User Tools

Site Tools


middleware:devel:ed:dat

Directory Administration Tool

Author Daniel Fisher
Date 2005/09/02
Updated by Catherine Winfrey
Date 2008/08/05

Requirements

Problem Statements

  • The Enterprise Directory system does not have a unified management console. This system consists of
    • ED-Lite,
    • ED-Auth,
    • ED-ID,
    • the Registry, and
    • other systems

Definitions

  • UID - the unique identifier for a record in the Registry
  • authID - the identifying string assigned to a Person record in the Registry, which is either
    • GuestID for a Guest Person, or
    • UUPID for all other Person Types
  • UUGID - the identifying string assigned to a Group record in the Registry
  • UUSID - the identifying string assigned to a Service record in the Registry

Functional Requirements

Note: All management functions are initiated by performing a query and selecting one record to manage.
Note: Unless otherwise stated, a management function for updating a field should support deleting the value because the field is not required.

Entitlements

Query Requirements

All queries retrieve from the Registry.

  1. Ability to query using any combination of the following fields in a single search:
    • Entitlement UID
    • Entitlement Data (allow wildcards)
    • Entitled Person
    • Sponsoring Person
    • Owning Service
  2. Ability to display a list of the search result(s) containing the following fields for each match:
    • Entitlement Data
    • Entitled Person
    • Sponsoring Person
  3. Ability to select a single result from the search results list and display a summary screen containing the following fields:
    • Entitlement UID
    • Entitlement Data
    • Entitled Person
    • Service Viewer(s)
    • Person Member
    • Creation Date
Creation Requirements
  1. Ability to create a new Entitlement with the following data:
    • Entitlement Data
    • Owning Service
    • Entitled Person
    • Sponsoring Person
Management Requirements
  • Entitlement Information
    1. Ability to change the expiration date
      • Required once an expiration date is added.
    2. Ability to change the Service Viewer(s)
      • Support multiple service viewers.
  • Entitlement Delete
    1. Ability to delete the Entitlement
      • Bypass the normal expiration schedule.
  • Entitlement Replication
    1. Ability to force an enqueue of the Entitlement record for replication
    2. Ability to set the priority for the replication

Groups

Query Requirements

All queries retrieve from the Registry.

  1. Ability to query using any combination of the following fields in a single search:
    • UUGID
    • Contact Person
    • Administrator
    • Person Member
  2. Ability to display a list of the search result(s) containing the following fields for each match:
    • UUGID
    • Contact Person(s)
    • Administrator(s)
  3. Ability to select a single result from the search results list and display a summary screen containing the following fields:
    • UUGID
    • Display Name
    • E-mail Address
    • Contact Person(s)
    • Administrator(s)
    • Person Member(s)
    • Group Member(s)
    • Service Viewer(s)
    • Suppress Display Preference
    • Creation Date
    • Expiration Date
Creation Requirements
  1. Ability to create a new Group with the following data:
    • UUGID
    • Contact Person authID
      • Allow single contact person during create processing.
      • Additional contact persons can be added via group management.
    • Administrator authID
      • Allow single administrator during create processing.
      • Additional administrators can be added via group management.
Management Requirements
  • Group Information
    1. Ability to set the suppress display preference
      • Required
    2. Ability to set the suppress members preference
      • Required
    3. Ability to set the expiration date
      • Required
    4. Ability to set the display name
    5. Ability to set the e-mail address
  • Related Person(s)
    1. Ability to change the contact person(s)
      • At least one contact person must exist.
      • Support multiple contact persons.
      • Allow any Person with an authID.
    2. Ability to change the Person administrator(s)
      • At least one administrator must exist.
      • Support multiple administrators.
      • Allow any Person with an authID.
    3. Ability to change the Person Manager(s)
      • Support multiple managers.
      • Allow any Person with an authID.
    4. Ability to change the Person Member(s)
      • Support multiple members.
      • Allow any Person with an authID.
  • Related Group(s)
    1. Ability to change the Group Member(s)
      • Support multiple members.
  • Related Service(s)
    1. Ability to change the Service viewer(s)
      • Support multiple viewers.
    2. Ability to change the Service administrator(s)
      • Support multiple administrators.
    3. Ability to change the Service Manager(s)
      • Support multiple managers.
  • Group Delete
    1. Ability to delete the Group
      • Bypass the normal expiration schedule.
  • Group Replication
    1. Ability to force an enqueue of the Group record for replication
    2. Ability to set the priority for the replication

Name Arbitration

Query Requirements

All queries retrieve from the Registry.

