SIS Authentication/Security Model

Technology Models

Student Information System (SIS) Authentication/Security Model

Version: 2.0
Status: Approved: 11/16/99
Contact: Teresa B. Thomas or Lourdes F. Lunsford

Purpose

The purpose of this model is to define the process that will be used to provide customer authentication and security services.

Scope

This model covers the process by which the customer's identity will be verified and access to the application will be managed. The model also defines the security administration process.

Applicability

This model is applicable to all students, faculty and staff requiring access to the VCCS Student Information System.

Model

Authentication

The VCCS distributed security model classifies the Student Information System (SIS) as an application requiring the highest defined security level. This security level is reserved for applications like the SIS that contains restricted or sensitive information. All customers are required to have a valid Customer Id and password to gain access to the SIS application. The VCCS will require an additional level of authentication for selected customer classifications.

The basic authentication service for SIS will verify the customer's identity in two ways. The first check is to ensure the customers supplied a valid customer id and password. The second check is made to confirm that the access is being made from a valid PeopleSoft client.

A third level of authentication will be invoked as necessary to further verify the customer's identity. This optional level of authentication will be driven by the application security classification assigned to the individual customer.

Security

Security roles will be used to govern customer access to functions provided in the VCCS SIS. These roles will be pre-defined by the SIS Steering Committee and stored in the application security tables. The appropriate college administrator will be able to update customer records defined in the Global Directory and assign them to one or more security roles that will also be stored in the same Directory. The Directory will also contain information such as the customer's name, college location, and a list of other applications to which the customer has been granted access. The Directory will be automatically populated with customer records using the Message Broker and pre-defined business rules.

Figures 1 and 2 below represent a graphical overview of the key processes. The model supports access from both a web based-client and from Windows XP. Customers assigned to certain security roles will also be required to use digital certificates to further verify their identify before being granted access to selective application functions.

Figure 1 - Security Process for Windows XP Based Client:

Figure 2 - Security Process for Web-Based Clients:

This model also provides sufficient flexibility to allow for an additional level of authentication and/or security as required by supporting the deployment of firewall (s), digital certificates and other security platforms.

Return to Technology Models