Internal Accounting Group Correspondence

Revised: 99/08/11

Date: Mon, 9 Aug 1999 11:24:43 -0700 (PDT)
From: Hugh Sheets 
To: jbranom@cac.washington.edu, dorish@cac.washington.edu,
     hornung@cac.washington.edu
Cc: hugh@cac.washington.edu, remmers@cac.washington.edu,
     stenvik@cac.washington.edu
Subject: Austen....

With Jeanne's running of billing on her NT ACCESS client, the
decommissioning of Austen has taken a giant step forward.  I'm hoping
to establish a plan and schedule so we are all on the same page and
in agreement, so here's a draft open for commments/suggestions/changes:

1. In a few days, we should all know (hopefully by not hearing otherwise)
   that the new billing worked fine - CTIs were accepted into the FAS
   system, invoice file accepted by Cashiers Office, slightly "new look"
   well received by customers, etc.  We are committed to fixing anything
   that needs fixing to ensure this new billing is used and *not* falling
   back to the parallel billing Jeanne ran on Austen.

2. Nobody should be doing anything on Austen in production mode - Jeanne
   should not be doing any parallel billing, no file updating, no data
   entry by C&CI, etc.  From July 1 forward, nothing on Austen is used,
   and from now on anything done on Austen is wasted effort.  No EOQ,
   DAY1/10, CHARGES for July 1 on, *BUT* GENCL, the class list generator,
   and ADD used to increase limits for a whole class, will still be used
   to finish out Summer quarter, ending Aug 20.  For Fall quarter, Bill
   Shirey will be providing a replacement GENCL system and that is all the
   detail I know about it.  We still need to come up with replacement
   ADD and CHARGES procedures, which we will have soon.

   There are some automatic programs still running on Austen and a couple
   of odds and ends to clean up, but we plan to start shutting these down.

   Please get the word out to all of C&CI to not use Austen for anything
   but GENCL and ADD, and these only until Aug 20.  If we have overlooked
   anything we need to know ASAP.

3. We have a couple of clients to get written, which we are working on
   now - EOQ, ADD, CHARGES as mentioned, and a client for C&CI to
   add/change billing records like email accounts.  Until this last one
   is done, Jeanne will bear the data entry burden as the only one in C&CI
   with a billing client on her PC.

4. As Jeanne's schedule allows, she can update her billing documention
   (the csbiz web site) so the new process is documented.

5. Tom will document and archive the new ACCESS billing client.

6. Plan on reviews of everything to get us all to a point where we
   all can say it is "done for now" - at a point where we have covered
   all issues we have.  Of course this will never really be done, but
   when we have gone through a couple of quarters and billing cycles
   I hope we can have everything patched up to where we can set this
   aside for a while.


Date: Wed, 4 Aug 1999 13:35:48 -0700 (PDT)
From: Hugh Sheets 
To: hornung@u.washington.edu, hugh@cac.washington.edu, ken@cac.washington.edu,
     remmers@cac.washington.edu, stenvik@cac.washington.edu
Subject: Highlights of 99/07/29 Accounting meeting....

From 99/07/29 Accounting meeting....

Hugh, Tom, and Tracy met to review our status on getting off Austen.
A couple of tasks are not completely up and running elsewhere, but
they will be by the next scheduled running.

Billing: Next week, Jeanne will run production billing for July 1999
    using her ACCESS client authored by Tom.  She will also be running
    most of July's billing on Austen in parallel, but we will not be
    using any Austen-based billing.  This will be the last time billing
    runs on Austen.

EOQ: Still is needed, and not yet moved.  Tracy has a plan to have
    EOQ running on Daffy, and hopefully set up to run automatically
    on a pre-established schedule.  We can project out these dates for
    quite a while and eliminate human interaction.  At the least,
    the human-run Daffy replacement needs to be operational by Sept 20.

DAY1/10: Was run for the last time in June.  GENCL and ADD use the
    data produced by DAY1/10.

GENCL: The Austen-based class list generator uses the data produced by
    DAY1/10.  We are counting on Bill Shirey's Class List replacement
    for Fall 1999.

ADD: The Austen-based procedure to increase limits for an entire class.
    Tom will create a Daffy-based web page for C&CI which will make
    the CDF file Ken uses to increase limits.  This needs to be
    operational by Sept 27.

CHARGES: The Austen-based procedure used by selected Budget Administrators
    and individual users to generate a detailed breakdown of billing
    charges.  This detailed breakdown is now generated by default by the
    new ACCESS-based billing, and will be sent out with the invoices and
    CTIs.  Tom will create a database table of UWnetIDs of people
    authorized to run CHARGES for a given budget number (we need to be
    able allow multiple UWnetIDs/budget number) and individual UWnetIDs
    will be able to run CHARGES for themselves.  CHARGES will be a
    web-based tool, and either Tom or Tracy will build it.  CHARGES will
    not be able to be run on Austen for billing from July 1 on.

STDDIR.A16:  Thss file is sent to Austen by Li nightly, and in turn is
    grabbed by the A series to pass back email addresses to the A series.
    Tom is producing this file on Vitcos and is waiting on Bill Shirey to
    identify which Vitcos account should be allowed to read it.

Other Austen procedures continue to run, but as far as we can tell are
not being used and are poised for shutdown.  We plan to stop running
continuous procedures and observe consequences.


Date: Thu, 24 Jun 1999 14:03:39 -0700 (PDT)
From: Hugh Sheets 
To: hornung@u.washington.edu, hugh@cac.washington.edu, ken@cac.washington.edu,
     pete@cac.washington.edu, remmers@cac.washington.edu,
     stenvik@cac.washington.edu
Cc: deroest@cac.washington.edu, drr@cac.washington.edu
Subject: Highlights of 99/06/17 Accounting meeting and followups....

From 99/06/17 Accounting meeting and followups....

We reviewed our position with regards to Austen's decommission.  EOQ was
run on Austen for the last time 6/14, DAY1 is scheduled for the last
running 6/18, the first day of Summer quarter, and DAY10's last run will be
probably July 6.  Jeanne has completed the running of May's billing.  The
time line shows June's billing will be run in early July, and it is our
goal to run Tom's new billing, but run it in parallel to the old Austen
billing.  The end/beginning of the biennium is June 30/July 1, so we
certainly want to be running billing for the new biennium on the new
billing system.  This would be the production billing run in early August
for July's billing.  We will not be running EOQ/DAY1/10 on Austen after
this Summer quarter.

Specifics:
- Tracy compiled a list of Austen procedures that are not specifically
  commented as obsolete so *could* still be running.  We are picking
  through the list examining them.

- Tom is single-handedly writing the new billing and is virtually done.
  Hugh will work with Jeanne to test this.  The Cashier's Office (Cindy
  Gregovich, Austen account "CASHIER") has been using Austen to fetch a
  file (disk$a:[cashier]ucsinv.xxx) created by our monthly billing for
  invoices send to external addresses.  They still need the file, but we
  can email it to Cindy from anywhere - they don't need Austen in
  particular.

- EOQ: Closes out a quarter, and is still being used.  EOQ notifies
       Ken who resets quarterly accumulation fields (assets).  I believe
       EOQ also removes the galaxy CPF and CDF files used to modify
       accounts enrolled in a class when the quarter ends.  Tracy will
       craft a daffy EOQ to do the same thing before Sept 20, the next
       scheduled run of EOQ.

- DAY1/10: Process the EDF.FUL file of student enrollment data ftp-ed
       from the A-Series.  The only things we are aware of that use the EDF
       on Austen anymore are GENCL, the Class List generator, and ADD,
       which modifies account limits for all students enrolled in a
       course.

- Class Lists: Is still being used by C&CI to generate class lists by
       request of the Instructor.  Bill Shirey is writing a replacement for
       this scheduled to be in production for the start of Fall quarter.
       We plan to keep running this old Austen-based process for Summer
       quarter which will end Aug 20 then switch customers to Bill Shirey's
       new replacement.

- ADD: Makes the CPF and CDF files which are used to modify account limits,
       like disk quotas, for all the student accounts enrolled in a class.
       This uses the EDF file to pick out all the students enrolled in a
       class, and create two files which are ftp-ed to the galaxy desired
       to modify account limits.  Ken has a nightly process that reacts to
       the presence of these files and does the modifying.  When the files
       are no longer present, the account limits revert back to the default
       level.  I suspect EOQ gets rid of the files at the end of the
       quarter.  This functionality is not yet addressed in any
       replacement, so still needs to be assigned.

- Dave Wall: Dave occasionally uses Austen only to receive ftp-ed
       data (from the A-series) which he uses to maintain the Faculty
       Senate listproc addresses.  He can simply receive this ftp-ed data
       elsewhere and does not need Austen.

- Other uses of Austen:  I know of a few folks still using Austen unrelated
  to accounting.  I believe I have been in some form of contact with all of
  them, and have a "call list" to contact before Austen is finally shut
  down.  Everyone is aware of Austen's imminent demise, although there is
  varying understandings of the schedule.


Date: Fri, 16 Apr 1999 15:12:14 -0700 (PDT)
From: Hugh Sheets 
To: hornung@u.washington.edu, hugh@cac.washington.edu, ken@cac.washington.edu,
     pete@cac.washington.edu, remmers@cac.washington.edu,
     stenvik@cac.washington.edu
Cc: deroest@cac.washington.edu, drr@cac.washington.edu
Subject: Highlights of 99/04/15 Accounting meeting....

From 99/04/15 meeting:

This meeting directed focus to the task of getting AST off Austen.  We
have advertised that Austen is to be decommissioned July 1, 1999, which
is 2.5 months from today.  Since we (the AST group) should take the
"lead by example" leadership role, we will strive to be off Austen as we
expect others to be.

There is still a "lot of stuff" running on Austen (Hugh browsed around
on Austen noting file update dates).  This does not mean it has not be
replaced by processes running elsewhere, but now is the time to examine
these Austen processes carefully to be sure *all* the functionality has
been replaced, it has been dumped in the streamlining process, or if it
still needs to be attended to do so.  When possible, we can shut off the
Austen processes as we work through them.

The goal of this meeting was to designate a reconnaissance team to
survey what is still happening on Austen, and report back next week.
Hopefully a more directed to-do list will then be established.

Hugh drew three general categories of Austen processes that seem to
cover what AST is concerned with:
- Administrative - authorization handling including Student, Fac/Staff,
    AVF, registration (EDF), class lists, expiration, etc.  Tom has already
    done significant work in this category, so he will look over this area.
- Billing - the suite of programs run and data used to generate monthly
    invoices and CTIs.  Hugh will look at this.
- User - such programs as CHARGES that can be run to generate details
    on monthly billing.  Tracy will look at this.

Mike Hornung will alert the C&CI staff to note what they do if anybody
logs in to Austen to perform any tasks to be sure we don't overlook
anything.

Hugh drew a time line denoting scheduled events between now and July
1.  As the normally scheduled processes come along, we hope to be
running them in production on daffy, the new billing machine, possibly
in parallel to Austen as a backup.


Date: Thu, 10 Dec 1998 15:22:29 -0800 (PST)
From: Hugh Sheets 
To: Internal Accounting Group , fox@cac.washington.edu,
    hornung@u.washington.edu, hugh@cac.washington.edu,
    ken@cac.washington.edu, pete@cac.washington.edu,
    remmers@cac.washington.edu, stenvik@cac.washington.edu
Cc: deroest@cac.washington.edu
Subject: Highlights of 98/12/10 Accounting meeting....

From 98/12/10 meeting:

Hugh, Ken, Tom, and Tracy met to talk about billing.

Tom has come up with a quite revolutionary plan (compared to the old system
on Austen) to implement billing.  All usage data (CUFs) are being processed
on vitcos, and the data is stored in tables in the database rather than
flat files.  Everything that accesses the data, including "POSTing" type
operations to inject billing records, will be done via ACCESS on Windows
machines.  ACCESS will be used to generate reports, including CTIs and
invoices.  Operations such as running monthly billing will run in real time
on data stored in Shuksan.  We have to be sure to store data down to the
level needed for "CHARGES" detailed reporting.

ACCESS is a very easy tool to use to produce reports (including CTIs and
invoices) from data stored in databases, on-the-fly.  It is very easy to
modify or produce custom reports.  Rates will be stored in Shuksan, so it
would be easy to apply new rates without rebuilding a suite of programs.
Anyone needing access to Shuksan data, such as whoever runs billing, will
need a Windows machine.

Tom will ask Oren, Doris, Jeanne if this will be a problem - we don't think
so.  Tom will also work on creating the ACCESS clients to run the standard
monthly billing.  We need to be sure we implement the necessary security to
allow only the authorized people to access Shuksan via ACCESS - some to
read only, a select few to make changes like post charges, change rates,
etc.  A SecurID gateway betwen ACCESS and Shuksan would be ideal.


Date: Fri, 16 Oct 1998 11:01:28 -0700 (PDT)
From: Hugh Sheets 
To: Internal Accounting Group , fox@cac.washington.edu,
    hornung@u.washington.edu, hugh@cac.washington.edu,
    ken@cac.washington.edu, pete@cac.washington.edu,
    remmers@cac.washington.edu, stenvik@cac.washington.edu
Subject: Highlights of 98/10/15 Accounting meeting....

From 98/10/15 meeting:

Hugh, Ken, Tom, and Tracy met to talk about billing - a term we are using
to encompass the processes currently run on Austen to produce invoices and
CTIs, reports, and also production processes such as class lists which are
not really billing.  The goal is to get all the remaining production
processing off Austen and onto a UNIX host(s).

Our plan is to have a host as the data repository, and another host(s) as
the "billing machine".  Our data host, already well underway is the Shuksan
database on vitcos.  Where Shuksan resides is not really important, and
this can very well (and easily) change.  We are planning on making daffy
the "billing machine", where the various clients will be run for
billing/reporting.  The billing machine can also easily change.

At this point, a number of foundation pieces are already functioning in
Shuksan.  All the authorization data, and also the basic building block of
billing, the CUFs, are being shipped to, received, and processed daily in
Shuksan in parallel with production processing still happening on Austen.
The CUFs, Computer Usage Files, are files produced daily on each galaxy by
the "watcher".  The CUFs can be used as-is as building blocks for billing.
The necessary programs from the CUF on up can be ported from Austen to the
billing machine (UNIX) and updated/streamlined/enhanced as needed.
From lessons too often relearned, portability is critical, so a tulsafied
source tree is planned, minus vendor/platform specifics exemplified by the
recent zorra-to-zorra2 painful migration.

