VCCS Security, Authentication and Account Automation Project

VCCS Security, Authentication and Administrative Automation

August 31, 1999

Business Requirement:

To enhance the VCCS information security procedures, extend security-related services, and minimize the impact of system administration on college and System Office staff.

Objective:

To define and develop a standard technical framework that can support the business requirements and any future e-commerce requirements.

This project at completion will provide a Federated Architecture that set forth a standard mechanism for automating standard system administrative tasks while providing strong authentication services into the VCCS Intranet. The resulting products will be capable of supporting future distance learning applications, standard business workflow and application automation requirements. Authorized customers will be empowered to access VCCS applications and services anytime and from any desktop with access to the Internet.

It is the ultimate goal of this project to use the capabilities of the message broker platform to service security and application requests between disparate systems through the enterprise.

Applicability:

All authorized VCCS students, staff and patrons requiring access to applications and services supported by the VCCS or an individual college.

Scope:

This project seeks to define a "people" directory that will contain customer information such as name, application authorization, customer type, assigned location, e-mail name, customer id, validation and history fields. This directory also contains authentication fields, which are used to validate the customer as part of the VCCS. The email address, location and customer name fields in the directory can be used as search arguments to retrieve the related customer data and displayed in the format of a "white page" address book. The white page application is web-based and is accessible from any desktop with Internet access.

Once a person is authorized and is validated as a VCCS customer, a self-actuated customer id and password may be used to gain access to all applications and services that have been automated.

Project Overview - Phase 1

The Directory and Security Models have matured into a tightly coupled, enterprise capable platform. This project enhances previously developed customer based web applications, and x.500 search and repository directory.

The new customer web interface(s) (Customer Account Administrative Manager – CAAM) will communicate with the Oracle People directory for authentication and general information about a person. The directory also will store what applications and services they are authorized to use, and/or have activated.

Application authorization will be completed through automated execution of college business rules. A secured Directory Administrative Manager (DAM) client may be used when business rules are not available or do not apply. Depending on the state of the authorization flags, supporting automated applications shall react accordingly.

The Directory, CAAM, DAM and automated applications will use the Message Broker technology to exchange information at the application layer of the OSI model. This allows future applications that provide a standard API interface the capability to exchange information with other applications.

Functions Supported:

Define and populate People Directory with required data.

Create and change Customer Identification (Pseudo Single-SignOn) and Email account Management (CAAM)

Update Application Authorization (DAM)

Create and delete PeopleSoft (PS) login information with Customer ID, Password (ActiveSW – ASW)

Assign PeopleSoft (PS) security classes to authorized customers. (ActiveSW - ASW)

Add and update N-PLEX mail server(s) - ASW

Provide web access to the People Directory generating an on-line white page address book for e-mail.

People Directory

The Directory will contain the following default entries for each VCCS staff, faculty, student or patron entry:

Full name
College
Birth month, day and last 4 digits of SSN
Automatic access to email and Viva
Expiration date for Email set based on business rules
No access for other VCCS applications and services
Social security number

Directory Administrative Manager (DAM)

A secured, user friendly windows-based client will be created to update the Directory information. This secure client interface allows a college administrator to over-ride the automated business rules controlling the authorization process and manually update any individual access.

Customer Account Administrative Manager (CAAM)

This web-based interface allows all VCCS customers to validate their account information and activate a personalized, unique and appropriate customer id, password and pin#. Their electronic mail account may also be created and updated as required.

The Customer ID, password and PS specific information store in the Directory will be automatically passed to the PeopleSoft security tables to create or change the login information.

White Pages

A web interface will display public e-mail information retrieved from the directory.

Process Flow for VCCS Authentication and Directory Services

Project Overview –Phase 2

This phase of the project completes the Authentication and Directory Services Infrastructure requirements. The focus of this phase is to automate supporting applications to update and use the directory for authorization and access.

Functions Supported:

Automate information batch loading from legacy systems to People Directory.

Real time data entered into PeopleSoft will update the People Directory.

Automate the creation of student email distribution lists.

Create administrative interface(s) for supporting e-mail server and vanity tables.

Provide strong authentication through digital certificates for secure applications.

Create secure infrastructure (SSL, VPN) for CAAM and future web-based applications.

Secure confidential or sensitive data in directory.