additional layer of security.
Batch
The Directory is populated from the SIS Bio-demo data creation and modifications of the required fields.
The intent is to establish a process that will enable Human Resources, Admissions and Records and Application administrators to directly control access to Customer Accounts and applications through the Directory. It may be necessary for further administrator interaction to activate the appropriate security within an application prior to a customer actually using the service. Detailed assignment of responsibilities can be found in the Distributed Security Model.