In the first phase of billing, Tom will continue to replicate the daily
"uaday" functionality on Austen in Shuksan on the data repository machine.
Others can work on porting the billing programs and procedures in the next
phase.  This is easy to say, but in reality we are talking about literally
hundreds of programs/procedures on Austen, and a lengthy list of
changes/enhancements accumulated over time to be factored in.  We want to
automate more to reduce human interaction, and make web-based clients where
clients are needed.


Date: Fri, 28 Aug 1998 14:03:13 -0700 (PDT)
From: Hugh Sheets 
To: Internal Accounting Group , fox@cac.washington.edu,
    hornung@u.washington.edu, hugh@cac.washington.edu,
    ken@cac.washington.edu, pete@cac.washington.edu,
    remmers@cac.washington.edu, stenvik@cac.washington.edu
Subject: Highlights of 98/08/27 Accounting meeting.....

From 98/08/27 meeting:
- Tom set up the first affiliate UWnetID, "jherman" for WWAMI/b3.  He
  just set up the kerberos principal by hand and has not yet added
  the supporting authorization information to Shuksan.
- Pete implemented the initial version of web new accman as scheduled
  on Aug 20.  This essentially just reports on what accounts one has
  currently set up.  He is working on the addition of new web.
- Tom has set up a new AIX box called sahale1, which is intended to
  be one of the replicated homes of Shuksan.  He is investigating
  Informix or DB2 as the database engine.
- Last week Tom distributed an LDAP authorization service announcement
  to people/groups in C&C known to be interested in LDAP queries to
  our authorization server.  It points out some "how-to-do-it" web
  pages (start at http://staff.washington.edu/remmers/ldap/) and offers
  a forum for discussion and development, which no one has responded to
  yet.
- A discussion ensued, with no clear end, about whether we should
  promote LDAP protocol only as the way to access our authorization
  data, or to *also* promote a mango API.  We have talked about both
  for some time now, but there has been some recent opinions put forth
  that we should not "advertise" the mango API outside UCS due to the
  difficulty in supporting it over the long term.  If I can state a
  personal opinion, I think we could offer both and let customers decide
  themselves.  There is no guarantee of LDAP's longevity or stability
  over the same for a locally developed mango API.
- Next (or soon) meeting will be dedicated to discussing getting the
  remaining Austen processes off Austen, the traditional accounting/
  billing/reporting.  Unless specifically defined, we are not planning
  on providing any reports, only data for custom reporting as needed
  to who needs it.


Date: Fri, 10 Jul 1998 12:49:55 -0700 (PDT)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hornung@u.washington.edu, hugh@cac.washington.edu,
    ken@cac.washington.edu, pete@cac.washington.edu,
    remmers@cac.washington.edu, stenvik@cac.washington.edu
Subject: Highlights of July 9, 1998 Accounting Meeting....

From 98/07/09 meeting:

Newsy updates:
- Pete has added Ken's longer password fix to web renew
- Pete is toiling away on web new - cleaning up some parts that he
   considered not optimal.  The "accman" enhancements are still being
   defined so he is working on a basic foundation while awaiting specific
   direction.
- AVF: Zephyr called attention to the cumbersome current billing process
       for supplemental accounts.  The billing, for example for email
       accounts, is maintained in a separate file that must be editted by
       hand to remove a billing record when an account expires.  If this
       step is not done, billing continues for an expired account.  We noted
       this problem and assure a better system linked automatically.
     - C&CI predicted potential problems with requiring a "sponsor" to own
       supplemental accounts in every case except medical residents and
       extension students.  We stuck to this requirement, since we could
       at least always identify a Department Chair for a sponsor.  If the
       Department Chair does not want to sponsor a supplemental, we
       probably should not be setting one up.  Tom mentioned we can phase
       this in by first requiring all new supplementals to conform, then
       working up some plan to retroactively fix up existing supplementals.
- Xerox printing, particularly invoices:  Jim will look at the file
   format Hugh sent.  We are awaiting special form samples from Jeanne,
   and window envelopes, etc. to see if these can be sent to another
   Xerox as-is, or if they can be converted to print on other printers,
   perhaps as PostScript format.  When billing pieces that *must* be
   printed are rewritten (to get off Austen) we will not build in
   manufacturer specific "features" that require a specific printer.
- Mike pointed out "whatami" on saul does not identify a category 7
  user.  "whatami" is used currently to determine if a user is student,
  staff, or faculty for purposes of setting up the proper web server
  account by using the account category.  This process is not used for
  the new web servers so this problem will go away.  Apparently, some
  C&CI folks use "whatami" as a tool for determining user category.
- Tom has decided to use a UNIX LDAP server rather than an NT platform
  at this time for security reasons.

Tom is meeting today with Jean Wells to discuss authorization needs
for the USER project.  Our part of this is to store data provided by
others (IS, departments, etc.) so a data structure needs to be designed
so LDAP queries can return what is needed.

We are planning on using LDAP groups to provide authorization on
who is authorized to view/change/add authorization information.  For
example, a UW class will have a group defined for the students in the
class, this information we get from the SVF.  There will be a related
group for the class instructor, who can then add others to this related
group such as TAs who can be authorized to access the class group.


Date: Thu, 25 Jun 1998 13:47:16 -0700 (PDT)
From: Thomas W Remmers 
To: New Accounting System Development -- Jim Fox ,
    Hugh Sheets , Ken Lowe ,
    "P. Pulliam" ,
    Thomas W Remmers , stenvik@u.washington.edu,
    Yonah Karp 
Subject: backup

Liz informed me they dump all the databases at 10 PM every night and
keep a running transaction log throughout the day, so it is possible to
rebuild a database to the exact point of a hardware failure.

If the database gets corrupted, they could perform this procedure for
our database space and restore a database in about one hour.  Doing so
would delete and restore all databases in our database space.

The reason I didn't create backups was that I knew this in the back of
my mind, Liz explained this to me 6 months ago.

We could keep our own dumps of the database if we needed to restore more
quickly or we could not contact someone to do the above procedure.  We
wouldn't get the transaction log so the database would be restored to
the state at the dump time, a disadvantage.

I'll put together an emergency restore procedure, but I think it should
only be used in absolute emergencies.  If we did lose our data it most
likely will be a system problem, in which case everyone's databases will
need to be restored and Ping and Liz will restore everything.

Tom


Date: Thu, 18 Jun 1998 19:11:58 -0700 (PDT)
From: Thomas W Remmers 
To: New Accounting System Development -- Jim Fox ,
    Hugh Sheets , Ken Lowe ,
    "P. Pulliam" ,
    Thomas W Remmers , stenvik@u.washington.edu,
    Yonah Karp 
Cc: dorish@u.washington.edu, "Michael S. Hornung" 
Subject: Re: student and staffdir (fwd)

---------- Forwarded message ----------
Date: Wed, 13 May 98 11:29:47 -0700
From: Ken Lowe 
To: remmers@u.washington.edu
Cc: donn@cac.washington.edu, hugh@cac.washington.edu
Subject: Re: student and staffdir

Expiration runs on horton on a regular basis.  I don't know what
Erin's plans are.

--------

Actually I'm not sending the cufexp.dat file to horton at this time but
I should.  It brings up the question on how to keep system accounts from
expiring on the news galaxy.  There are two possibilities:

  1)  Add an entry to the AVF
  2)  Set the category to 6

In method 2 I think the master source for the category is cdf.dat.  For
supplemental accounts the method of assigning a category eludes me from
empirical evidence.

I'd like to redo how we prevent system accounts from expiring, hopefully
to avoid needing to add an AVF entry.  We should talk about this at one
of our next meetings.

Tom


Date: Tue, 16 Jun 1998 12:55:17 -0700 (PDT)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hornung@u.washington.edu, hugh@cac.washington.edu,
    ken@cac.washington.edu, pete@cac.washington.edu,
    remmers@cac.washington.edu, stenvik@cac.washington.edu
Subject: Highlights of 98/06/11 Accounting meeting....

From 98/06/11 meeting:

Tom has been attending a MicroSoft technical conference; this plus what
we have gleaned from the recent ;login article about kerberos
authentication in NT 5 indicates we will need to support a MicroSoft
family of products.  If not used exclusively as our kerberos server,
then in parallel with it.  Our minds must remain open to using NT 5 in
place of UNIX.

We must remember to review data stored on Austen and stop maintaining
what is not needed.

The Sequim backup fails every night as something is accessing it.  Tom
is reviewing backup of the databases to be sure we are protected.

Some discussion on supplemental accounts.  Currently there are fourteen
account type codes recognized.  We keep only one owner per account, and
it was decided to only keep the current owner - we will not maintain
previous owners.  We will keep a list of additional users of a
supplemental account, who will also be authorized for password changes.

We want to make available code samples of how developers would do
authentication and authorization.  It was mentioned Jim Fox has some
that we could make available on the web page.

Tracy/Tom have made extensive additions to data in Shuksan, actually in
the test database Sequim.  Sequim now contains all the Li information.
The mango server queries Sequim, and Tracy has a modified wu library in
sy99 that interfaces to Sequim.  When enhancements and testing are
completed, we can switch over to using Sequim, which will be Shuksan by
then.  All applications that use the wu library need to be rebuilt.  The
actual switchover will need to be carefully choreographed, and it is not
clear what Li would do.  Perhaps still do email forwarding, maybe remove
it completely.  Some stress testing of Sequim will be needed to
determine if it could serve email forwarding fast enough to replace Li.
Some more work involved here, but a lot of progress has been made.

Sequim now contains lots of information, and utilities like "who" need
to be evaluated to see if everything needs to be returned, and in what
format, as the volume of information can be prohibitive.  Mike Hornung
will take a look at this.

Web New is being tested and refined.  A demo will be given in the
FSCO-AST meeting this afternoon.

Future meeting topic:  Close look at how authorization will/might work.
Where will authorization information reside, how might applications get
it, how do we get the information.  Class lists included.

Task review:
------------
Tom: Review vitcos Shuksan and Sequim backups - usual backups often fail.
     Sequim (Shuksan) development.

Tracy: Sequim (Shuksan) development.

Fox: Authentication, authorization code samples for application developers

Mike: Look at volume of information in Sequim - what to display where.


Date: Fri, 29 May 1998 09:14:54 -0700 (PDT)
From: Oren Sreebny 
To: Doris Gallaugher 
Cc: Thomas W Remmers ,
    Sandra Moy ,
    Jim DeRoest ,
    New Accounting System Development -- Jim Fox ,
    Hugh Sheets , Ken Lowe ,
    "P. Pulliam" , stenvik@u.washington.edu,
    Michael Hornung ,
    Yonah Karp 
Subject: Re: Supplemental Accounts

Agreed.

Date: Fri, 29 May 1998 07:30:46 -0700 (PDT)
From: Doris Gallaugher 
To: Oren Sreebny 
Cc: Thomas W Remmers ,
    Sandra Moy ,
    Jim DeRoest ,
    New Accounting System Development -- Jim Fox ,
    Hugh Sheets , Ken Lowe ,
    "P. Pulliam" , stenvik@u.washington.edu,
    Michael Hornung ,
    Yonah Karp 
Subject: Re: Supplemental Accounts

Oren,

I agree with all but the idea of requiring a sponsor for Extension
students.  These students pay a tech fee in order to be eligible for the
same privileges as regular UW students.  They're omitted from the svf for
technical reasons, rather than political ones.  And *many* of them jump in
and out of the svf quarter by quarter depending on registration method.
The idea of changing the owner back and forth... yuk.  If only Extension
registration info could be somehow dumped to the svf/avf.

Thanks,

Doris
 

Date: Fri, 29 May 1998 06:37:18 -0700 (PDT)
From: Oren Sreebny 
To: Thomas W Remmers 
Cc: Sandra Moy ,
    Jim DeRoest ,
    New Accounting System Development -- Jim Fox ,
    Hugh Sheets , Ken Lowe ,
    "P. Pulliam" , stenvik@u.washington.edu,
    Yonah Karp , dorish@u.washington.edu
Subject: Re: Supplemental Accounts

Tom and all -

I think this is starting to look very good from my point of view - nice
work!  Some specific comments below marked with ***

- Oren

On Fri, 22 May 1998, Thomas W Remmers wrote:

> AVF and supplemental account technical and policy issues with regard to
> the new accounting system were discussed at length yesterday with a good
> deal of consensus.  The summary is at
> http://neruda.cac.washington.edu/ast/projects/acctg/avf.html.
>
> The basic premise was that all supplemental accounts would be owned by a
> current UW employee (in HEPPS).  Supplemental accounts include
> department, course, email list and sponsored accounts.  Only medical
> residents and extension students would not need an employee sponsor.

*** I wonder whether even these account types should have a sponsor - we
need in all cases I think for someone to accept the responsibility for
ensuring proper use of an account within the rules, and by allowing
accounts to not have a sponsor we are implying that C&C is accepting that
responsibility, which I don't think we want.  So we should, I think, get
someone at Extension to agree to be listed as the sponsor for Extension
student accounts and for the someone in each of the departments with
residents to accept the responsibility for the resident accounts (if we
don't phase those out altogether this summer).

>
> A serious question did arise after the meeting about what information we
> would store about a supplemental account.  If the plan is to allow
> employees to create up to 4 supplemental accounts with new or web new
> (as we heard in the meeting), then there is no way to validate
> information about the account or its intended purpose (name, ssn etc.).
> In that case, is there any reason to store more than the most basic
> information, e.g. whether the account is a deparmental, course,
> sponsored etc.?
>
> It seems there may be an issue with the usage policy that an account
> cannot be shared.  What would keep an employee from creating a
> supplemental sponsored account for a friend and saying it was
> legitimate?  We have no way of knowing.  One possibility is to require
> all sponsored supplemental accounts to go through C&CI then trusting
> employees to not hand out supplemental accounts for non-UW people, but
> it seems a stretch to enforce that.

We may indeed get to a point where staff and faculty can create their own
supplemental accounts (up to some limit) for purposes such as course
accounts, departmental accounts, etc.  I think that there's no real way to
validate their intent, but we need to have that creation process be
explicit in getting them to at least state what the purpose of the account
is and to tell them that they're accepting the responsibility for proper
use of the account.  From that point on, abuse or misuse are management
issues which can be dealt with as they arise.