  1. Ability to query using any combination of the following fields in a single search:
    • Name(allow wildcards)
    • Namespace
  2. Ability to display a list of the search result(s) containing the following fields for each match:
    • DN
    • Data source
  3. Ability to select a single Permanent Reservation result from the search results list and display a summary screen containing the following fields:
    • Reservation Type
    • Namespace
    • Name
    • DN
    • Reservation state
    • Comments
    • Creation Date
  4. Ability to select a single Temporary Reservation result from the search results list and display a summary screen containing the following fields:
    • Reservation Type
    • Namespace
    • Name
    • DN
    • Reservation handle
    • Creation Date
    • Expiration Date
Creation Requirements
  1. Ability to create a new Permanent Reservation with the following data:
    • Name
    • Namespace
    • Reservation State
    • Comments
  2. Ability to create a new Temporary Reservation with the following data:
    • Name
    • Namespace
    • Reservation Duration
Management Requirements
  • Name Information
    • Permanent Reservation
      1. Ability to change the reservation state
        • Required.
      2. Ability to change the comments
    • Temporary Reservation
      1. Ability to change the expiration date
        • Support date entry that includes minutes.
        • Required.
  • Reservation Delete
    1. Ability to delete the Name Reservation
      • Bypass the normal expiration schedule.

People

Query Requirements

All queries retrieve from the Registry.

  1. Ability to query using any combination of the following fields in a single search:
    • authID (allow wildcards)
    • VT E-mail address (allow wildcards)
      • primary address
      • alias
      • forward
      • display
    • Virginia Tech ID
    • SSN
    • Banner PIDM
    • Responsible Person UID
    • Person UID
    • First name (allow wildcards)
    • Last name (allow wildcards)
  2. Ability to display a list of the search result(s) containing the following fields for each match:
    • Person UID
    • authID
    • Name
    • VT Affiliations
  3. Ability to select a single result from the search results list and display a summary screen containing the following fields:

Note: If the Person account is surpressed, a warning message about proper handling of confidential information must be displayed both before navigating to the summary screen and on the summary screen itself. Acknowledgement is required before each navigation to the summary screen.

  • all Person Types
    • Identify Information
      • Name(s)
      • authID
      • Person UID
      • Birth Date
      • VT Affiliations
    • authID Information
      • Account State
      • Account Transition
      • Account Suppression
      • Account Creation Date
      • Account Expiration Date
      • Account Shelve Date
      • Password Expiration Date
      • Information on latest user actions
        • Password Change Date
        • Authentication From
        • Successful Authentication Date
        • Failed Authentication Date
      • Number of failed authentication attempts
    • Home Information
      • Address
      • Phone Number
    • Entitlement Membership
    • Group Membership
  • non-Guest Person Types - all Person Types information +
    • VT E-mail Account Information
      • Preferred Address
      • Address
      • Display Address
      • Aliases
      • Forwards
      • Local Delivery Preference
      • Junk Mail Management Preference
      • Creation Date
      • Last Modification Date
      • Expiration Notification Date
      • Expiration Date
  • employee - all Person Types information + non-Guest Person Types information +
    • Identity Information
      • Virginia Tech ID
      • Banner PIDM
    • Employee Information
      • Working Title
      • Department
      • Office Information
        • Address
        • Phone Number
        • Mail Stop
  • student - all Person Types information + non-Guest Person Types information +
    • Identity Information
      • Virginia Tech ID
      • Banner PIDM
    • Student Information
      • Last Enrollment Information
        • Major
        • College
        • Campus
        • Term
      • Next Enrollment Term
      • Local Information
        • Address
        • Phone Number
        • Mail Stop
  • Sponsored Person - all Person Types information + non-Guest Person Types information +
    • Responsible Person UID
  • Guest Person - all Person Types information plus
    • Responsible Person UID
Creation Requirements
  1. Ability to create a new Sponsored Person with the following data:
    • First Name
    • Middle Name
    • Last Name
    • SSN
    • Date of Birth
    • Responsible Person UUPID
    • VT Affiliations
  2. Ability to create a new Guest Person with the following data:
    • E-mail address (3rd party)
    • E-mail content for guest invitation
    • Responsible Person UUPID
Management Requirements

Note: Unless otherwise stated, a management function is supported for all Person Types.

