Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Early Draft for community review

Presented to UH developers on 9/16/2011

  1. Specifications:
    1. Desirable Objects
      1. Acknowledgements - as in I hereby acknowledge that I have read and understand E2.214.
      2. Certifications - as in successfully demonstrating via test questions that I have read and understand E2.213 (not a Phase I deliverable).
    2. Audiences (types of users)
      • Users have UH Credentials and can assert acknowledgements and pass certifications; no role-based access controls are required at this time.
      • Policy Representatives can create and manage their own certifications.
        • Acks and certs must be owned by either someone(s), group/dept accounts are eligible.
        • Multiple apps can reference a single acknowledgement or certification, and a single app can reference multiple acknowledgements or certifications.
        • Clarify the purpose of acknowledgements and certifications for continued access to apps; to convey responsibilities.  Not an authorization or provisioning tool.
        • Explain certifications as demonstrated knowledge.
      • Admins can provision and de-provision owners.
    3. GUI
      • Web-enabled self-service tool for end-users to be merged with the new /username redesign.
      • Requires UH credentials to use
      • Users can view all certifications and acknowledge any of them (/wiki/spaces/ITSPRAC/pages/6435136).
      • User is informed of which certifications have been acknowledged and when.
      • User can easily distinguish which certifications should be acknowledged in the near future so as not to have to come back very soon.
      • Email notifications for pending expirations
        • allow policy owner to select notification schedule; develop selection parameters; for now we only need two patterns, short and long, one month and one week with weekly reminders
      • Policy Reps can create, update, enable/disable, delete, reassign or extend ownership requires a request being sent to an admin; 
        • deleting and disabling has potential ramifications.
        • API to pass if the application reference an acknowledgement or certification that is missing or disabled
      • Admins can provision/deprov and enable/disable Policy Reps; 
        • must a person be fac/staff to be authorized?  no, admins determine this
        • are grouper groups appropriate for tracking Policy Reps?  tbd
        • UHIMS Life Cycle should also trigger deprovisioning
    4. Data Storage
      • Set this up as a separate service with its own database.
      • Data tracks each user's acknowledgements and certifications and the date last updated successfully.
      • Expiration dates are NOT by definition in scope. It is up to the consumer of the info to apply business rules.
      • Life Cycle: Data is removed when the user no longer has an active affiliation with UH.  Returning to UH imposes a fresh start.
      • Data to be saved in a relational database(?) and LDAP (/wiki/spaces/MDR/pages/10150627 on the Mace-dir list)
    5. Data Retrieval during authentication to determine authorization
      • LDAP
      • CAS - upgrading to CAS 3.x may be a prerequisite (not a Phase I deliverable)
      • Shibboleth via attribute release policy
    6. Development Phases
      • Phase I: Acknowledgements, single check box
      • Phase II: Certifications, pass/fail testing process
        • Requirements for building questions and answers and answer keys need to be defined.
      • Phase III: not planned, only to be considered if sufficient demand for expansion of functionality
    7. Parkinglot
      1. tracking who took which online quizzes, etc and reporting back to a dept, unit, etc.
      2. support for UH related organizations; for more general use
      3. POs may want to track who amongst their staff have done the confidentiality agreement
      4. Departments may want to impose their own acknowledgements on their own staff or on their own guests.
  • No labels