Sponsored accounts are, I think, a different thing.  The intent here is
for departments to be able to say "We are treating this outside person as
a member of our department for some set of business reasons, and we are
prepared to justify that if need be" and because they pay for these
accounts, we should (at least for the forseeable future) require C&CI
intervention for these accounts.

>
> The one saving factor is that all supplemental accounts will be owned by
> a current employee, so there will always be an accountable person at the
> UW.
>
> This is long winded, but to summarize what I think we need from the
> directors,
>
>  1.  Evaluate the consensus summary on the Web page.
>
>  2.  Is the intention to let a certain group (current employees?) create
>      their own supplemental accounts?
>
>  3.  What information do we need about a supplemental account?
>
>  4.  Do we place contraints, hurdles or limitations on the kind of
>      supplemental accounts that can be owned?
>
>  5.  Do we attempt to treat sponsored accounts differently?
>
> As well, if anyone at the meeting has comments about the web page, let
> me know.
>
> Thanks,
>
> Tom
>


Date: Fri, 22 May 1998 14:14:40 -0700 (PDT)
From: Thomas W Remmers 
To: Sandra Moy , oren@cac.washington.edu,
    Jim DeRoest 
Cc: New Accounting System Development -- Jim Fox ,
    Hugh Sheets , Ken Lowe ,
    "P. Pulliam" ,
    Thomas W Remmers , stenvik@u.washington.edu,
    Yonah Karp , dorish@u.washington.edu
Subject: Supplemental Accounts

AVF and supplemental account technical and policy issues with regard to
the new accounting system were discussed at length yesterday with a good
deal of consensus.  The summary is at
http://neruda.cac.washington.edu/ast/projects/acctg/avf.html.

The basic premise was that all supplemental accounts would be owned by a
current UW employee (in HEPPS).  Supplemental accounts include
department, course, email list and sponsored accounts.  Only medical
residents and extension students would not need an employee sponsor.

A serious question did arise after the meeting about what information we
would store about a supplemental account.  If the plan is to allow
employees to create up to 4 supplemental accounts with new or web new
(as we heard in the meeting), then there is no way to validate
information about the account or its intended purpose (name, ssn etc.).
In that case, is there any reason to store more than the most basic
information, e.g. whether the account is a deparmental, course,
sponsored etc.?

It seems there may be an issue with the usage policy that an account
cannot be shared.  What would keep an employee from creating a
supplemental sponsored account for a friend and saying it was
legitimate?  We have no way of knowing.  One possibility is to require
all sponsored supplemental accounts to go through C&CI then trusting
employees to not hand out supplemental accounts for non-UW people, but
it seems a stretch to enforce that.

The one saving factor is that all supplemental accounts will be owned by
a current employee, so there will always be an accountable person at the
UW.

This is long winded, but to summarize what I think we need from the
directors,

 1.  Evaluate the consensus summary on the Web page.

 2.  Is the intention to let a certain group (current employees?) create
     their own supplemental accounts?

 3.  What information do we need about a supplemental account?

 4.  Do we place contraints, hurdles or limitations on the kind of
     supplemental accounts that can be owned?

 5.  Do we attempt to treat sponsored accounts differently?

As well, if anyone at the meeting has comments about the web page, let
me know.

Thanks,

Tom


Date: Fri, 22 May 1998 15:04:48 -0700 (PDT)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hornung@u.washington.edu, hugh@cac.washington.edu,
    ken@cac.washington.edu, pete@cac.washington.edu,
    remmers@cac.washington.edu, stenvik@cac.washington.edu,
    yonah@cac.washington.edu
Cc: deroest@cac.washington.edu, dorish@cac.washington.edu,
    zephyrmc@cac.washington.edu
Subject: Highlights of 98/05/21 Accounting meeting....

From 98/05/21 meeting:

Jim DeRoest, Doris, and Zephyr joined us for the meeting.

Tracy has his new mango server running on "mango.u.washington.edu",
which translates to a couple of redundant machines, same as li right
now, Cybele and Horton.  They are monitored by Argus.  The web who and
validate are now using this new server.  Tracy says the search by name
takes a while now as the name is not an indexed field in Shuksan, but
Tom will change this.  Also, since Shuksan does not yet contain all the
information Austen had, it cannot return as much as the Austen mango
did.  This is a short term situation.  Tracy has an API which he is
using for web who and validate, and he is expanding the API to include
li calls.  The AVF web client is also soon to use mango.

Ken is planning to remove shadow passwd files and wondered which
machines to do first.  After discussion, we thought all beckers and
homers.  (Later in the FSCO-AST meeting, Oren said becker1-2, and
dante10-19, and next Wednesday is fine.  We had the word previously that
CS didn't like just doing some machines in a cluster as it was difficult
to debug if problems arose, but they changed their minds.)

The rest of the meeting was spent in discussion of a portion of the
layout of Shuksan concerning owners and accounts, particularly how to
handle AVF-type supplemental accounts/owners.  Tom had provided a plan
prior to the meeting which he will modify and redistribute.  He wants to
work hard on getting owners for all current AVF accounts (there are
maybe 1000 with no known owners) so he can move the current AVF
information into the new layout.  Zephyr pointed out a file on daffy
that may provide owners for some if not all the AVF accounts without
owners.

Task review:
------------
Tom: Work on adding levels of authorization in Shuksan.
     Make name field in Shuksan indexed.
     Update AVF policy/plan, implement

Tracy: Work on programming interface calls to mango.


Date: Fri, 22 May 1998 14:14:40 -0700 (PDT)
From: Thomas W Remmers 
To: Sandra Moy , oren@cac.washington.edu,
    Jim DeRoest 
Cc: New Accounting System Development -- Jim Fox ,
    Hugh Sheets , Ken Lowe ,
    "P. Pulliam" ,
    Thomas W Remmers , stenvik@u.washington.edu,
    Yonah Karp , dorish@u.washington.edu
Subject: Supplemental Accounts

AVF and supplemental account technical and policy issues with regard to
the new accounting system were discussed at length yesterday with a good
deal of consensus.  The summary is at
http://neruda.cac.washington.edu/ast/projects/acctg/avf.html.

The basic premise was that all supplemental accounts would be owned by a
current UW employee (in HEPPS).  Supplemental accounts include
department, course, email list and sponsored accounts.  Only medical
residents and extension students would not need an employee sponsor.

A serious question did arise after the meeting about what information we
would store about a supplemental account.  If the plan is to allow
employees to create up to 4 supplemental accounts with new or web new
(as we heard in the meeting), then there is no way to validate
information about the account or its intended purpose (name, ssn etc.).
In that case, is there any reason to store more than the most basic
information, e.g. whether the account is a deparmental, course,
sponsored etc.?

It seems there may be an issue with the usage policy that an account
cannot be shared.  What would keep an employee from creating a
supplemental sponsored account for a friend and saying it was
legitimate?  We have no way of knowing.  One possibility is to require
all sponsored supplemental accounts to go through C&CI then trusting
employees to not hand out supplemental accounts for non-UW people, but
it seems a stretch to enforce that.

The one saving factor is that all supplemental accounts will be owned by
a current employee, so there will always be an accountable person at the
UW.

This is long winded, but to summarize what I think we need from the
directors,

 1.  Evaluate the consensus summary on the Web page.

 2.  Is the intention to let a certain group (current employees?) create
     their own supplemental accounts?

 3.  What information do we need about a supplemental account?

 4.  Do we place contraints, hurdles or limitations on the kind of
     supplemental accounts that can be owned?

 5.  Do we attempt to treat sponsored accounts differently?

As well, if anyone at the meeting has comments about the web page, let
me know.

Thanks,

Tom


Date: Wed, 20 May 1998 13:58:58 -0700 (PDT)
From: Tracy Stenvik 
To: Doris Gallaugher 
Cc: hugh@u.washington.edu, remmers@u.washington.edu
Subject: new server for who/validate

I've just switched you guys to the new mango server for all who and/or
validate requests.  This server talks directly to shuksan, so the data
should be as up to date as possible, and is (thank god, eh?) off of austen
for good.

You should see little user-visible changes, except for the name search in
who, which now only searches by last name.  I don't know of how much value
a search by name is to you, but as this field is not keyed in shuksan the
search can take a long time to return so don't rely on it too heavily.

As for who, I've given you control of the file which permits access to
the various types of data (avf/fvf/svf) a user may view.  Instead of the
three discreet files (mda.dat, mdf.dat, mds.dat) users are placed in one
file now with a 'privilege mask'.  This file is in ~info/data/who.dat.

Here's what it looks like currently,

daffy2% cat ~info/data/who.dat
7 info
7 adminapp
7 imf
7 remmers
7 hugh
7 fox
7 sys
7 oren
7 mel
7 jbranom
7 training
3 pur7015
3 hbsmith

Setting the 'privilege mask' is constructed as follows:  Determine which
'bits' are appropriate for the user in question, add the 'bits' up, and
enter into the file along with the logon id.

The bits are as follows:

Bit     Meaning
---     -------
 1      user may see avf records
 2      user may see fvf records
 4      user may see svf records

So, taking 'info' as an example, you want to see all data types, so your
mask is (1 + 2 + 4 = 7).  'hbsmith' can't see svf records, so his mask is
(1 + 2 = 3).

I'll switch over the avf web-page stuff to use mango as well within a day
or two.

I wasn't sure who else to share this information with, so I'll leave it up
to you.

---
Tracy Stenvik
University Computing Services 354843.  University of Washington
email: imf@u.washington.edu  voice: (206) 685-3344
 

Date: Mon, 18 May 1998 15:08:57 -0700 (PDT)
From: Thomas W Remmers 
To: New Accounting System Development -- Jim Fox ,
    Hugh Sheets , Ken Lowe ,
    "P. Pulliam" ,
    Thomas W Remmers , stenvik@u.washington.edu,
    Yonah Karp 
Subject: AVF Policy

I would like to finalize what we think the AVF should do at our next
meeting (this Thursday).  Then I'd like to take these recommendations to
Oren, Sandy and Jim and have them approve them.  I see the AVF policy as
a top priority in keeping the project moving along.  Down below are some
ideas for the AVF policy.  If you're interested you could look them over
before the meeting.


I want split up the AVF into it's two primary types.

 A.  Records that keep existing accounts from expiring when the
     person leaves the University.  This type of record refers to
     a person, call these AVF Owner records.

 B.  Supplemental, departmental, course etc. records that reflect
     a secondary computer account.  This type of record refers
     not to a person so much as to a computer account, call these
     AVF Account records.

The first type actually has a subset,

 A1. Sponsored people who were never at the UW but for whatever
     reason have a UA account.  The AVF record will prevent this
     account from expiring.

The AVF table has been moved to Shuksan and C&CI maintains it via a Web
page on Daffy2.  I have already made these changes to the AVF records
and to the interface.

  1. An owner field is required, which may be an encrypted ssn or
     student number.  Currently no check is made on the value of this
     field.

  2. An account type field is required, which will is useful for
     AVF records of type 2, supplemental accounts.  These types
     currently are, and will be used to determine which Web server
     an account will move to from Weber,

        1       Faculty
        2       Staff
        3       Department
        4       Course
        5       Student
        9       Other

Changes in Policy
-----------------

I recommend these changes in policy, or policy ideas that need
discussion or decision,

  -  Every AVF Owner record should have an owner field that is an
     encrypted SSN or student number.  It is not necessary this
     value be currently in HEPPS or SDB, in fact it most likely will
     not be.

  -  Every AVF Owner record that is used to prevent expiration of an
     account must have a future expiration date to prevent that person
     from keeping an account forever.  The expiration date can be
     extended, but possibly for only X period of time, say one quarter
     or one year.

  -  Likewise every AVF account record should have an expiration date so
     that supplemental accounts can disappear even if the owner is still
     at the UW.

  -  All supplemental accounts must have an owner who is currently in
     HEPPS or the SDB, or must be owned by a designated department in
     some way, e.g. the Chemistry Department, which will always exist.
     If the owner leaves the UW, the supplemental account(s) will expire
     in the same manner regular accounts expire.

  -  A sponsored AVF Owner record must include, in the comments or
     a new field, the encrypted ssn or student number of a current
     owner

         or

  -  A sponsored account is really a type of supplemental account for
     an existing owner.  If some VIP needs an account, someone at the
     UW will actually "own" the account.  If the sponsor leaves, the
     sponsored account will be deleted.

  -  Students will not be allowed to own supplemental accounts.

  -  Email warnings will be sent the maximum of 30 days or as soon as
     can be determined to all accounts that expire because of the AVF.


Date: Mon, 11 May 1998 15:57:13 -0700 (PDT)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hornung@u.washington.edu, hugh@cac.washington.edu,
    ken@cac.washington.edu, pete@cac.washington.edu,
    remmers@cac.washington.edu, stenvik@cac.washington.edu,
    yonah@cac.washington.edu
Cc: deroest@cac.washington.edu, jblank@cac.washington.edu
Subject: Highlights of 98/05/07 Accounting meeting....

From 98/05/07 meeting:

Jim DeRoest and Jim Blankenship joined us for the meeting.

Jim D. talked about a meeting he had attended with the My UW folks.  The
My UW developers are interested in what they call a "back end bus", or
middleware they can query in a variety of protocols, which will decide
what data source needs to be queried to fulfill the request, make the
secondary queries in the appropriate manner, then bundle up all the
secondary responses as a response to the initial query.

Benefits of this model include insulation between end applications and
databases which can change.  As long as the middleware is updated, the
applications don't have to.  Persistent connections between the
middleware and databases can vastly increase performance.  Security is
improved by not exposing all the "back room databases" to user queries.

This is essentially the technology Tracy and Tom are developing with the
mango server interface to Shuksan.  Tracy is working on a set of
interface calls to mango now.  This technology can be used for other
servers talking to other databases in a similar manner, so is a big step
towards this proposed middleware, and will head off proliferation of
parallel development for similar uses by many developers.  Jim
Blankenship is interested in using this technology both for My UW and
the USER project.  He will keep in touch with Tracy and Tom for access
to the interface calls.

