Info | ||
---|---|---|
| ||
Presented to UH developers on 9/16/2011 |
- Version 1.0 Specifications:
- Desirable Objects
- Acknowledgements - as in I hereby acknowledge that I have read and understand E2.214.
- Certifications - as in successfully demonstrating via test questions that I have read and understand E2.213 (not a Phase I deliverable).
- Audiences (types of users)
- Users have UH Credentials and can assert acknowledgements and pass certifications; no role-based access controls are required at this time.
- Policy Representatives can create and manage their own certifications.
- Acks and certs must be owned by either someone(s), group/dept accounts are eligible.
- Multiple apps can reference a single acknowledgement or certification, and a single app can reference multiple acknowledgements or certifications.
- Clarify the purpose of acknowledgements and certifications for continued access to apps; to convey responsibilities. Not an authorization or provisioning tool.
- Explain certifications as demonstrated knowledge.
- Admins can provision and de-provision owners.
- GUI
- Web-enabled self-service tool for end-users to be merged with the new /username redesign.
- Requires UH credentials to use
- Users can view all certifications and acknowledge any of them (/wiki/spaces/ITSPRAC/pages/6435136).
- User is informed of which certifications have been acknowledged and when.
- User can easily distinguish which certifications should be acknowledged in the near future so as not to have to come back very soon.
- Email notifications for pending expirations
- allow policy owner to select notification schedule; develop selection parameters; for now we only need two patterns, short and long, one month and one week with weekly reminders
- Policy Reps can create, update, enable/disable, delete, reassign or extend ownership requires a request being sent to an admin;
- deleting and disabling has potential ramifications.
- API to pass if the application reference an acknowledgement or certification that is missing or disabled
- Admins can provision/deprov and enable/disable Policy Reps;
- must a person be fac/staff to be authorized? no, admins determine this
- are grouper groups appropriate for tracking Policy Reps? tbd
- UHIMS Life Cycle should also trigger deprovisioning
- Data Storage
- Set this up as a separate service with its own database.
- Data tracks each user's acknowledgements and certifications and the date last updated successfully.
- Expiration dates are NOT by definition in scope. It is up to the consumer of the info to apply business rules.
- Life Cycle: Data is removed when the user no longer has an active affiliation with UH. Returning to UH imposes a fresh start.
- Data to be saved in a relational database(?) and LDAP (/wiki/spaces/MDR/pages/10150627 on the Mace-dir list)Data Retrieval during authentication to determine authorization
- LDAP
- CAS - upgrading to CAS 3.x may be a prerequisite (not a Phase I deliverable)
- Shibboleth via attribute release policy
- Development Phases
- Phase I: Acknowledgements, single check box
- Phase II: Certifications, pass/fail testing process
- Requirements for building questions and answers and answer keys need to be defined.
- Phase III: not planned, only to be considered if sufficient demand for expansion of functionality
- Parkinglot
- tracking who took which online quizzes, etc and reporting back to a dept, unit, etc.
- support for UH related organizations; for more general use
- POs may want to track who amongst their staff have done the confidentiality agreement
- Departments may want to impose their own acknowledgements on their own staff or on their own guests.
- Desirable Objects
- Version 2.0 Specifications:
ACER 1.0 lacks a reporting mechanism, but 1.0 by design provides the barest functionality possible to get started as a useful service that we can then share with others to see what should be in ACER 2.0.- Compliance requirements established by EAC.
- Require specific groups to perform specific Acknowledgements and Certifications.
- Compliance reporting organized by EAC.
- Provide PO's reports on who has and hasn't done their Acknowledgement or Certification.
- Provide PO's with the history of previous acceptance of Acknowledgements and Certifications.
- It is believed that a history helps establish that the University has consistently required acceptance and this is blameless.
- Automated annual and biennual renewal email reminders for initial and renewal of compliance.
- New attribute required to indicate that a Acknowledgement or Certification must be renewed.
- New attribute required to indicate the renewal frequency.
- New subsystem required to handle automation of the generation of the email reminders.
- Candidate for pilot: OHR Substance Abuse Notification
- Compliance requirements established by EAC.