self-service privacy using ldap at the university of notre dame cumrec 2003 brendan bellina office...

Self-Service PrivacyUsing LDAP at

The University of Notre Dame CUMREC 2003

Brendan Bellina

Office of Information Technologies

University of Notre Dame du LacEmail: BBellina@nd.edu

Copyright © Brendan Bellina, 2003. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

May 13, 2003 Copyright © 2003, University of Notre Dame du Lac 2

Confidentiality inU.S. Higher Education

May 13, 2003 Copyright © 2003, University of Notre Dame du Lac 3

Family Educational Rights and Privacy Act (FERPA)Institution definition of “Directory Information”

– Full name– Address– Telephone number– Day and place of birth– College, major, or level– Participation in officially recognized activities and sports– Weight and height of members of athletic teams– Dates of attendance– Full or part-time status– Degrees and awards received– Most recent previous educational agency or institution attended by

the student– Other similar information such as a photograph

May 13, 2003 Copyright © 2003, University of Notre Dame du Lac 4

Family Educational Rights and Privacy Act (FERPA)

Excerpt from the Notre Dame FERPA webpage:

Directory information may be disclosed by this institution for any purpose, without the prior consent of a student, unless the student has forbidden its disclosure in writing.

Students wishing to prevent disclosure of the designated directory information must file written notification to this effect with the Registrar's Office.

In the event that such written notification is not filed, the University assumes that the student does not object to the release of the directory information.

May 13, 2003 Copyright © 2003, University of Notre Dame du Lac 5

Family Educational Rights and Privacy Act (FERPA)

In the year following the implementation of the directory privacy functionality described here, a self-service privacy mechanism was implemented in the Student Information System.

• Limited to student campus/home address and phone, and spouse name

• Available only during SIS availability (7x18)• Immediate effect for SIS applications; delayed effect for

web-based applications relying upon directory services• Restricts data passed to directory services, resulting in the

inability of even authorized directory-enabled applications from accessing the information via the directory.

May 13, 2003 Copyright © 2003, University of Notre Dame du Lac 6

Initiating FERPA Protection:The Student

• Request FERPA protection at registration or…

• Submit formal request for FERPA protection to the Office of the Registrar providing name and/or NetID

• Wait for request to be processed.

May 13, 2003 Copyright © 2003, University of Notre Dame du Lac 7

Initiating FERPA Protection:The Office of the Registrar

• Update Student Information System record to indicate that the student has requested FERPA protection

• Contact the Office of Information Technologies to have electronic directories & services updated

May 13, 2003 Copyright © 2003, University of Notre Dame du Lac 8

Limitations

• Complex and slow– multiple steps and points of failure and delay

• Available only during office hours M-F 8-5• Cumbersome – requires student visit• Dependent on availability of system

administrators for multiple systems (core middleware, email, listserv)

• Limited granularity – phone, address, spouse name, or all

May 13, 2003 Copyright © 2003, University of Notre Dame du Lac 9

Unwanted Side Effects• Disables growing list of functions reliant upon directory

entry information, including email forwarding, auto-reply, WebCT, Active Directory services, the eProcurement system, Learning Management System, Online Registration, Online Voting…

• System Administrator reliance - Requires configuration modifications and coding for each request (email, listserv, AFS)

• Separates user account from systems of record, preventing automated revocation and information updates

May 13, 2003 Copyright © 2003, University of Notre Dame du Lac 10

Goals • Self-service web application• Multi-level opt-out• Automate processes• Reduce administrator involvement• Eliminate need for coding and configuration

changes• 7x24x365 availability• Immediate effect – no latency• Attribute level granularity• Eliminate need for office visit• No restrictions on services caused by privacy

May 13, 2003 Copyright © 2003, University of Notre Dame du Lac 11

Steps Taken to Date

• Implementation of high availability Enterprise Directory Service

• Elimination of X.500 directories and Eudora cross-reference database to further reduce administrator involvement

• Web pages to allow user to edit entry content and update privacy options in the Enterprise Directory Service real-time, 7x24x365.

May 13, 2003 Copyright © 2003, University of Notre Dame du Lac 12

Steps Taken to Date

• FERPA protected individuals “mastered” in the Enterprise Directory Service

• Provide LDAP-enabled applications with service id’s authorized to access private entries

• Windows Active Directory domain policy to redirect Active Directory searches to the EDS

May 13, 2003 Copyright © 2003, University of Notre Dame du Lac 13

Screen Samples

May 13, 2003 Copyright © 2003, University of Notre Dame du Lac 14

EDS Authentication Screen

May 13, 2003 Copyright © 2003, University of Notre Dame du Lac 15

Directory Entry Display

May 13, 2003 Copyright © 2003, University of Notre Dame du Lac 16

Directory Entry Edit

May 13, 2003 Copyright © 2003, University of Notre Dame du Lac 17

Privacy Options

May 13, 2003 Copyright © 2003, University of Notre Dame du Lac 18

Display Preferences

May 13, 2003 Copyright © 2003, University of Notre Dame du Lac 19

Opt-out Options

• Entry level and Attribute Level– Private – The entry/attribute is visible only to the owner

and to authorized applications. This is a selectable option for active student and departmental accounts.

