Back to Directory Administration Tool Documentation

Software Requirements

Author Last Updated
Erdem Memisyazici 2016/03/16

Problem Statements

  • The Enterprise Directory system does not have a unified management console. This system consists of:
    • ED-Lite,
    • ED-Auth,
    • ED-ID,
    • the Registry, and
    • other systems

Definitions

  • UID
    • the unique identifier for a record in the Registry
  • authID
    • the identifying string assigned to a Person record in the Registry, which is either
      • GuestID for a Guest Person, or
      • UUPID for all other Person Types
  • UUGID
    • the identifying string assigned to a Group record in the Registry
  • UUSID
    • the identifying string assigned to a Service record in the Registry
  • UUMID
    • the identifying string assigned to an Email account in the Registry

Functional Requirements

Note: All management functions are initiated by performing a query and selecting one record to manage.

Note: Unless otherwise stated, a management function for updating a field should support deleting the value because the field is not required.

Entitlements

Query Requirements

All queries retrieve from the Registry.

  • Ability to query using any combination of the following fields in a single search:
    • Entitlement UID
    • Entitlement Data (allow wildcards)
    • Entitled Person
    • Sponsoring Person
    • Owning Service
  • Ability to display a list of the search result(s) containing the following fields for each match:
    • Entitlement Data
    • Entitled Person
    • Sponsoring Person
  • Ability to select a single result from the search results list and display a summary screen containing the following fields:
    • Entitlement UID
    • Entitlement Data
    • Entitled Person
    • Service Viewer(s)
    • Person Member
    • Creation Date

Creation Requirements

  • Ability to create a new Entitlement with the following data:
    • Entitlement Data
    • Owning Service
    • Entitled Person
    • Sponsoring Person

Management Requirements

  • Entitlement Information
    • Ability to change the expiration date
  • Required once an expiration date is added.
    • Ability to change the Service Viewer(s)
  • Support multiple service viewers.
  • Entitlement Delete
    • Ability to delete the Entitlement
  • Bypass the normal expiration schedule.
  • Entitlement Replication
    • Ability to force an enqueue of the Entitlement record for replication
    • Ability to set the priority for the replication

Groups

Query Requirements

All queries retrieve from the Registry.

  • Ability to query using any combination of the following fields in a single search:
    • UUGID
    • Contact Person
    • Administrator
    • Person Member
  • Ability to display a list of the search result(s) containing the following fields for each match:
    • UUGID
    • Contact Person(s)
    • Administrator(s)
  • Ability to select a single result from the search results list and display a summary screen containing the following fields:
    • UUGID
    • Display Name
    • E-mail Address
    • Contact Person(s)
    • Administrator(s)
    • Person Member(s)
    • Group Member(s)
    • Service Viewer(s)
    • Suppress Display Preference
    • Creation Date
    • Expiration Date

Creation Requirements

  • Ability to create a new Group with the following data:
    • UUGID
    • Contact Person authID
  • Allow single contact person during create processing.
  • Additional contact persons can be added via group management.
    • Administrator authID
  • Allow single administrator during create processing.
  • Additional administrators can be added via group management.

Management Requirements

  • Group Information
    • Ability to set the suppress display preference
    • Ability to set the suppress members preference
    • Ability to set the expiration date
    • Ability to set the display name
    • Ability to set the e-mail address
  • Related Person(s)
    • Ability to change the contact person(s)
  • At least one contact person must exist.
  • Support multiple contact persons.
  • Allow any Person with an authID.
    • Ability to change the Person administrator(s)
  • At least one administrator must exist.
  • Support multiple administrators.
  • Allow any Person with an authID.
    • Ability to change the Person Manager(s)
  • Support multiple managers.
  • Allow any Person with an authID.
    • Ability to change the Person Member(s)
  • Support multiple members.
  • Allow any Person with an authID.
  • Related Group(s)
    • Ability to change the Group Member(s)
  • Support multiple members.
  • Related Service(s)
    • Ability to change the Service viewer(s)
  • Support multiple viewers.
    • Ability to change the Service administrator(s)
  • Support multiple administrators.
    • Ability to change the Service Manager(s)
  • Support multiple managers.
  • Group Delete
    • Ability to delete the Group
  • Bypass the normal expiration schedule.
  • Group Replication
    • Ability to force an enqueue of the Group record for replication
    • Ability to set the priority for the replication

Name Arbitration

Query Requirements

All queries retrieve from the Registry.