One issue we have discussed before is authorization - who can make
queries and/or make changes to databases (Shuksan) via mango?  We need
to revisit levels of authorization we once proposed for Shuksan, and we
should proceed even though we have no good idea how we will actually get
this data.  We could at least add it "by hand" for select individuals as
needed for now.  One relationship looming is the instructor/class/class
member relationship.

Task review:
------------
Tom: Work on adding levels of authorization in Shuksan.

Tracy: Work on mango server to interface to Shuksan..
       Work on programming interface calls to mango.


Date: Tue, 28 Apr 1998 14:10:02 -0700 (PDT)
From: "Michael S. Hornung" 
To: Hugh Sheets 
Cc: Internal Accounting Group ,
    hugh@cac.washington.edu, ken@cac.washington.edu,
    pete@cac.washington.edu, remmers@cac.washington.edu,
    stenvik@cac.washington.edu, yonah@cac.washington.edu
Subject: Re: avf

All the AVF accounts that aren't category 7 should be easy since the
category tells us which web server they ought to be on.  Can't the owner
be grabbed from Li somehow (assuming there is one, but it's not in the
AVF yet)?

The other 2800 or so category 7 accounts are going to be a problem.  Their
owners (if they have one) could be snatched from Li as well, but we have
no way of telling which web server they want the account to be available
on.  I suppose a bulk emailing could do the job, even though it would be a
swamp.

_________________________
Michael Hornung, hornung@u.washington.edu
Student Staff, Computing & Communications Information
(206) 543-5970, FAX: (206) 543-3909, Box 355670

On Tue, 28 Apr 1998, Hugh Sheets wrote:

>Tom: Great!  This takes care of all new supplementals created.  Now,
>     we need some method of categorizing exiting accounts.  Mike, any
>     ideas?  Maybe a bulk emailing to the existing supplementals?
>
>     We also need this catagory in the LDAP server, so anyone who
>     needs to know this usage category, like newweb, can query for it.
>
>Hugh
>
>On Fri, 24 Apr 1998, Thomas W Remmers wrote:
>
>> I sent this to Mike and C&CI
>>
>> Tom
>>
>>
>> -------
>>
>> Mike et. al.
>>
>>
>> I've changed the avf programs and html stuff to include owner and
>> account type.  The only thing that doesn't work is the batch add, which
>> I disabled in avfadd.html and you should fix.  The previous files are in
>> the old directory.  The new fields should be intuitive:
>>
>> -  Owner (Encrypted SSN or Student #):  This is the same field that is
>>    input with the addid program.
>>
>> -  Account Type (primary use):  This field is used to identify the
>>    purpose of the account, which will be used to determine which web
>>    server the account can use.  The choices are
>>
>>         1    Faculty
>>      2       Staff
>>      3       Department
>>      4       Course
>>      5       Student
>>
>>    and should be self-evident for a particular entry.
>>
>> Thanks,
>>
>> Tom
>>
>



Date: Tue, 28 Apr 1998 12:14:44 -0700 (PDT)
From: Thomas W Remmers 
To: Hugh Sheets 
Cc: Internal Accounting Group ,
    hornung@u.washington.edu, hugh@cac.washington.edu,
    ken@cac.washington.edu, pete@cac.washington.edu,
    stenvik@cac.washington.edu, yonah@cac.washington.edu
Subject: Re: avf

>      We also need this catagory in the LDAP server, so anyone who
>      needs to know this usage category, like newweb, can query for it.

Newweb et. al. should contact mango, not LDAP.

Tom


Date: Tue, 28 Apr 1998 10:17:23 -0700 (PDT)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hornung@u.washington.edu, hugh@cac.washington.edu,
    ken@cac.washington.edu, pete@cac.washington.edu,
    remmers@cac.washington.edu, stenvik@cac.washington.edu,
    yonah@cac.washington.edu
Subject: Re: avf

Tom: Great!  This takes care of all new supplementals created.  Now,
     we need some method of categorizing exiting accounts.  Mike, any
     ideas?  Maybe a bulk emailing to the existing supplementals?

     We also need this catagory in the LDAP server, so anyone who
     needs to know this usage category, like newweb, can query for it.

Hugh

On Fri, 24 Apr 1998, Thomas W Remmers wrote:

> I sent this to Mike and C&CI
>
> Tom
>
>
> -------
>
> Mike et. al.
>
> I've changed the avf programs and html stuff to include owner and
> account type.  The only thing that doesn't work is the batch add, which
> I disabled in avfadd.html and you should fix.  The previous files are in
> the old directory.  The new fields should be intuitive:
>
> -  Owner (Encrypted SSN or Student #):  This is the same field that is
>    input with the addid program.
>
> -  Account Type (primary use):  This field is used to identify the
>    purpose of the account, which will be used to determine which web
>    server the account can use.  The choices are
>
>         1     Faculty
>       2       Staff
>       3       Department
>       4       Course
>       5       Student
>
>    and should be self-evident for a particular entry.
>
> Thanks,
>
> Tom
>
>


Date: Fri, 24 Apr 1998 15:18:03 -0700 (PDT)
From: Thomas W Remmers 
To: Jim Fox 
Cc: Hugh Sheets ,
    Internal Accounting Group ,
    hornung@u.washington.edu, hugh@cac.washington.edu,
    ken@cac.washington.edu, pete@cac.washington.edu,
    stenvik@cac.washington.edu, yonah@cac.washington.edu
Subject: Re: 98/04/23 Accounting meeting highlights....

The numbers are, from the new AVF Web page,

  1: Faculty
  2: Staff
  3: Department
  4: Course
  5: Student

I left Student last in case we wanted to expand student to 5 = Undergrad
and 6 = Graduate.  The new AVF and web site should be in production
before I leave today.

Tom

On Fri, 24 Apr 1998, Jim Fox wrote:

>
>
> > . . . The
> > four choices we have now are:  Faculty, Staff, Department, and
> > Classwork.
> >
>
> I believe 'students' is a choice also.
>
>

Date: Fri, 24 Apr 1998 09:16:53 -0700 (PDT)
From: Hugh Sheets 
To: Jim Fox 
Cc: Internal Accounting Group ,
    hornung@u.washington.edu, hugh@cac.washington.edu,
    ken@cac.washington.edu, pete@cac.washington.edu,
    remmers@cac.washington.edu, stenvik@cac.washington.edu,
    yonah@cac.washington.edu
Subject: Re: 98/04/23 Accounting meeting highlights....

I see two lists in two places in:
 http://weber.u.washington.edu/~davidw/setup/supp-acct-expl.html

One says the four choices I mentioned, but I see the application form
also lists Student, so I think Jim is right - we should include it for a
fifth type, whether it is used or not.  By the way, what I call Classwork
is called "Course" in the application form, so we should stick with
"Course" I think.

Hugh

On Fri, 24 Apr 1998, Jim Fox wrote:

>
>
> > . . . The
> > four choices we have now are:  Faculty, Staff, Department, and
> > Classwork.
> >
>
> I believe 'students' is a choice also.
>
>


Date: Thu, 23 Apr 1998 15:57:47 -0700 (PDT)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hornung@u.washington.edu, hugh@cac.washington.edu,
    ken@cac.washington.edu, pete@cac.washington.edu,
    remmers@cac.washington.edu, stenvik@cac.washington.edu,
    yonah@cac.washington.edu
Subject: 98/04/23 Accounting meeting highlights....

From 98/04/23 meeting:

We discussed again the need to identify the intended use of supplemental
accounts for the purpose of assigning the appropriate web server.  The
end result of the discussion was Tom will make a new table for
information about the account as a place to put this intended use.  The
four choices we have now are:  Faculty, Staff, Department, and
Classwork.  Mike will modify his AVF web interface to require one of
these choices be selected for every new supplemental account set up.
Once implemented, a plan to go back and set this for existing
supplemental accounts needs to be made.  Tracy's Mango server also needs
to be able to "serve" this data.  Tom, Tracy, and Mike need to
coordinate carefully.

Pete gave us an overview of the UW NetID plan.  Pete will keep up to
date on the progress of Tracy's Mango server, which is what he really
needs to talk to instead of Li.
               
Task review:
------------
Tom: Modify Shuksan to add account use table for supplemental accounts.
     Work with Tracy on ODBC interface to Shuksan for Mango
     Work with Mike on AVF web client to accommodate usage flag

Pete: Web-based UW NetID

Tracy: Work on Mango server to interface to Shuksan.

Mike H: Work with Tom on AVF web client to accomodate usage flag


Date: Thu, 9 Apr 1998 16:00:32 -0700 (PDT)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hornung@u.washington.edu, hugh@cac.washington.edu,
    ken@cac.washington.edu, pete@cac.washington.edu,
    remmers@cac.washington.edu, stenvik@cac.washington.edu,
    yonah@cac.washington.edu
Subject: Accounting project....

From 98/04/09 meeting:

Well, we are back to *not* expiring Kerberos passwords, as decided in
the FCSO-AST meeting last week.  We will, however, nag people who have
not changed their passwords in a while.

Tracy is making good progress on his new MANGO server, which will talk
directly to Shuksan and will also talk to our current Li.  This
interface will be used for a multitude of things, including Web New to
satisfy the authorization.

Tom has modified Austen to not bill for disk usage under 100Mb.

Tom is working on automating the account expiration email warning.  A
problem is knowing when a quarter starts and ends.  He may need to have
this in a data file.

There is a need to know the "authorization" of a supplemental (AVF)
account.  This means if it is owned by a student, or Fac/Staff (or
Department) so the appropriate web server can be allocated.  Currently,
we don't have this information directly for these accounts.  We may be
able to determine this from the owner, or we may need to encode this as
a new piece of data for supplemental accounts.  Tom and Mike will think
about this.

Task review:
------------
Tom: Database development, loading, processing.
     LDAP server - update schema.
     Explore Netscape's Directory Services.
     DB2 for a test Informix replacement.
     Expiration processing off Austen, email warning.
     Supplemental account ownership

Pete: Web-based new.

Tracy: Work on entire suite of clients.
       Look at expiration process.
       Look at getting CUF information into Shuksan.
       Work on server to interface to Shuksan.

Hugh: Work on backup/restore policies.
      Arrange the removal of SVF.INFO on Austen.
      Polish up web page, send full accounting group update.

Mike H: Review our list of known clients to be sure INFO's needs covered
        Work with Tom on Netscape's Directory Services.
        Work on c program access to LDAP.
        Supplemental account ownership


Date: Fri, 27 Mar 1998 11:51:01 -0800 (PST)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hornung@u.washington.edu, hugh@cac.washington.edu,
    ken@cac.washington.edu, pete@cac.washington.edu,
    remmers@cac.washington.edu, stenvik@cac.washington.edu,
    yonah@cac.washington.edu
Cc: deroest@cac.washington.edu
Subject: Accounting project....

From 98/03/26 meeting:

We dedicated this meeting to discussing the namespace model.  Our latest
design is best described by a diagram.  In words, the highlights are:
- on the Authentication side, we have a single KDC containing all
  UW NetIDs (which could grow to be a very large quantity).  Each UW NetID
  is unique, for example there is only one "hugh".  The KDC contains
  only the ID and password.  Also on the Authentication side, we have
  another database, called perhaps the Master UW NetID DB, containing
  on a one-to-one correspondence with the KDC: the KDC ID, owner (SSN,
  Student number, or ?), probably email forwarding, and category (where the
  authorization came from and maybe this authorization date).

- on the Authorization side, we have what could be a number of databases
  containing authorization data - Shuksan is an example of the UW uniform
  access authorization data.  In other authorization databases there could
  be authorization data for other organizations or entities that want
  UW NetIDs.  A UW NetID can't be created without supporting authorization
  data.  This is because we have to know something about the UW NetID -
  if this is a UW person we know quite a bit from Shuksan, but if it is
  an affiliate we at least need to know what entity (department/organization)
  allowed to make authorization decisions OK'd this person.  Since we
  do not plan to provide administrative services to "outside" departments
  or organizations, we need to be able to refer to the appropriate
  "outside" administrator.  If we don't have an email address for a
  UW NetID, this administrator may be the default email address.

- Web New creates/modifies a UW NetID by looking up and comparing
  authorization data in one or more authorization databases.  If this
  verification passes, a UW NetID is created in the KDC with its
  corresponding entry in the Master UW NetID DB.

- Administrative interfaces to the various authorization databases need
  to be provided for trusted administrators (departmental people).

- Not addressed are many things - lots of details, and things like where
  we keep track of who has accounts on what UA galaxies and caccluster
  (we need some pwsync-type database) and we need to be sure all the Li
  functionality is included someplace.


Date: Thu, 26 Mar 1998 10:14:42 -0800 (PST)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hornung@u.washington.edu, hugh@cac.washington.edu,
    ken@cac.washington.edu, pete@cac.washington.edu,
    remmers@cac.washington.edu, stenvik@cac.washington.edu,
    yonah@cac.washington.edu
Cc: deroest@cac.washington.edu
Subject: Accounting project....


From 98/03/19 meeting:

It was decided to keep expiring passwords when we have moved to the
Kerberos KDC model.  This is not real easy, but doable.

Hugh noted the need to keep the sources of all aspects of the accounting
in tulsa - right now in rapid development they tend to be scattered
all over as various people work on pieces.  Work is not completed until
the product is safely tucked away in tulsa.  If, for security reasons,
this is not a good idea, we need a safe centralized repository just like
tulsa.

Tom has the account expiration warning email text done and approved!  If
that is not amazing enough, he emailed out over 2900 warnings already!
We will see what sort of customer response we get.  It may need a bit
of work to appear as though it comes from "help@cac" so if anyone
replies to the email it goes to help@cac.

Pete will revise web new so UW NetID is created with the option of
proceeding on to create a UA account.  This is a change to his current code.
The UW NetID will consist of a Kerberos principal (ID), password, and
an email forwarding address.  The customer will be asked to provide an
email forwarding address at the time of creating the UW NetID.  If they
don't have one, this will remain blank until they go on (or come back
later) to create a UA account or later add/change this email address.

Mike Hornung is working on a C program to do LDAP access.

We need a way to "dump" a user record from Shuksan as a lowest-level
debugging tool.  Since our LDAP server will not have every bit of
Shuksan data, an LDAP client is not the way to do this, and we sure don't
want people logging in to vitcos and using "dbaccess" to poke around.
We need a secure server that can accept queries and interface via
ODBC to Shuksan.  There will be other needs to query Shuksan directly,
so this will serve other functions such as web validate and web who
that now use Tracy's temporary mango server running on Austen.  Tracy will
work on this, given his background on clients already, and get him familiar
with Shuksan and ODBC.