– ND-Only – The entry/attribute is visible to authenticated searches and to authorized applications. This is a selectable option for all active accounts.

– FERPA Restrict – entry-level setting identical to “Private” except can only be set and reversed by formal request.

May 13, 2003 Copyright © 2003, University of Notre Dame du Lac 20

Usage Statistics

• FERPA protection / hidden account: 4

• Self-service entry-level privacy: 46

• Self-service entry-level ND-only: 33

• Self-service attribute-level privacy: 250

May 13, 2003 Copyright © 2003, University of Notre Dame du Lac 21

How It Works

May 13, 2003 Copyright © 2003, University of Notre Dame du Lac 22

Directory Attributes: dn

Directory dn (distinguished name) is comprised of:– ndGuid – a uniquely defined string of

characters randomly assigned in format ndaa#aa# (ndPVid) prefixed with “nd.edu”

– X.500 Directory base (avoids conflict with our Active Directory domain)

May 13, 2003 Copyright © 2003, University of Notre Dame du Lac 23

Directory Attributes: dn Intentionally avoided basing on name, NetID, department, or affiliation in order to:– (1) reduce chance of dn changes when changes

occur– (2) allow anonymity without requiring entire

entry to be restricted.

Needed an unchanging, non-reissuable, meaningless id independent of vendor and transaction system influence.

May 13, 2003 Copyright © 2003, University of Notre Dame du Lac 24

Directory Attributes: ndEntryStatus • Multi-valued attribute used to control access to the

entry from applications.• Allowable values:

– active– restrictEDS – indicates entry restricted to only owner

and authorized applications– restrictndonly – indicates entry restricted to

authenticated searches only– restrictFERPA – indicates privacy cannot be altered by

self-service; always coupled with restrictEDS

May 13, 2003 Copyright © 2003, University of Notre Dame du Lac 25

Directory Attributes: ndVisibilityControl

• Multi-valued attribute used to record access level for specific attributes

• Allowable values: Attribute name, +– private – indicates attribute restricted to only

owner and authorized applications– ndonly – indicates attribute restricted to

authenticated searches only

May 13, 2003 Copyright © 2003, University of Notre Dame du Lac 26

Directory Attributes: ndDisplayPreferences

• Multi-valued attribute used to record user preferences for the directory entry display screen

• Allowable values:– maskpriorsurname – indicates that common

name values based on prior surname should not be displayed

– maskuid – indicates that uid (NetID) should not be displayed

May 13, 2003 Copyright © 2003, University of Notre Dame du Lac 27

Directory Attributes: aci

• Entry level aci’s used to control access to entry attributes as specified in ndVisibilityControl

• OU level aci’s used to prevent unauthorized access to restricted attributes such as ndUniversityid, ndPermid, ndRolesAssigned

May 13, 2003 Copyright © 2003, University of Notre Dame du Lac 28

Directory Attribute Access Types

• Always restricted– exp. ndUniversityid, ndPermid,

ndRolesAssigned, internal attributes

• Never restricted– exp. dn, uid

• Restrictions based on user preference

May 13, 2003 Copyright © 2003, University of Notre Dame du Lac 29

Directory Attribute Access Groups

• Groups are used to allow applications to have access to entries and attributes.

• Use of groups reduces directory maintenance/administrative time

• Groups are not visible anonymously

• Group dn’s are also based on ndPVid’s

May 13, 2003 Copyright © 2003, University of Notre Dame du Lac 30

Steps Remaining

• Elimination of public access to ph/CSO• Provide web-application to Registrar to control

FERPA setting• Increase edit capability for FERPA entries• Automate data correction for FERPA entries• Implement a tie between the EDS opt-out and

FERPA settings and Registrar notification

LinksND Enterprise Directory Service, <http://www.nd.edu/~eds>

ND EDS Documentation, <http://www.nd.edu/~eds/docs>

ND EDS Schema Documentation, <http://www.nd.edu/~eds/docs/current_schema/EDS_ModelDoc.htm>

ND EDS Search, <http://www.nd.edu/~eds/search>

eduPerson object class, <http://www.educause.edu/eduperson/>

Internet2 Middleware, <http://middleware.internet2.edu/>

Contact Information

Brendan Bellina

Office of Information Technologies

University of Notre Dame du LacEmail: BBellina@nd.edu

Website: <http://www.nd.edu/~bbellina>

Directory Entry:

<http://www3.nd.edu/~eds/cgi-bin/nd_ldap_search.pl?ldapfilter=uid=bbellina>

vCard: <http://www3.nd.edu/~eds/cgi-bin/ldapvcard.pl?uid=bbellina>