Self-Service Privacy Using LDAP at The University of Notre Dame CUMREC 2003 Brendan Bellina Office of Information Technologies University of Notre Dame

Self-Service PrivacyUsing LDAP at

The University of Notre Dame CUMREC 2003

Brendan Bellina

Office of Information Technologies

University of Notre Dame du LacEmail: [email protected]

Copyright © Brendan Bellina, 2003. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

http://www.nd.edu/

May 13, 2003 Copyright © 2003, University of Notre Dame du Lac 2

Confidentiality inU.S. Higher Education

http://www.nd.edu/


Family Educational Rights and Privacy Act (FERPA)Institution definition of “Directory Information”

– Full name– Address– Telephone number– Day and place of birth– College, major, or level– Participation in officially recognized activities and sports– Weight and height of members of athletic teams– Dates of attendance– Full or part-time status– Degrees and awards received– Most recent previous educational agency or institution attended by

the student– Other similar information such as a photograph

http://www.nd.edu/


Family Educational Rights and Privacy Act (FERPA)

Excerpt from the Notre Dame FERPA webpage:

Directory information may be disclosed by this institution for any purpose, without the prior consent of a student, unless the student has forbidden its disclosure in writing.

Students wishing to prevent disclosure of the designated directory information must file written notification to this effect with the Registrar's Office.

In the event that such written notification is not filed, the University assumes that the student does not object to the release of the directory information.

http://www.nd.edu/


Family Educational Rights and Privacy Act (FERPA)

In the year following the implementation of the directory privacy functionality described here, a self-service privacy mechanism was implemented in the Student Information System.

• Limited to student campus/home address and phone, and spouse name

• Available only during SIS availability (7x18)• Immediate effect for SIS applications; delayed effect for

web-based applications relying upon directory services• Restricts data passed to directory services, resulting in the

inability of even authorized directory-enabled applications from accessing the information via the directory.

http://www.nd.edu/


Initiating FERPA Protection:The Student

• Request FERPA protection at registration or…

• Submit formal request for FERPA protection to the Office of the Registrar providing name and/or NetID

• Wait for request to be processed.

http://www.nd.edu/


Initiating FERPA Protection:The Office of the Registrar

• Update Student Information System record to indicate that the student has requested FERPA protection

• Contact the Office of Information Technologies to have electronic directories & services updated

http://www.nd.edu/


Limitations

• Complex and slow– multiple steps and points of failure and delay

• Available only during office hours M-F 8-5• Cumbersome – requires student visit• Dependent on availability of system

administrators for multiple systems (core middleware, email, listserv)

• Limited granularity – phone, address, spouse name, or all

http://www.nd.edu/


Unwanted Side Effects• Disables growing list of functions reliant upon directory

entry information, including email forwarding, auto-reply, WebCT, Active Directory services, the eProcurement system, Learning Management System, Online Registration, Online Voting…

• System Administrator reliance - Requires configuration modifications and coding for each request (email, listserv, AFS)

• Separates user account from systems of record, preventing automated revocation and information updates

http://www.nd.edu/


Goals • Self-service web application• Multi-level opt-out• Automate processes• Reduce administrator involvement• Eliminate need for coding and configuration

changes• 7x24x365 availability• Immediate effect – no latency• Attribute level granularity• Eliminate need for office visit• No restrictions on services caused by privacy

http://www.nd.edu/


Steps Taken to Date

• Implementation of high availability Enterprise Directory Service

• Elimination of X.500 directories and Eudora cross-reference database to further reduce administrator involvement

• Web pages to allow user to edit entry content and update privacy options in the Enterprise Directory Service real-time, 7x24x365.

http://www.nd.edu/


Steps Taken to Date

• FERPA protected individuals “mastered” in the Enterprise Directory Service

• Provide LDAP-enabled applications with service id’s authorized to access private entries

• Windows Active Directory domain policy to redirect Active Directory searches to the EDS

http://www.nd.edu/


Screen Samples

http://www.nd.edu/


EDS Authentication Screen

http://www.nd.edu/


Directory Entry Display

http://www.nd.edu/


Directory Entry Edit

http://www.nd.edu/


Privacy Options

http://www.nd.edu/


Display Preferences

http://www.nd.edu/


Opt-out Options

• Entry level and Attribute Level– Private – The entry/attribute is visible only to the owner

and to authorized applications. This is a selectable option for active student and departmental accounts.