Hugh wants to send a status update to the full accounting group.  Before
this is done, he will polish up the web page a bit and add the next
planned phases.

Tom talked to Mary Syre and Marci Tufarolo about applications they want
to use our authentication/authorization structure.  Turns out they actually
have a class of UW NetID candidates who need some access but are not
part of our traditional UW community - here is some of those "affiliates"
we've been hearing about!  We had a lengthy discussion with no resolution
about how these will fit into our draft namespace model.  The next meeting
will be dedicated to continuing this discussion.  We'll see if Jim DeRoest
can attend.

Task review:
------------
Tom: Database development, loading, processing.
     LDAP server - update schema.
     Explore Netscape's Directory Services.
     DB2 for a test Informix replacement.
     Expiration processing off Austen, email warning.
     Update Austen billing - 40Mb-to-100Mb disk quotas.

Pete: Web-based new.

Tracy: Work on entire suite of clients.
       Look at expiration process.
       Look at getting CUF information into Shuksan.
       Work on server to interface to Shuksan.

Hugh: Work on backup/restore policies.
      Arrange the removal of SVF.INFO on Austen.
      Polish up web page, send full accounting group update.

Mike H: Review our list of known clients to be sure INFO's needs covered
        Work with Tom on Netscape's Directory Services.
        Work on c program access to LDAP.


Date: Fri, 20 Mar 1998 10:29:13 -0800
From: James W DeRoest 
To: Ken Lowe , Hugh Sheets ,
    Tom Remmers ,
    Donn Cave , Ken Marquess 
Subject: FW: Web based new, UWnetID.....

FYI too.

-----Original Message-----
From: Lori Stevens [mailto:lrs@cac.washington.edu]
Sent: Friday, March 20, 1998 10:28 AM
To: James W DeRoest
Cc: P. Pulliam
Subject: RE: Web based new, UWnetID.....

I believe that "UW NetID" is the official name (and we'll probably
say "NetID" for short).

Lori

On Fri, 20 Mar 1998, James W DeRoest wrote:

>
> Sounds right.  I've cc'd Lori since I don't remember whether it's
officially
> "UWnetID" or just "NetID".  Need to start using the right lingo ;-)
>
> Jim
>
> -----Original Message-----
> From: P. Pulliam [mailto:pete@u.washington.edu]
> Sent: Thursday, March 19, 1998 4:27 PM
> To: Hugh Sheets
> Cc: deroest@cac.washington.edu; hugh@cac.washington.edu;
> pete@cac.washington.edu; ken@cac.washington.edu
> Subject: Re: Web based new, UWnetID.....
>
>
> Mostly right.   Right now, Pete is coding to create the UWnetID as part of
> the process of creating a UA account with the idea of modifying web based
> new later to allow a UWnetID to be created independantly of any account.
>
> Pete
>
> On Thu, 19 Mar 1998, Hugh Sheets wrote:
>
> > Jim: Just to make sure I understand the latest plans for web based new
and
> >      UWnetID....
> >
> >      Oren prefers to wait a bit longer for web based new and have it
> >      really make the UWnetID and optionally go on to make a UA account,
> >      instead of the reverse.  Right now, Pete is coding to create the
> >      UA account with the idea of modifying web based new later to add in
> >      the creation of the UWnetID.
> >
> >      We discussed today that the UWnetID will create the Kerberos
> >      principal and password, and query for an email forwarding address.
> >      If the customer has one, they can input it right then.  If they
> >      don't, the UWnetID will be created with no email forwarding.  If
> >      they later create a UA account, new will update the email
forwarding
> >      in Kerberos.  Not discussed was how to update/add an email
forwarding
> >      in Kerberos for a UWnetID; maybe web based new will have this
option?
> >
> > Hugh Sheets
> > University Computing Services, box 354843
> > University of Washington
> > hugh@cac.washington.edu, (206)543-4041
> >
>


Date: Mon, 16 Mar 1998 15:52:06 -0800 (PST)
From: Thomas W Remmers 
To: New Accounting System Development -- Jim Fox ,
    Hugh Sheets , Ken Lowe ,
    "P. Pulliam" ,
    Thomas W Remmers , stenvik@u.washington.edu,
    Yonah Karp 
Subject: question

Shuksan now keeps a record of when someone changes category, e.g. goes
from faculty to staff or undergrad to grad.  Unfortunately this slows
daily processing since three tables are involved instead of two.  The
current accounting system does not have this information, and Hugh and I
talked and don't really see a need, so I'm taking it out.  Only the
current category will be kept.

If anyone has an objection let me know.

Tom


Date: Fri, 13 Mar 1998 16:16:51 -0800 (PST)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hornung@u.washington.edu, hugh@cac.washington.edu,
    ken@cac.washington.edu, pete@cac.washington.edu,
    remmers@cac.washington.edu, stenvik@cac.washington.edu,
    yonah@cac.washington.edu
Subject: Accounting project....

From 98/03/12 meeting:

It was just Hugh, Tom, and Tracy.

Tom has Shuksan mostly ready to do expiration.  Shuksan is generating
Fac/Staff expiration files and moving them to Austen rather than having
Austen generate them, and Tom is carefully examing what actually is
occurring on Austen with the intention of removing all of the Austen
expiration processing soon.  Tom will draft some text for the planned
30 day warning email prior to an account expiring.  It may not actually
be 30 days - it may be as little as 15 days or so depending on the
type of account, but the idea is the same.

Tom will modify the appropriate billing .dck file on Austen so we stop
charging for disk use under 100Mb.  This raises the "silver" maximum
from 40Mb to 100Mb, at least for billing.  There are cases where 100Mb
quotas have been granted in advance of unilateral 100Mb quotas.

We had a lengthy and valuable discussion on streamlining what is currently
unnecessary special handling on Austen for AVF and SAF files..

Task review:
------------
Tom: Database development, loading, processing.
     LDAP server - update schema.
     Explore Netscape's Directory Services.
     DB2 for a test Informix replacement.
     Expiration processing off Austen, email warning.
     Update Austen billing - 40Mb-to-100Mb disk quotas.

Pete: Web-based new.

Tracy: Work on entire suite of clients.
       Look at expiration process.
       Look at getting CUF information into Shuksan.

Hugh: Work on backup/restore policies.
      Arrange the removal of SVF.INFO on Austen.
      Arrange an LDAP meeting with Sid (and Tom).

Mike H: Review our list of known clients to be sure INFO's needs covered
        Work with Tom on Netscape's Directory Services.


Date: Fri, 13 Mar 1998 01:00:02 -0800
From: Theodor Seuss Geisel 
Reply-To: blake-l@u.washington.edu
To: blake-l@u.washington.edu
Subject: seuss1 change log update 292

Mar 12  14:30   Tom     Austen, vitcos
        Moved CUF expiration from Austen to Shuksan.


Date: Thu, 12 Mar 1998 15:41:37 -0800 (PST)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hornung@u.washington.edu, hugh@cac.washington.edu,
    ken@cac.washington.edu, pete@cac.washington.edu,
    remmers@cac.washington.edu, stenvik@cac.washington.edu,
    yonah@cac.washington.edu
Subject: UWnetID....

FYI, what we have been calling "dawg tag" and "dawg license" is being
called "UWnetID" which seems to be the official name for the namespace
presence without necessarily the UA logon name.

Hugh


Date: Wed, 11 Mar 1998 01:00:04 -0800
From: Theodor Seuss Geisel 
Reply-To: blake-l@u.washington.edu
To: blake-l@u.washington.edu
Subject: seuss1 change log update 290

Mar 10  17:15   Tom     Austen,Shuksan
        Removed production of FVF files from FACSTAFF.JOB and FVFGEN.COM.
        Necessary FVF files will be sent from Shuksan to Austen.  All
        that remains of previous Austen processing is the moving around
        of the FVF.* files in UW$CEA and UW$OLD for expiration and other
        purposes.  Even if there are any problems, no faculty/staff
        accounts should be expired.


Date: Tue, 10 Mar 1998 10:24:13 -0800 (PST)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hornung@u.washington.edu, hugh@cac.washington.edu,
    ken@cac.washington.edu, pete@cac.washington.edu,
    remmers@cac.washington.edu, stenvik@cac.washington.edu,
    yonah@cac.washington.edu
Subject: Informix Web-based Documentation manuals (fwd)

FYI - online INFORMIX manuals.....

Hugh

---------- Forwarded message ----------
Date: Tue, 10 Mar 1998 09:55:24 -0800 (PST)
From: Elizabeth Runkle 
To: Hugh Sheets ,
    Thomas W Remmers 
Subject: Informix Web-based Documentation manuals

http://www.informix.com/answers/

URL for programmer's guide, etc (acrobat reader):
http://www.informix.com/answers/answers/english/eco72xux.htm


Date: Tue, 3 Mar 1998 15:57:09 -0800 (PST)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hornung@u.washington.edu, hugh@cac.washington.edu,
    ken@cac.washington.edu, pete@cac.washington.edu,
    remmers@cac.washington.edu, stenvik@cac.washington.edu,
    yonah@cac.washington.edu
Cc: deroest@cac.washington.edu
Subject: Accounting project....

From 98/02/26 meeting:

Mike's AVF client is in production (http://daffy2.cac.washington.edu/).  
He has added expiration processing, so the AVF accounts automatically 
expire on their expiration date, but the back-end actual expiration is 
not yet functional.  

Tom reported a few problems with the Informix upgrade on vitcos, but 
Ping is working on them with Tom.  

Tracy's access lists for web who have been in production.  He has three 
lists, one for students, one for staff, and one for AVF.  C&CI maintain 
the lists on Austen (uw$cea:mda.dat, mdf.dat, and mds.dat).  

Tom set up a test LDAP server (see the Accounting project page link).

Tom and Hugh reported on a meeting they had with Ellen Jensen 
and her staff about their LDAP intentions.  They are especially 
interested in student information and want to validate their application
with student number/PAC.  If our LDAP server would return a yes/no match
on the student number/PAC they provide, this is mostly what they want.  
They are also at the very start of their development work.  

We should also talk to Sid about what his group wants to use our LDAP 
server for.  

We are having an LDAP meeting to review Tom's definitions before we 
advertise the test LDAP server to a few C&C folks who want to try some 
queries.  

Tom now has a trial copy of Netscape's Directory Services, which he 
wants to install on one of the Intel boxes on-order.  He is thinking 
this will be our LDAP server, which at the moment is the older Michigan 
code running on cybele.  

Since Mike is done with the AVF client, he is available to help Tom test
Netscape Directory Services.  

(post-meeting update) Pete still has a couple of bugs he is working out 
of web based new.  This will be able to be modified for a "dawg license"
which is simply a presence (id, password, email forwarding) in Kerberos 
without having a UA account.  Note one will still have to be a UW person
(in Shuksan) to get a "dawg license".  More work involved before we will
be able to handle affiliates.  

Ken reports progress on the KDC.  All passwords are in the KDC, and 
rlogin on homer and dante are using Kerberos.  Still being worked-on are
telnet, imapd, ftpd which need to be modified to use Kerberos before 
shadow password files are removed from the local machines.  Password 
changes will work the same as now (customers and C&CI).  

Tracy has been working on single login, using ssh and ticket-forwarding.

Since the namespace pieces are coming along, this is a good time to pick
up some of the more traditional "accounting" tasks.  Tracy and Tom will 
look at getting CUF information into Shuksan and the expiration process.
One important function would be a 30 day email warning of impeding 
expiration.  Getting off Austen is a high priority.  

Task review:
------------
Tom: Database development, loading, processing.
     Faculty/Staff data loading, processing.
     LDAP server - update schema.
     Explore Netscape's Directory Services.
     DB2 for a test Informix replacement.

Pete: Web-based new.

Tracy: Work on entire suite of clients.
       Look at expiration process.
       Look at getting CUF information into Shuksan.

Hugh: Work on backup/restore policies.
      Arrange the removal of SVF.INFO on Austen.
      Arrange an LDAP meeting with Sid (and Tom).

Mike H: Review our list of known clients to be sure INFO's needs covered
        Work with Tom on Netscape's Directory Services.


Date: Thu, 26 Feb 1998 17:48:30 -0800 (PST)
From: Thomas W Remmers 
To: LDAP crew , deroest@cac.washington.edu,
    Donn Cave , Hugh Sheets ,
    Ken Lowe , lrs@cac.washington.edu,
    Thomas W Remmers 
Subject: Update from meeting

I have updated the Web page and will begin reloading the pahoehoe server
in a few minutes with the new organizational unit structure, so it'll be
down until I start it tomorrow morning. I added the attribute
"uwHomeDepartment" to the schema.

Tom


Date: Fri, 6 Feb 1998 14:44:57 -0800 (PST)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hornung@u.washington.edu, hugh@cac.washington.edu,
    ken@cac.washington.edu, pete@cac.washington.edu,
    remmers@cac.washington.edu, stenvik@cac.washington.edu,
    yonah@cac.washington.edu
Cc: deroest@cac.washington.edu
Subject: Accounting project....

From 98/02/05 meeting:

Mike has done substantial work on the AVF client.  See:  
http://daffy2.cac.washington.edu/avf/.  This is not fully in production.
This weekend, Sid's staff will upgrade AIX on Vitcos and also upgrade 
Informix.  After the dust settles on these upgrades, Tom and Mike will 
move the AVF data into Shuksan and Mike's AVF client will go into 
production.  The AVF will still exist on Austen for now, but will be 
pushed to Austen from Shuksan regularly so C&CI will not be editting the
AVF on Austen.  

Hugh, Tracy, Mike, Doris, and Mike Harrison met on Tuesday to talk about
the web "who" client.  There are some Campus folks who need access to 
the information who gives, have SecureIDs, but should not have access to
student data.  Tracy is working on creating two access lists for who.  
One authorizes access for Fac/Staff data, the other to Student data, and
you would be in both lists if you need access to all data.  Eventually, 
this control will be a flag in Shuksan that can be checked with an LDAP 
query.  

Jim reported he made a li change so that all accounts (ids) that don't 
have a owner field set default to the owner being the "account" which is
the encrypted SSN or SN, so all ids in li have owners.  