  • Overall
    1. Updates to Person record data must be logged, including at least:
      • UID of person invoking the management function
      • UID of the Person record being managed
      • Type of update
  • UUPID
    1. Ability to assign a UUPID
      • Does not apply to Guest person.
      • Person record must not have a UUPID already.
      • UUPID choices must include
        • a set of generated choices, which have been reserved using the Name Arbiter, and
        • user-entered choice.
      • Selected UUPID must be reserved using the Name Arbiter before creation.
      • A temporary password, which need not obey the PID password requirements, must be assigned at Account creation time.
    2. Ability to rename a UUPID
      • Does not apply to Guest Person.
      • VT primary email account must not exist for the selected Person record.
  • authID
    1. Ability to change the shelve date.
      • Account state must be Active or Locked.
      • Allow add and update.
      • Deletion of existing shelve date is not supported.
    2. Ability to change the state of the Account based on the rules in the account state management document.
      • Account state is required.
    3. Ability to delete the Account
      • Account must be in a state supporting deletion.
  • Password (Allow password management for all Person Types with an authID assigned)
    1. Ability to reset the password
      • Account state must be //Active//.
      • Temporary password need not obey the PID password requirements.
      • Password is required.
    2. Ability to unlock the password.
  • Person Information (Does not apply to VT Person Type)
    1. Ability to change the name information
      • First name, middle name, and last name
      • Last name is required once name information is added.
    2. Ability to change the SSN
    3. Ability to change the date of birth
      • Required once a date of birth is added.
    4. Ability to change the VT Affiliations
    5. Ability to change the Responsible Person
  • Address (Does not apply to VT Person Type)
    1. Ability to manage all types of addresses
    2. Ability to change, for all address types
      • Street 1
      • Street 2
      • Street 3
      • PO Box
      • Mail Stop
      • City
      • State / Province
      • Postal Code
      • Country
      • Primary phone number
  • E-mail (Does not apply to Guest Person Type)
    1. Ability to create a new e-mail account of type
      • Virginia Tech
        • Allow at most one per Person.
        • Person must have an assigned UUPID in //Active// state.
        • E-mail address local part must be the UUPID.
        • E-mail address domain must be @vt.edu.
      • Administrative
        • Allow multiple per Person.
        • Person authId not required.
        • E-mail address domain must be @vt.edu.
      • Forward-Only
        • Allow multiple per Person.
        • Person authId not required.
        • E-mail address domain must be @vt.edu.
    2. Ability to change, for all e-mail account types
      • Aliases
        • E-mail account must be in active or expired state.
        • Supported modifications include
          • add / delete aliases
          • set maximum number of aliases
      • Forwards
        • E-mail account must be in active or expired state.
        • Supported modifications include
          • add / delete forwards
          • set maximum number of forwards
      • Junk Mail Preference
        • Required
      • Local Delivery Preference
        • Required
    3. Ability to change, for Virginia Tech e-mail account only
      • Preferred e-mail address
      • Display e-mail address
    4. Ability to change the state of all e-mail account types
      • For Account state of //Active or Locked//
        • expire e-mail account
        • delete e-mail account
        • purge e-mail account
      • For Account state of //Active//
        • renew non-active e-mail account
  • Person Delete
    1. Ability to delete the Person
      • Bypass the normal account transitions and deletion schedule.
  • Person Replication
    1. Ability to force an enqueue of the Person record for replication
    2. Ability to set the priority for the replication

Services

Query Requirements

All queries retrieve from the Registry.

  1. Ability to query using any combination of the following fields in a single search:
    • UUSID (allow wildcards)
    • Contact Person
    • Administrator
    • Viewable Attribute
  2. Ability to display a list of the search result(s) containing the following fields for each match:
    • UUSID
    • Contact Person(s)
    • Administrator(s)
  3. Ability to select a single result from the search results list and display a summary screen containing the following fields:
    • UUSID
    • Account State
    • Creation Date
    • Expiration Date
    • Service Type
    • Contact Person(s)
    • Administrator(s)
    • Viewable Person Attribute(s)
Creation Requirements
  1. Ability to create a new Service with the following data:
    • Service Certificate
      • Valid certificate issued by the Middleware Client CA is required.
      • UUSID of the Service is determined by the subject CN of the certificate.
      • Expiration Date of the Service is determined from the expiration date of the certificate.
    • Contact Person authID
      • Allow single contact person during create processing.
      • Additional contact persons can be added via service management.
    • Administrator authID
      • Allow multiple administrators during create processing.
    • Service Type
    • Viewable Person Attributes
Management Requirements
  • Service Information
    1. Ability to set the service account state
      • Required
    2. Ability to set the service type
      • Required
  • Contacts and Administrators
    1. Ability to change the contact person(s)
      • At least one contact person must exist.
      • Support multiple contact persons.
      • Allow any Person with an authID.
    2. Ability to change the Administrator(s)
      • At least one administrator must exist.
      • Support multiple administrators.
      • Allow any Person with an authID.
  • Viewable Person Attributes
    1. Ability to add and remove attribute(s)
      • Service can have no attributes.
  • Service Certificate
    1. Ability to add and remove certificate(s).
      • At least one certificate must exist.
      • Support multiple certificates, which must have the same subject CN.
  • Service Delete
    1. Ability to delete the Service
      • Bypass the normal expiration schedule.
  • Service Replication
    1. Ability to force an enqueue of the Service record for replication
    2. Ability to set the priority for the replication

Access Control Requirements

  1. Ability to control access to each piece of functionality in these requirements.

Nonfunctional Requirements

  1. Must be written as a clustered web application.

Development Environment

Should follow Middleware recommendations for development in the Struts framework.

Comments

middleware/devel/ed/dat.txt · Last modified: 2015/06/01 12:02 (external edit)