Date:
Original
___ Rev ___
Approved
by:
Richard
L. Byyny, M.D.
Chancellor
Author:
Distribution: Deans, Directors, Department Heads
A. Rationale and Purpose of Policy:
The University of Colorado at Boulder (CU-Boulder) Enterprise Directory is a trusted and authoritative data source for CU-Boulder resources. As an Enterprise Directory, it is used by a variety of authorized, independent system applications and services; enables relationships within and between communities, system applications and services; and seeks to resolve discrepancies in information between these communities, systems, and services. This policy sets guidelines for the consistent use of the Directory and addresses the issues of inclusion definitions, source definitions, and uses in order to insure an accurate, secure, and functional enterprise Directory.
B. Policy and Scope
The Directory policy provides guidelines about the following aspects of CU-Boulder Directory:
· Directory governance
· Directory inclusion (categories of people who will be included in the CU-Boulder Directory);
· Official data sources (the information systems from which the Directory will extract its data, create entries, and update entries, and upon which it will base its reconciliation);
· Directory uses (privacy requirements; who may have authenticated access to the Directory; who may pull data from the directory and for what purposes; and who must use the Directory).
C. Definitions
The Directory and its policies, operation and evolution will be overseen by the Directory Governance Board (DGB). This Board will be an outgrowth of the Directory Services Project Steering Team and will include representatives of the Boulder Campus and the CU System and of each major constituency represented by the Directory (i.e., students, faculty, staff, and Information Technology Services). As the Directory expands its constituency base, so, too, will the Board expand its representation.
The following categories
of CU-Boulder and CU System Office people will be included in the CU-Boulder
Directory. Status determination and/or
affiliation duration are included as definitional items of each.
· Current Staff and Faculty – current appointment in the Human Resources System
· Current Student – registered for current term or on time out status with future expected return date
· Continuing Education students – currently registered
· Retiree – as determined by classification in the Human Resources system
· Surviving Spouse – as determined by classification in the Human Resources system
· Formal Affiliates – as approved for inclusion by the Directory Governance Board (such as Regents and members of the CU Foundation)
· Libraries Public Patrons – as determined by a public patron entry in the Libraries database
· Sponsored Affiliates – i.e., individuals not affiliated with the CU-Boulder, but involved with activities directly associated with CU-Boulder functions. When requesting or renewing an affiliation, a current full-time faculty or staff member must identify him or herself as the sponsor or contact related to the individual’s University activities. This “sponsor” will provide information describing his or her relationship to the individual and outlining the individual’s affiliation/benefit to CU-Boulder, including the amount of time the sponsorship will be in effect. Both the sponsor and the affiliate will affirm (through written consent) their understanding of their responsibilities related to the use of University resources. Examples of Sponsored Affiliates include visiting researchers, some vendors and contractors, and some conference attendees.
Additional groups (such as future students, former students, alumni and executive boards) may be added at the discretion of the Directory Governance Board. Inclusion parameters must include an affiliation definition and affiliation duration.
Affiliates listed above will be included in the directory for service authorization privileges as appropriate and/or for visible association with CU-Boulder. Affiliation-specific services and visibility will be determined by the Directory Governance Board in accordance with university policy. Regarding visibility in particular, students may elect to shield their public visibility according to the Family Educational Rights and Privacy Act. Faculty and Staff’s association with the university is public information as defined by the Colorado Open Records Act.
Sources
Directory data is populated from the following sources:
· Human Resources System (HR) – for current faculty, staff, retirees, and surviving spouses
· Student Information System (SIS) – for current or “save” students and current Continuing Education students
· Unix Unique Account System (Uniquid) – for current Unix account holders
· Identification Card System (BuffOne Card) – for the ID Cardholder’s ISO number, conference attendees and vendors/contractors
· Libraries System – for public patrons
· Telecommunications Management System (Telecomm) – for faculty/staff office numbers (building and room)
· Faculty Information System (FIS) – for faculty-specific information such as degrees and research
· Housing Resident Management System – housing resident identification
· Authenticated manual entry – for formal and sponsored affiliates and for a limited number of self-maintained attributes. All manually entered information must adhere to the University’s responsible conduct laws and policies.