Jim is using the Fac/Staff li files generated by Shuksan to load into li.

Pete still has a couple of bugs he is working out of web based new.  
This will be able to be modified for a "dawg license" which is simply a 
presence (id, password, email forwarding) in Kerberos without having a 
UA account.  Note one will still have to be a UW person (in Shuksan) to 
get a "dawg license".  More work involved before we will be able to 
handle affiliates.  

Tom has removed some SVF processing from Austen's DAY1, 5, and 10 
processes which have been replaced by Shuksan generated files.  

Tom has been working on billing and expiration.

We reviewed the namespace plan and the key components of the highest
priority:
 - Shuksan: the database is not finished, but is in production for some 
            things.  Tom is the key person.
 - LDAP server: not yet in production, but is high priority to get
                into service and publish the schema, even though it
                is under development and will no doubt change.  Tom
                will put up an LDAP server and get the schema he has
                been working on on the web page.  Hugh is trying to 
                arrange a meeting with at least one of Ed Lightfoot's
                application programmers who we keep hearing needs
                to do LDAP queries ASAP.  We would like to know
                specifically what sort of queries that want to make.
 - Kerberos KDC: Ken, Donn, and others are in the process of putting
                 this in production and removing passwords from the local
                 machines.
 - New/dawg license: Pete is almost done with new, dawg license can
                     be done when defined.
 - tools: The necessary tools to access/administer the key pieces will
          be done as needed.

Important pieces one notch down on the priorities are MS Directory 
Services in parallel with our LDAP server and MS KDC in parallel with 
our KDC.  We don't have NT hardware for this right now and MS KDC does 
not yet exist.  Then there are the countless 
clients/billing/expiration/etc pieces we can see on the horizon but 
aren't there yet.  

Task review:
------------
Tom: Database development, loading, processing.
     Faculty/Staff data loading, processing.
     LDAP server - publish schema, put up.
     DB2 for a test Informix replacement.
     Explore NT.
     AVF data loading, processing.

Pete: Web-based new.

Tracy: Work on entire suite of clients.
       "who" access controls

Hugh: Work on backup/restore policies.
      Arrange the removal of SVF.INFO on Austen.
      Arrange a meeting with Ed Lightfoot's application programmer.

Mike H: Review our list of known clients to be sure INFO's needs covered
        Make AVF handling web client.


Date: Fri, 6 Feb 1998 11:26:47 -0800 (Pacific Standard Time)
From: Tracy Stenvik 
To: Doris Gallaugher 
Cc: Hugh Sheets ,
    Michael Hornung ,
    Mike Harrison ,
    Trevor Leffler 
Subject: Re: non C&C people want to use "who"

I've modified the who server to restrict access to 'classes' of account
information on a per-request basis.  The classes are,

   o avf (file "uw$cea:mda.dat")
   o fvf (file "uw$cea:mdf.dat")
   o svf (file "uw$cea:mds.dat")

Access restrictions are controlled via ascii files, one per class.  If a
particular class file does not exist, the server assumes that there are
no restrictions.  Once a class file exists, information will be restricted
to only those requestor id's that in the file.

A requestors 'id' is either their logon name if they're running who from a
shell prompt, or the id they enter in the SecurID dialog box when running
who from a web browser.  If a person's SecurID name differs from their UA
logon name, and if they're expected to be using both the shell and web who
client, then both names will have to be added to the class file.

If a particular who request matches a class in which the requestor is not
entitled to view, the server will respond with,

   no information available

For each class, the requestor must either be present in the class file, or
no class file must exist.

At the moment, there are no class files set up, hence no restrictions.  In
order to turn on restrictions, I'll need a list of user id's, as described
above, to populate the fvf and svf class files (don't worry about the avf
class file, it's just there for completness).

Either you can give me the lists of id's and I'll create the class files,
or you can create them yourself (you'll be maintaining them anyway, so you
might as well start now). I've noted the file names and their whereabouts.
Simply enter the id's in, one per line. 

===========================================================================
Tracy Stenvik                            email: imf@u.washington.edu
University of Washington  
University Computing Services            voice: (206) 685-3344
4545 15th Ave N.E.                         fax: (206) 543-0831
Seattle, Washington 98105-4527
===========================================================================
**** rest deleted for brevity by Hugh ****


Date: Thu, 5 Feb 1998 15:41:16 -0800 (PST)
From: Thomas W Remmers 
To: New Accounting System Development -- Jim Fox ,
    Hugh Sheets , Ken Lowe ,
    "P. Pulliam" ,
    Thomas W Remmers , stenvik@u.washington.edu,
    Yonah Karp 
Cc: Jim DeRoest 
Subject: ldap document

I've put together an LDAP document that is reached off the accounting
design page,

  http://neruda.cac.washington.edu/ast/projects/acctg/

Tom


Date: Thu, 5 Feb 1998 13:57:37 -0800
From: James W DeRoest 
To: Hugh Sheets ,
    Tom Remmers 
Subject: FW: authentication - for student *my uw* concept (fwd)

FYI.

-----Original Message-----
From: Lori Stevens [mailto:lrs@cac.washington.edu]
Sent: Thursday, February 05, 1998 1:48 PM
To: James W DeRoest
Cc: Brad Greer
Subject: RE: authentication - for student *my uw* concept (fwd)

seems to me that your folks may want to talk to at least 2 groups about
the type of authorization info that they'd like to see: one would be Sid's
group and what info will be needed for the USER project and the other
would be Ellen's group for the myUW stuff.

Lori

On Thu, 5 Feb 1998, James W DeRoest wrote:

>
> I believe Mary was the one who wanted access to Li info
> (faculty/staff/student validate) that Frank asked about putting up ala
CGI.
> Anyway, Hugh said the accounting rewrite group is refocusing their effort
to
> make authorization queries via LDAP for this type of information ahead of
> other general UA tasks.  Sooo, they've asked to speak to one of Ed's
> developers about what/how they'd like to access this data.  We could have
> LDAP access to the Li data ready about the same time that Kerberos goes
> production spring quarter.
>
> Jim
>
> -----Original Message-----
> From: Lori Stevens [mailto:lrs@cac.washington.edu]
> Sent: Thursday, February 05, 1998 9:30 AM
> To: Brad Greer; Jim DeRoest
> Subject: authentication - for student *my uw* concept (fwd)
>
>
>
> fyi and feel free to comment if you see anything of concern here.
>
> thanks, Lori
>
> ---------- Forwarded message ----------
> Date: Thu, 5 Feb 1998 09:23:54 -0800 (PST)
> From: Ed Lightfoot 
> To: Ellen Jensen 
> Cc: Lori Stevens ,
>     Matthew Freedman ,
>     Fang Lin ,
>     Greg Barnes ,
>     Bill Shirey , syre@u.washington.edu,
>     Frank Fujimoto 
> Subject: authentication - for student *my uw* concept
>
> i talked to lori a bit this morning about authentication and will try to
> summarize (lori - please help out if i'm getting this wrong).
>
> - the overall authentication plan envisions the need for additional
> authentication beyond the initial li database for access to more sensitive
> data.  so, for example, secure id challange response for some data base
> access, or student id/pac for othere etc etc.
>
> - so in the student example one way it might be done is go to the *my uw*
> link, be prompted for standard userid and password authentication (if you
> havent already been authenticated) for access to the less sensitive info
> from your profile and links to other more sensitive info. if you click
> those links you would be challanged at an additional level for student #
> and pac. (bill - i dont know if you keep track so that if several diffent
> links are followed they dont have to reauthenticate at the pac
> authentication level - but i assume you couldif necessary)
>
> - this has several advantages and perhaps some disadvantages.  the
> disadvantages i see are potentially in usability - because all of the
> sensitive stuff would, by necessity, be one more layer down in the
> heriarchy.  this may or may not be a negative design constraint.
>
> - the advantage is that the students are forced to realize that they are
> going into a more secure and sensitive set of data by the extra
> authentication step.  this might esp highten awareness in lab situations
> etc.
>
> - we could still show what links are available on the initial top level
> page (like the catagories on the ucla page) but keep the sensitive data at
> a lower level in the hierarchy.
>
> - this approach might also work better for some of bill's concerns about
> keeping the star on line stuff logically segregated from the overall
> personal page builder.
>
> - if we wanted to actually build a prototype along these lines - frank
> fujimoto can help us  get the initital authentication step going using his
> *meta* authenticator approach ( iguess there is some web documentation on
> this - ask frank for url).
>
> - Mary Syre (works for marcy) is the person working on the course syllabi
> stuff and is working with frank on authentication for that info now. you
> should talk to her about her design anyway.
>
> comments, feedback, thoughts???
>
> ed
>


Date: Thu, 5 Feb 1998 10:20:32 -0800
From: James W DeRoest 
To: Hugh Sheets 
Cc: hugh@cac.washington.edu, remmers@cac.washington.edu,
    Donn Cave 
Subject: RE: LIP spec....

    [The following text is in the "iso-8859-1" character set]
    [Your display is set for the "us-ascii" character set]
    [Some characters may be displayed incorrectly]

LIPS is a draft under review by the IETF.  It was developed by the Network
Applications Consortium.  The best docs are on their web page
"www.netapps.org".  A related spec is the Internet WhitePages Schema (IWPS).
You'll see references to this in the Net Apps docs.  Both are somewhat tied
to LDAPv3.  I don't think it's clear which way this is going.  Anyway you
might also take a look see on the IETF site www.ietf.cnri.reston.va.us and
the European Electronic Messaging Assoc site.

Jim

-----Original Message-----
From: Hugh Sheets [mailto:hugh@u.washington.edu]
Sent: Thursday, February 05, 1998 9:39 AM
To: deroest@cac.washington.edu
Cc: hugh@cac.washington.edu; remmers@cac.washington.edu
Subject: LIP spec....

Jim: both Tom and I are having trouble finding more than a
     "casual mention" of LIPs when searching the web.  Do you have some
     handy URL you can pass along that has some more beef about LIPs?

Hugh


Date: Fri, 30 Jan 1998 01:00:02 -0800
From: Theodor Seuss Geisel 
Reply-To: blake-l@u.washington.edu
To: blake-l@u.washington.edu
Subject: seuss1 change log update 260

Jan 29  13:40   Tom     Austen
        The DAY1EDF.COM, DAY5EDF.COM and DAY10EDF.COM scripts called 
        UW$COM:SVFGEN.COM, which called UW$GEN:SVFGEN on Austen, a Fortran 
        program that uses the EDF (class data) file to create the SVFD.DAT, 
        SVF.INFO and SVF Li files.  Apparently this is remnant of the days 
        before we received daily student data.  Modified UW$COM:SVFGEN.COM
        to use the UW$CEA/SVFD.DAT file that Shuksan sends.  Otherwise
        the movement of SVF files for expiration purposes still occurs
        in UW$COM:SVFGEN.COM.



Date: Thu, 29 Jan 1998 15:24:41 -0800 (PST)
From: Thomas W Remmers 
To: New Accounting System Development -- Jim Fox ,
    Hugh Sheets , Ken Lowe ,
    "P. Pulliam" ,
    Thomas W Remmers , stenvik@u.washington.edu,
    Yonah Karp 
Subject: Austen code changes

I am starting to transfer the cuf expiration.  Please let me know if any
Austen fortran, C, DCK or data files are modified so that I can
synchronize any changes.

Thanks,

Tom


Date: Wed, 28 Jan 1998 10:02:13 -0800 (PST)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hornung@u.washington.edu, hugh@cac.washington.edu,
    ken@cac.washington.edu, pete@cac.washington.edu,
    remmers@cac.washington.edu, stenvik@cac.washington.edu,
    yonah@cac.washington.edu
Subject: Web validate and who.....

To summarize some shifting around, the web validate and who Tracy
wrote that were formerly on neruda were moved to daffy.  They are
links from C&CI's page:

   http://daffy.cac/

Also of potential interest is the who/validate invocation log on
daffy:

   /usr/local/httpd/logs/mango.log

here's a sample:
Jan 27 14:36:05 who: info@burlap2.cac.washington.edu tried 'acn 538304320'
Jan 27 14:39:59 who: info@burlap2.cac.washington.edu tried 'acn 518568736'
Jan 28 09:37:21 who: hugh@melville.u.washington.edu tried 'acn hugh'
Jan 28 09:38:22 validate: hugh@melville.u.washington.edu tried '538-50-4327'
Jan 28 09:40:10 who: hugh@melville.u.washington.edu tried 'acn hugh'

Hugh


Date: Tue, 27 Jan 1998 16:02:51 -0800 (PST)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hornung@u.washington.edu, hugh@cac.washington.edu,
    ken@cac.washington.edu, pete@cac.washington.edu,
    remmers@cac.washington.edu, stenvik@cac.washington.edu,
    yonah@cac.washington.edu
Cc: deroest@cac.washington.edu
Subject: Accounting project....

From 98/01/22 meeting:

Tom and Mike have been working on an AVF client.  Mike has a test web 
interface and Tom has made some binaries Mike's processing calls to add,
delete, and search the AVF.  

Mike has stopped copying the SVF.INFO from Austen to Daffy, and C&CI is 
using only the web and command line interface, currently querying a 
daemon running on Austen.  The next step is to query an LDAP server and 
stop sending SVF information to Austen (except for expiration 
information which we will need for a while yet).  

Tom discovered the DAY1, DAY5, and DAY10 jobs on Austen produce a 
malformatted SVF.INFO (from SVFGEN.COM) that needs to be investigated.  

A namespace design diagram on the whiteboard was discussed at length.  
Hugh will work on making the diagram a gif or jpeg on the accounting web
page.  

Our LDAP server needs to be defined to LIPS specification, and there are
people awaiting the specifications.  

Task review:
------------
Tom: Database development, loading, processing.
     Faculty/Staff data loading, processing.
     LDAP server specifications.
     DB2 for a test Informix replacement.
     Explore NT.
     AVF data loading, processing.
     Investigate Austen's SVFGEN.COM's generation of malformatted SVF.INFO

Pete: Web-based new.

Tracy: Work on entire suite of clients.

Hugh: Work on backup/restore policies.
      Arrange the removal of SVF.INFO on Austen.
      Draft namespace design document.

Jim Fox: Extract accounts in Li that do not have owners.
         Compare vitcos and austen generated li files for Fac/Staff.