  • Ability to query using any combination of the following fields in a single search:
    • Name(allow wildcards)
    • Namespace
  • Ability to display a list of the search result(s) containing the following fields for each match:
    • DN
    • Data source
  • Ability to select a single Permanent Reservation result from the search results list and display a summary screen containing the following fields:
    • Reservation Type
    • Namespace
    • Name
    • DN
    • Reservation state
    • Comments
    • Creation Date
  • Ability to select a single Temporary Reservation result from the search results list and display a summary screen containing the following fields:
    • Reservation Type
    • Namespace
    • Name
    • DN
    • Reservation handle
    • Creation Date
    • Expiration Date

Creation Requirements

  • Ability to create a new Permanent Reservation with the following data:
    • Name
    • Namespace
    • Reservation State
    • Comments
  • Ability to create a new Temporary Reservation with the following data:
    • Name
    • Namespace
    • Reservation Duration

Management Requirements

  • Name Information
    • Permanent Reservation
    • Ability to change the reservation state
    • Ability to change the comments
  • Temporary Reservation
    • Ability to change the expiration date
  • Support date entry that includes minutes.
  • Reservation Delete
    • Ability to delete the Name Reservation
  • Bypass the normal expiration schedule.

People

Query Requirements

All queries retrieve from the Registry.

  • Ability to query using any combination of the following fields in a single search:
    • authID (allow wildcards)
    • VT E-mail address (allow wildcards)
      • primary address
      • alias
      • forward
      • display
    • Virginia Tech ID
    • Banner PIDM
    • Responsible Person UID
    • Person UID
    • First name (allow wildcards)
    • Last name (allow wildcards)
  • Ability to display a list of the search result(s) containing the following fields for each match:
    • Person UID
    • authID
    • Name
    • VT Affiliations
  • Ability to select a single result from the search results list and display a summary screen containing the following fields:
    • Identify Information
      • Name(s)
      • authID
      • Person UID
      • Birth Date
      • VT Affiliations
      • authID Information
      • Account State
      • Account Transition
      • Account Suppression
      • Account Creation Date
      • Account Expiration Date
      • Account Shelve Date
      • Password Expiration Date
    • Information on latest user actions
      • Password Change Date
      • Authentication From
      • Successful Authentication Date
      • Failed Authentication Date
    • Number of failed authentication attempts
    • Home Information
      • Address
      • Phone Number
    • Entitlement Membership
    • Group Membership
    • For non-Guest Person Types
      • VT E-mail Account Information
        • Preferred Address
        • Address
        • Display Address
        • Aliases
        • Forwards
        • Local Delivery Preference
        • Creation Date
        • Last Modification Date
        • Expiration Notification Date
        • Expiration Date
      • Identity Information
        • Virginia Tech ID
        • Banner PIDM
      • Employee Information
        • Working Title
        • Department
      • Office Information
        • Address
        • Phone Number
        • Mail Stop
      • Student Information
        • Last Enrollment Information
        • Major
        • College
        • Campus
        • Next Enrollment Term
      • Local Information
        • Address
        • Phone Number
        • Mail Stop
      • Sponsored Person
    • For Guest Person Types
      • Responsible Person UID (Inviter)

Creation Requirements

  • Ability to create a new Sponsored Person with the following data:
    • First Name
    • Middle Name
    • Last Name
    • Date of Birth
    • Responsible Person UUPID
    • VT Affiliations
    • New UUPID optional
  • Ability to create a new Guest Person with the following data:
    • E-mail address (3rd party)
    • E-mail content for guest invitation
    • Responsible Person UUPID

Management Requirements

Note: Unless otherwise stated, a management function is supported for all Person Types.

