Penn State Use Cases

Parents Access to Student Records
Use Case: Students often need to authorize others to have access to their educational records for various purposes. For example, a parent/guardian may be granted access to the student's tuition bill and/or Office of the University Bursar account for payment purposes. In addition, a student may grant a parent/guardian access to their enrollment verification, tax credit information, and student aid application. In this case, Parents/guardians need authenticated but limited access to Penn State secure services so that the appropriate educational records may be accessed.

Users: Students, parents, legal guardians
Business Owners:  Bursar, Registrar, Student Aid

IAM Opportunity: Create an IAM service that permits students to grant others limited access to their educational records.  Include delegated person contact information and relationships in the Central Person Registry

Electronic Theses and Dissertations online
Use Case: Certain graduate-level degrees that are conferred by Penn State require a student electronically submit a thesis. To complete this requirement the student must visit the electronic Theses and Dissertations (eTD) Web site. Access to the site is restricted to active Penn State Access Account holders. At Penn State, most if not all academic degrees require a thesis as part of the requirements for graduation. A student is not required to be registered for classes after his/her doctoral defense. A student in a Master's program does not need to be continuously enrolled either. These conditions and potentially others could cause the student's Access Account to become inactive, thus the student will not be able to access the eTD.

Users: Some Graduate Students
Business Owners: Graduate School

IAM Opportunity:  Extend the digital lifecycle for student identities to meet the needs of online services.  Capture additional information regarding the student status or affiliation.

Employee Confidentiality Hold
Use Case: Under certain circumstances, employees can request a confidentiality hold on their data, which causes many problems for directory enabled applications. In addition there is no standard mechanism by which they can do. The policy from OHR (official or not) is an employee cannot have a confidentiality hold as they need to be contacted for business reasons. However there are a number of staff members out there that feel that their data is private and they want it protected. So what they do is go into eLion register for a class, set up the hold and then drop the class. At that point the hold is established and the user's data is protected. The issue came into light during the WebRAT pilot where personnel were establishing roles and could not find people because they had a confidentiality hold.

Users:  Employee
Business Owners:  Security Office, OHR, IAM Office

New Faculty and Access to ANGEL and Other Class Resources:
Use Case: A new faculty member is hired at Penn State York. Her official appointment begins in August but she needs access to ANGEL and other online resources before that time to prepare for the class she is about to teach. She does not need the full access that she will eventually have as a full-time employee. Because of the date of the appointment, she is unable access applications that require authentication mechanisms tied to the completion of the employment process.

Users:
Business Owners:

IAM Opportunity:

Access to University Library Workstations
Digital Library Technologies supports public workstations in all the University Libraries locations. The primary purpose of public computer workstations is to support teaching, learning, and research through access to the Libraries collections, databases, and to other online information resources. There are three levels of access:
Penn State Faculty, Staff and Student Authenticated Access
A significant number of the public workstations in the University Libraries locations are restricted to Penn State users, i.e. users must have a valid Access ID and password to log into the workstation. Although Library public workstations are controlled by the same mechanism that controls the Campus Computer Labs, they may have access to a different set of software.
Guest access - Non-authenticated Access
Each University Libraries location has a few Visitor Services, LIAS Express, workstations. Patrons at these workstation may search The CAT and most library databases. They also have Internet access to Penn State Web sites, along with governmental Web sites.
Guest access - Authenticated Access
Visitors without Penn State Access Accounts that have research needs that require Internet access to sites not available with non-authenticated access, may request a Short Term Access Account for Research (STAAR). A STAAR account allows you to login/authenticate to Penn State services for a limited time. The University Libraries will issue a STAAR for one day.

UC Davis - IAM Requirements

  • No labels

1 Comment

  1. Tom Barton (uchicago.edu)

    Some notes during discussion of this.

    Relationships, eg, is a parent, spouse, guardian, uncle, whatever, can be important terms in access policies that must be implemented. Capturing them in a registry could be useful. It's more than just "X is sponsored by Y".

    For this group, "federation" includes openID, facebook accounts, potentially any type of account a person may have for accessing Internet services.