Mike H: Review our list of known clients to be sure INFO's needs covered.
        Make AVF handling web client.


Date: Fri, 23 Jan 1998 09:27:44 -0800 (Pacific Standard Time)
From: Tracy Stenvik 
To: "Michael S. Hornung" 
Cc: Hugh Sheets ,
    doris gallaugher ,
    trevor leffler 
Subject: Re: web who and validate pages

ok, who and validate are now on daffy.  you might as well spread the word
to find/use these tools here rather than on neruda.

btw, who/validate logs all invokations in the file,

   /usr/local/httpd/logs/mango.log

here's a sample entry,

   Jan 23 09:04:24 who: @sulaco.cac.washington.edu tried 'lgn imf'

the remote username is supposed to preceed the '@' but it appears that
the REMOTE_USER field isn't set.

tracy

On Thu, 22 Jan 1998, Michael S. Hornung wrote:

> Tracy,
> 
> How about:
> 
> for web who:
>   /usr/local/web/who/
> 
> for web validate:
>   /usr/local/web/validate/
> 
> -mike


Date: Thu, 22 Jan 1998 16:09:18 -0800 (Pacific Standard Time)
From: Tracy Stenvik 
To: "Michael S. Hornung" 
Cc: Hugh Sheets ,
    doris gallaugher ,
    trevor leffler 
Subject: Re: web who and validate pages

ok, i'll set it up tomorrow morn.

ts

On Thu, 22 Jan 1998, Michael S. Hornung wrote:

> Tracy,
> 
> How about:
> 
> for web who:
>   /usr/local/web/who/
> 
> for web validate:
>   /usr/local/web/validate/
> 
> 
> -mike
> 
> On Thu, 22 Jan 1998, Tracy Stenvik wrote:
> 
> >no problemo.  web who/validate just require mango, which is alreay there.
> >just say where you want it in the /usr/local/web tree. 
> >
> >===========================================================================
> >Tracy Stenvik                            email: imf@u.washington.edu
> >University of Washington  
> >University Computing Services            voice: (206) 685-3344
> >4545 15th Ave N.E.                         fax: (206) 543-0831
> >Seattle, Washington 98105-4527
> >===========================================================================
> >
> >On Thu, 22 Jan 1998, Michael S. Hornung wrote:
> >
> >>   Is there any way we could move the web who and validate pages to daffy2? 
> >> This would help us a lot at 3737 in that a single SecurID authorization
> >> would be required for access to all of our new web utilities.  Make sense? 
> >> 
> >> _________________________
> >> Michael Hornung, hornung@u.washington.edu
> >> Student Lead, Computing & Communications Information
> >> (206) 543-5970, FAX: (206) 543-3909, Box 355670
> >> 
> >
> 


Date: Thu, 22 Jan 1998 13:13:49 -0800 (PST)
From: "Michael S. Hornung" 
To: Hugh Sheets 
Cc: Jim Fox ,
    Thomas W Remmers ,
    "T. Stenvik" , Ken Lowe 
Subject: AVF modification URL

    http://daffy2.cac.washington.edu/avf/

I plan on testing these pages for a while to see what breaks.  Once any
bugs are worked out I'll add some explanatory text and that'll about do
it.

Supposing no bugs are found I assume production could begin in ~a week.

_________________________
Michael Hornung, hornung@u.washington.edu
Student Lead, Computing & Communications Information
(206) 543-5970, FAX: (206) 543-3909, Box 355670


Date: Tue, 20 Jan 1998 15:52:38 -0800 (PST)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hornung@u.washington.edu, hugh@cac.washington.edu,
    ken@cac.washington.edu, pete@cac.washington.edu,
    remmers@cac.washington.edu, stenvik@cac.washington.edu,
    yonah@cac.washington.edu
Cc: deroest@cac.washington.edu, willh@cac.washington.edu
Subject: Accounting project....

From 98/01/15 meeting:

Will Hall, manager of the USER project (http://www.washington.edu/user/)
attended for an information exchange.  The USER project is funded by 
President McCormick's University Initiatives Fund, so has a lot of 
visibility.  See the web page for more about USER.  Essentially, the 
USER project will replace a lot of problematic paper administration with
web-based interfaces layered over existing infrastructure (for example 
the UNISYS systems) as it is phased-in.  This is concerned with the 
University population in its entirety, including some people and 
relationships which are not documented anywhere at this time.  For 
example, the USER project will want to be able to verify an 
employee/supervisor relationship, employees who have budget control, 
temporary assignment of controls (proxys), etc.  Another goal is to 
recognize new hires much more quickly than now, so the whole "coming on 
board" process moves faster.  

To enable this, the USER web interfaces will utilize our namespace 
(authenticate with our Kerberos servers and access our authorization 
data).  These plans are in harmony with our namespace development, 
except no one is sure where or how the as yet non-existent data will 
come from or go.  If the HEPPs data we get daily could include the newly
hired people quicker, we can load it business as usual.  If it were 
expanded to include the relationships, we could load that, too.  It may 
be that this sort of information would have to be maintained in some 
other way such as a database maintained by/for those USER applications 
that want it.  

For security/legality reasons, the use of the public/private key and 
digital signature structure is planned so we need to be able to support 
this.  

The model of one username, one password, one email forwarding is a goal 
(fold in the NDC users).  We need to maintain email forwarding for the 
people who only have a presence in our namespace and no UA accounts (the
"dawg license" folks).  

Will's time frame is to get access to our enterprise-wide namespace July
1, 1998.  The USER system will be built on the MicroSoft NT platform and
use MicroSoft IIS (Internet Information Service).  

Jim said we are expected to maintain the NT namespace for the Campus.  
This means we have to support MicroSoft's Directory Service.  This will 
likely mean in addition to our LDAP server we will have to maintain MS 
Directory Service in parallel, and in addition to our Kerberos server we
will have to maintain MS Kerberos server in parallel (until/unless the 
MicroSoft products can fulfill both needs we could consider running only
the MicroSoft products).  Public and private key management will have to
play in the NT world.  

Jim mentioned Frank Gruey (Univ. of Minnesota) has experience 
synchronizing namespaces.  

Task review:
------------
Tom: Database development, loading, processing.
     Faculty/Staff data loading, processing.
     LDAP data queries.
     DB2 for a test Informix replacement.
     Explore NT.
     AVF data loading, processing.

Pete: Web-based new.

Tracy: Work on entire suite of clients.

Hugh: Work on backup/restore policies.
      Arrange the removal of SVF.INFO on Austen.

Hugh/Tom: Draft namespace design document.

Jim Fox: Extract accounts in Li that do not have owners.
         Compare vitcos and austen generated li files for Fac/Staff.

Mike H: Review our list of known clients to be sure info's needs covered
        Make AVF handling web client?


Date: Wed, 14 Jan 1998 12:25:03 -0800
From: James W DeRoest 
To: Thomas W Remmers 
Cc: Hugh Sheets ,
    Brad Greer 
Subject: Re: LDAP and AIX 4.3

    [The following text is in the "iso-8859-1" character set]
    [Your display is set for the "us-ascii" character set]
    [Some characters may be displayed incorrectly]

Interesting.  One thing to keep in mind that I will talk about in the
meeting tomorrow is integration of MS Directory Services (LDAP).  The reason
being is that it appears that we will be running a campus wide NT name space
(authorization/white pages/kerberos) to facilitate file sharing, NT group
mgmt, possible cert/config repository, etc between departments.  If there
are benefits of running either the AIX or Netscape Directory services, it's
my guess that we'll have to mirror some subset of the information in the NT
Directory.  There were some interesting twists on this theme at the Common
Solutions Group meeting that Lori, Brad and I attended last week.  I'll talk
about them tomorrow as well.  Please keep Brad appraised of where you're
going with the authorization database.

Jim

-----Original Message-----
From: Thomas W Remmers 
To: Jim DeRoest 
Cc: Hugh Sheets 
Date: Wednesday, January 14, 1998 12:17 PM
Subject: LDAP and AIX 4.3

>Doug received an AIX 4.3 CD yesterday and as I was installing it on
>mailer3 I noticed that LDAP was packaged with it.  I installed all the
>components and there are some promising notes in the README file for the
>server.  Contrary to previous technical documents about their LDAP
>server, DCE was not installed as a requisite for LDAP.
>
>From the README,
>
>  The LDAP server provides a native, scalable directory based on the IETF
>  LDAP Version 2 (RFC 1777) plus some extensions for IETF LDAP Version 3.
>  IBM DB2 is packaged with the LDAP server and used as the directory
storage
>  facility.
>
>The caveat,
>
>  This is a release of IBM software that has been tested but has not yet
>  met IBM product criteria for customer production environments.  It is
>  being offered to customers to enable application development and testing
>  in pre-production environments.
>
>etc.
>
>I'm thinking of upgrading queen to AIX 4.3 where are DB2 license resides
>and putting up an LDAP server.  Moving shuksan from Informix to DB2 and
>using DB2 as the backend for LDAP on AIX 4.3 seems a promising
>direction.
>
>Tom
>
>


Date: Fri, 9 Jan 1998 14:18:26 -0800 (PST)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hornung@u.washington.edu, hugh@cac.washington.edu,
    ken@cac.washington.edu, pete@cac.washington.edu,
    remmers@cac.washington.edu, stenvik@cac.washington.edu,
    yonah@cac.washington.edu
Cc: deroest@cac.washington.edu
Subject: Accounting project....

From 98/01/08 meeting:

Mike Hornung joined us; he will be doing some work on this project.  

Tom reported the nightly fac/staff data sent directly from the UNISYS 
system to vitcos is operational!  He is producing the three li files on 
vitcos and is sending them daily to li1,2,4.  These are not yet 
replacing the Austen-produced files, but Jim Fox will carefully examine 
their integrity and compare them to the Austen-produced files in 
anticipation of using them for production.  Tom will also start 
generating the other daily Austen-produced files (FVF.DAT, FVF.INFO, 
FVFA.DAT, FVFD.DAT) on vitcos and send them to Austen for careful 
comparison to the Austen-produced versions in anticipation of using them
for production also.  The AVF data handling is the next target to move 
to vitcos, which we should really include in the Phase 1 plan.  

We reviewed the Phase 1 plan we established May 29, 1997:
  0. Create INFORMIX DB with Fac/Staff/Student fields
  (done)  
  1. UNISYS loads/updates INFORMIX DB with Student information "directly"
  (done)
  2. INFORMIX DB generates (eliminating Rhys):
     - the 3 current Li files sent to Li servers
     - svf.info sent to Austen for C&CI
     - svfd.dat sent to Austen for expiration process
  (done - in production, rhys not used but still idling....)
  3. Create a client for C&CI to use to replace need for svf.info
  (done - Tracy's validate, who web interfaces)
  4. Do #1,2,3 as appropriate for Fac/Staff
  (underway - #1 done, #2 underway, 
              #3 done - Tracy's validate, who web interfaces)
  5. Create and use a verify API (removing this function from Li):
  (this is the "verify" function in wu, still needs to be done.  There
   is an sy99 library call peppered throughout the sy99 tree, so if
   we have li pass the request along to shuksan as an intermediate step
   until li really becomes shusan li?)
     - when done, svfd.dat is the only file still needed (expiration
       function not yet addressed)
     (we also still need FVFD.DAT, as expiration not yet addressed)
     - needs to handle "blue people" (aagaard customers) which we now
       get via flat file from MCIS - create a client for MCIS?
     (done - Bill Uhrich's ACCESS client)

Will Hall, a C&C IS programmer working on the University Support Renewal
Project is very interested in the namespace authorization and
authentication, and will be coming to next week's meeting.  He can tell 
us what he wants from a "real customer" perspective.  Tom and Hugh are 
working on a draft of a namespace design that hopefully we can discuss 
prior to next Thursday's meeting.  It may be confusing to call this 
Phase 2 of the accounting project, so we won't, but it is high priority 
and needs to be worked-on now as we we work on Phase 1 of the 
accounting.  Phase 2 of the accounting, not yet defined, will most 
likely stress getting completely off Austen.  

Tom is working on an LDAP model, including a document.

Tom has installed DB2 on the machine that was queen, but has not tested 
"shuksan" on it.  

Pete has a bit more work to do on web based new before it is available 
for testing - this should happen soon.  Pete has been updating Nathan, 
but should also be talking to David Cox.  

The validate and who web clients have eliminated the need for SVF.INFO 
on Austen, we all believe, so we should schedule a removal with Doris 
and Mike and see how this works out.  

Mike pointed out Tracy's validate and who web clients require a 
SecureID, which prevents usage for virtually all lab student employees.  
The command-line validate interface on red works, as long as they have 
access to red.  Maybe each lab needs a SecureID, and a "keeper"?  

Mike is ready to take on some work.  We agreed he would review his 
inventory of various clients needed/used, on daffy and wherever else, 
capitalizing on his unique qualifications for this task.  Our goal is to
get INFO at least the capabilities they have now, via secure clients, 
capable on the equipment they have now.  Since this is X terminals, the 
client of choice is web clients.  A client to deal with the AVF is a 
good choice to start.  He can talk to Tracy about the validate and who 
web clients, and work with Tom to use ACCESS to "mock up" a client, 
after which it can be converted to a web client.  We want to review the 
design before any construction is begun.  

Task review:
------------
Tom: Database development, loading, processing.
     Faculty/Staff data loading, processing.
     LDAP data queries.
     DB2 for a test Informix replacement.
     Explore NT.
     AVF data loading, processing.

Pete: Web-based new.

Tracy: Work on entire suite of clients.

Hugh: Work on backup/restore policies.
      Arrange the removal of SVF.INFO on Austen.

Hugh/Tom: Draft namespace design document.

Jim Fox: Extract accounts in Li that do not have owners.
         Compare vitcos and austen generated li files for Fac/Staff.

Mike H: Review our list of known clients to be sure info's needs covered
        Make AVF handling web client?


Date: Tue, 6 Jan 1998 11:10:19 -0800 (PST)
From: Thomas W Remmers 
To: Jim Fox 
Cc: Hugh Sheets 
Subject: HEPPS shuksan loading

Jim,

The HEPPS data now loads directly from the A19 to vitcos and I've setup
an automated process to send the encrypted li files to li1, li2 and li4. 
I want to watch the processing for a week to make sure it's running OK. 
Could you test the encrypted files that are there sometime in the next
week to see if you can read them OK? 