  • Overall
    • Updates to Person record data must be logged, including at least:
      • UID of person invoking the management function
      • UID of the Person record being managed
      • Type of update
  • UUPID
    • Ability to assign a UUPID
    • Does not apply to Guest person.
    • Person record must not have a UUPID already.
    • UUPID choices must include
    • a set of generated choices, which have been reserved using the Name Arbiter, and
    • user-entered choice.
    • Selected UUPID must be reserved using the Name Arbiter before creation.
    • A temporary password, which need not obey the PID password requirements, must be assigned at Account creation time.
    • Ability to rename a UUPID
      • Does not apply to Guest Person.
    • VT primary email account must not exist for the selected Person record.
  • authID
    • Ability to change the shelve date.
    • Account state must be Active or Locked.
    • Allow add and update.
    • Deletion of existing shelve date is not supported.
    • Ability to change the state of the Account based on the rules in the account state management document.
      • Account state is required.
    • Ability to delete the Account
      • Account must be in a state supporting deletion.
    • Password (Allow password management for all Person Types with an authID assigned)
      • Ability to reset the password
    • Account state must be Active.
    • Password is required.
      • Ability to unlock the password.
    • Account state must be Locked.
  • Person Information (Does not apply to VT Person Type)
    • Ability to change the name information
    • First name, middle name, and last name
    • Last name is required once name information is added.
    • Ability to change the date of birth
      • Required once a date of birth is added.
    • Ability to change the VT Affiliations
    • Ability to change the Responsible Person
  • Address
    • Ability to manage all types of addresses
    • Ability to change, for all address types
      • Street 1
      • Street 2
      • Street 3
      • PO Box
      • Mail Stop
      • City
      • State / Province
      • Postal Code
      • Country
      • Primary phone number
  • E-mail (Does not apply to Guest Person Type)
    • Ability to create a new e-mail account of type
      • Virginia Tech
      • Carilion
    • Allow at most one per Person.
    • Person must have an assigned UUPID in Active state.
    • E-mail address local part must be the UUPID.
    • Administrative
    • Allow multiple per Person.
    • Person authId not required for auxiliary.
  • Forward-Only
    • Allow multiple per Person.
    • Person authId not required.
  • Ability to change, for all e-mail account types
    • Aliases
    • E-mail account must be in active or expired state.
    • Supported modifications include
      • add / delete aliases
      • set maximum number of aliases
    • Forwards
    • E-mail account must be in active or expired state.
    • Supported modifications include
      • add / delete forwards
      • set maximum number of forwards
    • Local Delivery Preference
  • Preferred e-mail address
  • Display e-mail address
    • Ability to change the state of all e-mail account types
  • For Account state of Active or Locked
    • expire e-mail account
    • delete e-mail account
    • purge e-mail account
  • For Account state of Active
    • renew non-active e-mail account
  • Person Delete
    • Ability to delete/archive the Person
    • Bypass the normal account transitions and deletion schedule.
  • Person Replication
    • Ability to force an enqueue of the Person record for replication
    • Ability to set the priority for the replication

Services

Query Requirements

All queries retrieve from the Registry.

  • Ability to query using any combination of the following fields in a single search:
    • UUSID (allow wildcards)
    • Contact Person
    • Administrator
    • Viewable Attribute
  • Ability to display a list of the search result(s) containing the following fields for each match:
    • UUSID
    • Contact Person(s)
    • Administrator(s)
  • Ability to select a single result from the search results list and display a summary screen containing the following fields:
    • UUSID
    • Account State
    • Creation Date
    • Expiration Date
    • Service Type
    • Contact Person(s)
    • Administrator(s)
    • Viewable Person Attribute(s)

Creation Requirements

  • Ability to create a new Service with the following data:
    • Service Certificate
  • Valid certificate is required.
    • UUSID of the Service is determined by the subject CN of the certificate.
    • Expiration Date of the Service is determined from the expiration date of the certificate.
    • Contact Person authID
  • Allow single contact person during create processing.
    • Additional contact persons can be added via service management.
  • Administrator authID
  • Allow multiple administrators during create processing.
  • Service Type
  • Viewable Person Attributes

Management Requirements

  • Service Information
    • Ability to set the service account state
    • Ability to set the service type
  • Contacts and Administrators
    • Ability to change the contact person(s)
      • At least one contact person must exist.
      • Support multiple contact persons.
      • Allow any Person with an authID.
    • Ability to change the Administrator(s)
      • At least one administrator must exist.
      • Support multiple administrators.
      • Allow any Person with an authID.
  • Viewable Person Attributes
    • Ability to add and remove attribute(s)
    • Service can have no attributes.
  • Service Certificate
    • Ability to add and remove certificate(s).
    • At least one certificate must exist.
    • Support multiple certificates, which must have the same subject CN.
  • Service Delete
    • Ability to delete the Service
    • Bypass the normal expiration schedule.
  • Service Replication
    • Ability to force an enqueue of the Service record for replication
    • Ability to set the priority for the replication

Access Control Requirements

  • Ability to control access to each piece of functionality in these requirements.

Nonfunctional Requirements

  • Must be written as a clustered web application.