Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Warning

This is a draft document that may change significantly. It is to eventually be included on the IAM website.

Table of Contents

Table of Contents
excludeTable of Contents

Overview

The UH Identity Management System (UHIMS) aggregates identity and contact information as well as roles and affiliations for each member of the UH community.  The Identity Access Management (IAM) team ensures that all requests for this information are handled by processes that are documented and regularly reviewed and approved by UH’s Institutional Data Governance Program (DGP).  Any changes to IAM data sharing processes are first subjected to DGP review and approval.

...

There are a number of IAM data sharing strategies available:

During Authentication: UH Login (Shibboleth and CAS)

A individual's successful authentication to an authorized online web application may result in the sharing of the individual's data from the Person Registry.  The application may use that individual's data to determine what the person is authorized to access and how best to organize the presentation of the accessible content.

...

The DGP generally requires that a developer manually obtain at a Data Sharing Agreement for each activity and for each system-of-record involved.  IAM practices mitigate the need to do this in two ways: (1) aggregation, and (2) the IAM pre-approved data sharing process.  By aggregating data UHIMS provides a single resource for the access of "person" data.  Because the DGP has pre-approved IAM's data sharing practices, most developers will not have to obtain any Data Sharing Agreements in many cases.  

...

Requests for IAM data sharing are currently driven by Google Forms.  DGP staff have access to the underlying data that is collected as requests are submitted.  IAM data sharing practices are documented and reviewed by the DGP before each set of changes.