It
is the responsibility of source system owners to participate in the effort to successfully
integrate the Directory’s data. Source
system owners are also responsible for ensuring timely availability of source
data to the Directory. It is the job of
the Directory Services’ technical support team to gather enterprise-wide
requirements for the directory-dependent applications and for the campus’
Information Technology infrastructure and to develop a working strategy to meet
all requirements.
Create
rights
Directory
entries may be created by any of the following sources and only the following
sources: HR, SIS, Uniquid, BuffOne
Card, Libraries, and authenticated manual entry sources.
Update
rights
Appropriate
attributes within Directory entries may be updated by the following
sources: HR, SIS, BuffOne Card,
Uniquid, Libraries, Telecomm, Faculty Information System and authenticated
manual entry (including self update of specific attributes for the individual).
Reconciliation procedures
Directory
update processes will flag conflicting data (such as mismatches of identifiers,
name, and date of birth). The Directory
Operations Manager will report these mismatches to source system owners for
reconciliation. Corrected Corrected data must be posted
through the source system for subsequent entry into the Directory.
Privacy Statement
The
Directory will reflect privacy standards as defined by federal, state, and
university laws and regulations. The
Directory Governance Board will review these laws and regulations on a yearly
basis with input from relevant campus units (e.g., Legal Counsel).
Access Privileges
Anonymous
access (i.e., access which does not require user authentication) for all public
Directory information will be available to any desktop client (for example, via
white pages or address books).
Access
required by services/systems that are dependent upon the Directory must be
approved by the Directory Governance Board and formalized by Service Level
Agreements specific to the service or system requesting authenticated access.
Mandatory Directory Usage
All
CU-Boulder campus-specific systems implemented after the advent of the
Directory must be directory-enabled if affiliation-check, authorization or
enterprise data is required by the newly implemented campus system. “Directory enablement” means using the Directory
for determining affiliation, authentication, authorization, or for data
reference.
D. Procedures
These policies will be
reviewed by the Directory Governance Board monthly during the first year of the
Directory’s existence and at least yearly thereafter. Changes will be authorized by the approval of the DGB, the
Information Technology Council, and/or the Chancellor’s Executive
Committee. Significant extensions to
the Directory (for example, extending the Directory to include additional
campuses) will also initiate a review of the policy.
Policy compliance will
be enforced throughout the University of Colorado at Boulder campus by
Information Technology Services(ITS) in collaboration with the Office of the
Associate Vice Chancellor for Academic and Campus Technology (AVCACT). Requests for exceptions will be reviewed by
the DGB, which will communicate exceptions and/or policy changes regularly to
ITS and the Office of the AVCACT.
E. References
This policy complies with the guidelines as found in:
· Family Educational Rights and Privacy Act: http://registrar.colorado.edu/FacStaff/privacy.htm
· Colorado Open Records Act (C.R.S. 24-72-201)
· University of Colorado at Boulder Information Technology Services, Access and Authorization Policy
·
University of Colorado Laws and Policies:
http://www.cu.edu/Pres_Ofc/Policies/
http://www.cu.edu/regents/LawsPolicies/
· University Computing Use Responsibilities: http://www.Colorado.EDU/its/docs/responsibilities.html
F. Responsible Organization
Information Technology
Services in collaboration with the Office of the Associate Vice Chancellor for
Academic and Campus Technology will be responsible for the maintenance and
enforcement of this policy.
Appendix A – Best Practices
1. Directory
Services – Registry Data Requiring Mutual Oversight
(http://www.Colorado.EDU/committees/DirectoryServices/)
2. Internet 2 – Middleware (www.internet2.edu)
3. The Burton Group, Network Strategy Services (www.tbg.com)