– ND-Only – The entry/attribute is visible to authenticated searches and to authorized applications. This is a selectable option for all active accounts.

– FERPA Restrict – entry-level setting identical to “Private” except can only be set and reversed by formal request.

http://www.nd.edu/


Usage Statistics

• FERPA protection / hidden account: 4

• Self-service entry-level privacy: 46

• Self-service entry-level ND-only: 33

• Self-service attribute-level privacy: 250

http://www.nd.edu/


How It Works

http://www.nd.edu/


Directory Attributes: dn

Directory dn (distinguished name) is comprised of:– ndGuid – a uniquely defined string of

characters randomly assigned in format ndaa#aa# (ndPVid) prefixed with “nd.edu”

– X.500 Directory base (avoids conflict with our Active Directory domain)

http://www.nd.edu/


Directory Attributes: dn Intentionally avoided basing on name, NetID, department, or affiliation in order to:– (1) reduce chance of dn changes when changes

occur– (2) allow anonymity without requiring entire

entry to be restricted.

Needed an unchanging, non-reissuable, meaningless id independent of vendor and transaction system influence.

http://www.nd.edu/


Directory Attributes: ndEntryStatus • Multi-valued attribute used to control access to the

entry from applications.• Allowable values:

– active– restrictEDS – indicates entry restricted to only owner

and authorized applications– restrictndonly – indicates entry restricted to

authenticated searches only– restrictFERPA – indicates privacy cannot be altered by

self-service; always coupled with restrictEDS

http://www.nd.edu/


Directory Attributes: ndVisibilityControl

• Multi-valued attribute used to record access level for specific attributes

• Allowable values: Attribute name, +– private – indicates attribute restricted to only

owner and authorized applications– ndonly – indicates attribute restricted to

authenticated searches only

http://www.nd.edu/


Directory Attributes: ndDisplayPreferences

• Multi-valued attribute used to record user preferences for the directory entry display screen

• Allowable values:– maskpriorsurname – indicates that common

name values based on prior surname should not be displayed

– maskuid – indicates that uid (NetID) should not be displayed

http://www.nd.edu/


Directory Attributes: aci

• Entry level aci’s used to control access to entry attributes as specified in ndVisibilityControl

• OU level aci’s used to prevent unauthorized access to restricted attributes such as ndUniversityid, ndPermid, ndRolesAssigned

http://www.nd.edu/


Directory Attribute Access Types

• Always restricted– exp. ndUniversityid, ndPermid,

ndRolesAssigned, internal attributes

• Never restricted– exp. dn, uid

• Restrictions based on user preference

http://www.nd.edu/


Directory Attribute Access Groups

• Groups are used to allow applications to have access to entries and attributes.

• Use of groups reduces directory maintenance/administrative time

• Groups are not visible anonymously

• Group dn’s are also based on ndPVid’s

http://www.nd.edu/


Steps Remaining

• Elimination of public access to ph/CSO• Provide web-application to Registrar to control

FERPA setting• Increase edit capability for FERPA entries• Automate data correction for FERPA entries• Implement a tie between the EDS opt-out and

FERPA settings and Registrar notification

http://www.nd.edu/

LinksND Enterprise Directory Service, <http://www.nd.edu/~eds>

ND EDS Documentation, <http://www.nd.edu/~eds/docs>

ND EDS Schema Documentation, <http://www.nd.edu/~eds/docs/current_schema/EDS_ModelDoc.htm>

ND EDS Search, <http://www.nd.edu/~eds/search>

eduPerson object class, <http://www.educause.edu/eduperson/>

Internet2 Middleware, <http://middleware.internet2.edu/>

http://www.nd.edu/~eds






http://www.nd.edu/

Contact Information

Brendan Bellina

Office of Information Technologies

University of Notre Dame du LacEmail: [email protected]

Website: <http://www.nd.edu/~bbellina>

Directory Entry:

<http://www3.nd.edu/~eds/cgi-bin/nd_ldap_search.pl?ldapfilter=uid=bbellina>

vCard: <http://www3.nd.edu/~eds/cgi-bin/ldapvcard.pl?uid=bbellina>

http://www.nd.edu/~bbellina






http://www.nd.edu/

Documents

Self-Service Privacy Using LDAP at The University of Notre Dame CUMREC 2003 Brendan Bellina Office of Information Technologies University of Notre Dame