Thanks,

Tom


Date: Fri, 19 Dec 1997 15:57:59 -0800 (PST)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hugh@cac.washington.edu, ken@cac.washington.edu,
    pete@cac.washington.edu, remmers@cac.washington.edu,
    stenvik@cac.washington.edu, yonah@cac.washington.edu
Cc: deroest@cac.washington.edu
Subject: Accounting project....


From 97/12/18 meeting:

Tom reported a test of fac/staff data sent directly from the UNISYS 
system to vitcos worked (Martha's staff).  Now to get it into 
production....  

Bill Uhrich has been administering aagaard customers via his ACCESS 
client.  

Jim D.  passed along the name of Kevin Ibrahim, kevin@u, from the 
Support Meeting.  Kevin has done a lot of database evaluation, including
the NT platform.  He works with Rob Christ, and would be a good person 
for Tom to chat with about databases and interfaces.  

Tom will be installing DB2 on the machine that used to be Queen.

Pete has a bit more work to do on web based new before it is available 
for testing - this should happen around the start of the new quarter.  

Hugh applied a list of owners (encrypted SSNs) to supplemental accounts 
in Li.  Jim Fox will make a list of accounts in Li that do not have 
owners.  Right now we do not know how may there might be.  

Tom will give Mike Hornung read access to Shuksan as he will be starting
to work on clients.  We will be having Mike define some clients 
carefully before doing any programming, perhaps an AVF management client
would be a good start.  

Hugh and Tom will work on a draft namespace design document in 
anticipation of developing a detailed phase 2 plan.  Everyone is 
encouraged to review the Accounting Design document on the project web 
page in preparation of hammering out a detailed phase 2 plan.  

Task review:
------------
Tom: Database development, loading, processing.
     Faculty/Staff data loading, processing.
     LDAP data queries.
     DB2 for a test Informix replacement.
     Explore NT.

Pete: Web-based new.

Tracy: Work on entire suite of clients.

Hugh: Work on backup/restore policies.

Hugh/Tom: draft namespace design document.

Jim Fox: Extract accounts in Li that do not have owners.


Date: Thu, 18 Dec 1997 11:45:27 -0800 (PST)
From: Doris Gallaugher 
To: Yonah Karp 
Cc: Hugh Sheets , Ken Lowe ,
    Jim DeRoest 
Subject: Re: Mike Hornung

Perfecto!

Thanks.

Doris

Doris Gallaugher 
Manager, Computing & Communications Information
U of W, Box 355670
Seattle, WA  98195

email: dorish@cac.washington.edu
voice: 206-543-5925
fax: 206-543-3909

On Thu, 18 Dec 1997, Yonah Karp wrote:

> I'm cc'ing Hugh and Ken because they will be the ones
> supervising and guiding his work.
> 
>   Mike will work with UCS Systems to define needs and
>   specifications, and to design and implement clients for
>   Uniform Access computer account information for C&CI. 
>   He will also function as a liason between C&CI and UCS
>   Systems to ensure appropriate communication of C&CI needs.
> 
> Does this work?
> 
>   Yonah
> 
> 
> On Thu, 18 Dec 1997, Doris Gallaugher wrote:
> 
> > Yonah,
> > 
> > Could you send me a few lines describing the work Mike will be doing with
> > y'all next quarter?  Nothing fancy.  I'm compiling info regarding his
> > increasing duties to get him a raise.  If you could get it to me by the
> > end of the day Fri, it would be very helpful. 
> > 
> > Thanks so much.
> > 
> > Doris
> > 
> > Doris Gallaugher 
> > Manager, Computing & Communications Information
> > U of W, Box 355670
> > Seattle, WA  98195
> > 
> > email: dorish@cac.washington.edu
> > voice: 206-543-5925
> > fax: 206-543-3909
> > 
> 


Date: Mon, 15 Dec 1997 09:00:46 -0800 (PST)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hugh@cac.washington.edu, ken@cac.washington.edu,
    pete@cac.washington.edu, remmers@cac.washington.edu,
    stenvik@cac.washington.edu, yonah@cac.washington.edu
Subject: Accounting project....

From 97/12/04 meeting:

Jim DeRoest joined us in a large namespace discussion.  I'll try to
identify key points from the discussion:
- Do not trust anyone/any group outside C&C.  We must control all
  realms and we grant access to selected others, not the other way
  around.  This will likely mean other realms will be set up on our
  machines and outside groups will load data into systems we control.

- We need to be able to deny/grant access on an individual basis, a
  per service basis, or an entire group basis.  We need to be able
  to shut off one individual without affecting anyone else.  This 
  means we have to know who everyone is, whatever their realm, and
  have access to everyone.

- We need to support groups running their own authorization data
  in addition to our authorization/authentication data.  The customer
  first authenticates in our kerberos namespace, then other groups can
  use their own authorization data to further authorize to their own
  ends.

- Our design has to scale to a potentially very large namespace.

Comments - looks like a lot of potential administration.

Yonah reported Pete has a new version of web-based new that should
be ready for limited testing Dec 12.

Mike Hornung will be doing some work on the accounting project, likely
working on clients.

Tom reported the hepps data transfer is stalled again.  Jim mentioned 
maybe he can work it so Tom could just do it himself and go around 
Martha.

Hugh reported Vitcos currently gets backed-up nightly, backups are
kept for two weeks.  Backups fail if anyone is accessing a database,
even reading, when the backup is attempted.  The backups are designed
for complete database recovery, meaning we can't restore parts if 
another part is trashed/lost/whatever.  This is not going to work well
for a production system, so eventually we need something with finer
control.

Task review:
------------
Tom: Database development, loading, processing.
     Faculty/Staff data loading, processing.
     Clinician data loading, processing, addid-type client.
     LDAP from Netscape?
     DB2 for a test Informix replacement.
     Explore NT.

Pete: Web-based new.

Tracy: Work on entire suite of clients.

Yonah/Hugh: Work on backup/restore policies.


Date: Fri, 21 Nov 1997 16:15:38 -0800 (PST)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hugh@cac.washington.edu, ken@cac.washington.edu,
    pete@cac.washington.edu, remmers@cac.washington.edu,
    stenvik@cac.washington.edu, yonah@cac.washington.edu
Cc: deroest@cac.washington.edu
Subject: Accounting project....

From 97/11/20 meeting:

We discussed a possible model for a large namespace.  The most sensible 
model seems to be recognizing other Kerberos realms maintained by 
whatever group/organization wants to authenticate at the UW.  We are not
sure if we can expect these groups/organizations to have the resources 
to set up and maintain their own Kerberos realms that our realm trusts, 
or if we need to be prepared to set this up for them, which seems like 
we don't have the resources to do.  We are not sure of the granularity 
of controls we need to maintain - like do we just have to know someone 
is part of the Cle Elum realm and they can do whatever, or do we have to
be able to differentiate sub-groups of the Cle Elum realm.  We will 
invite Jim D.  to the next meeting to discuss.  (After the meeting, Jim 
sent some information after talking to Ken).  

Tom is looking at MicroSoft's Active Directory, which is bundled with 
NT.  A directory service LDAP can talk to.  

The Netscape LDAP conference call yielded no new information.

Tom reported the hepps data transfer attempted last Friday failed.  He 
is still working with Martha Smith.  

Donn needs the SSN with the staff and student directory information he 
gets for the LDAP staffdir and studentdir, or else all the information 
needed in one distribution so he doesn't have to have a "key" to use to 
lookup information in various places.  Since either involves dealing 
with IS folks, a resolution seems distant.  

Task review:
------------
Tom: Database development, loading, processing.
     Faculty/Staff data loading, processing.
     Clinician data loading, processing, addid-type client.
     LDAP from Netscape?
     DB2 for a test Informix replacement.
     Explore NT.

Pete: Web-based new.

Tracy: Work on entire suite of clients.

Yonah/Hugh: Work on backup/restore policies.

Hugh: Talk to Sid about Vitcos backups, the schedule, and restores.
      Invite Jim D. to next meeting.


From echaffin@u.washington.edu Mon Nov 24 11:08:12 1997
Date: Fri, 21 Nov 1997 08:56:22 -0800 (PST)
From: Elizabeth Runkle 
To: Hugh Sheets 
Subject: example #3 .. vitcos shuksan dbexport (fwd)

---------- Forwarded message ----------
Date: Thu, 20 Nov 1997 20:56:04 -0800
From: Vitcos Informix 
To: dba@u.u.washington.edu, echaffin@vitcos.u.washington.edu,
    lmeyer@vitcos.u.washington.edu
Subject: vitcos shuksan dbexport

{ DATABASE shuksan  delimiter | }

grant dba to "accsys";
grant resource to "infsyssr";
grant resource to "remmers";
grant resource to "ishepps";
grant connect to "shuk1";



{ TABLE "accsys".svftest row size = 69 number of columns = 10 index size = 16 }
{ unload file name = svftest104.unl number of rows = 35 }

create table "accsys".svftest 
  (
    stud_num char(7),
    ssn char(9),
    birthdate date,
    pac char(6),
    name varchar(30),
    class char(2),
    branch smallint,
    college char(1),
    department char(6),
    status char(1),
    primary key (stud_num) constraint "accsys".u104_8
  );
revoke all on "accsys".svftest from "public";

{ TABLE "accsys".fvftest row size = 94 number of columns = 8 index size = 0 }
{ unload file name = fvftest105.unl number of rows = 13 }

create table "accsys".fvftest 
  (
    ssn char(9),
    name varchar(60),
    unit char(3),
    type char(1),
    budget char(6),
    birthdate date,
    faccode char(2),
    mstop char(8)
  );
revoke all on "accsys".fvftest from "public";

{ TABLE "accsys".owners row size = 231 number of columns = 30 index size = 55 }
{ unload file name = owners_126.unl number of rows = 47299 }

create table "accsys".owners 
  (
    owner_id serial not null constraint "accsys".n126_31,
    owner char(8),
    ssn char(9),
    name varchar(60),
    pac char(6),
    birthdate date,
    avn char(7),
    college char(2),
    department char(6),
    category smallint,
    unit char(3),
    hepps_type char(1),
    budget char(6),
    faccode char(2),
    mailstop char(7),
    class char(2),
    branch smallint,
    sdb_status char(1),
    type char(1),
    status char(1),
    clinician char(1) 
        default 'N',
    staff char(1) 
        default 'N',
    faculty char(1) 
        default 'N',
    hepps_o char(1) 
        default 'N',
    undergrad char(1) 
        default 'N',
    grad char(1) 
        default 'N',
    sdb_o char(1) 
        default 'N',
    update date,
    expiration date,
    comment varchar(80),
    primary key (owner_id) constraint "accsys".u126_30
  );
revoke all on "accsys".owners from "public";

create index "accsys".avn_ix on "accsys".owners (avn);
create index "accsys".ssn_ix on "accsys".owners (ssn);
create index "accsys".type_ix on "accsys".owners (type);
{ TABLE "accsys".svfstats row size = 52 number of columns = 13 index size = 12 }
{ unload file name = svfstat148.unl number of rows = 0 }

create table "accsys".svfstats 
  (
    statdate date,
    students integer,
    testacc integer,
    svfli integer,
    cat1 integer,
    cat2 integer,
    cat7 integer,
    nullpac integer,
    svfgensec integer,
    updated integer,
    changed integer,
    new integer,
    svfownersec integer,
    primary key (statdate) constraint "accsys".u148_59
  );
revoke all on "accsys".svfstats from "public";

{ TABLE "informix".fvfgen_hepps row size = 96 number of columns = 8 index size = 
              0 }
{ unload file name = fvfgen_152.unl number of rows = 43364 }

create table "informix".fvfgen_hepps 
  (
    ssn char(9),
    name varchar(60),
    unit char(3),
    type char(1),
    budget char(6),
    birthdate char(6),
    faccode char(2),
    mstop char(8)
  );
revoke all on "informix".fvfgen_hepps from "public";

{ TABLE "accsys".tablemod row size = 32 number of columns = 2 index size = 43 }
{ unload file name = tablemo184.unl number of rows = 1 }

create table "accsys".tablemod 
  (
    tablename char(25),
    last_mod_date datetime year to minute 
        default current year to minute,
    primary key (tablename) constraint "accsys".u184_62
  );
revoke all on "accsys".tablemod from "public";

{ TABLE "accsys".bvfgen row size = 81 number of columns = 4 index size = 19 }
{ unload file name = bvfgen_186.unl number of rows = 6338 }

create table "accsys".bvfgen 
  (
    ssn char(9),
    name varchar(60),
    birthdate date,
    mod_date datetime year to minute 
        default current year to minute
  );
revoke all on "accsys".bvfgen from "public";

create index "accsys".bvfssn_ix on "accsys".bvfgen (ssn);
{ TABLE "infsyssr".svfgen_old row size = 69 number of columns = 10 index size = 0 
              }
{ unload file name = svfgen_188.unl number of rows = 40858 }

create table "infsyssr".svfgen_old 
  (
    stud_num char(7),
    ssn char(9),
    birthdate date,
    pac char(6),
    name varchar(30),
    class char(2),
    branch smallint,
    college char(1),
    department char(6),
    status char(1)
  );
revoke all on "infsyssr".svfgen_old from "public";

{ TABLE "accsys".bvfgen_n row size = 74 number of columns = 3 index size = 0 }
{ unload file name = bvfgen_194.unl number of rows = 0 }

create table "accsys".bvfgen_n 
  (
    ssn char(9),
    name varchar(60),
    birthdate date
  );
revoke all on "accsys".bvfgen_n from "public";

{ TABLE "accsys".bvfgen_2 row size = 74 number of columns = 3 index size = 0 }
{ unload file name = bvfgen_196.unl number of rows = 6338 }

create table "accsys".bvfgen_2 
  (
    ssn char(9),
    name varchar(60),
    birthdate date
  );
revoke all on "accsys".bvfgen_2 from "public";

{ TABLE "accsys".bvfgen_1 row size = 74 number of columns = 3 index size = 0 }
{ unload file name = bvfgen_197.unl number of rows = 6338 }

create table "accsys".bvfgen_1 
  (
    ssn char(9),
    name varchar(60),
    birthdate date
  );
revoke all on "accsys".bvfgen_1 from "public";

{ TABLE "infsyssr".svfgen row size = 69 number of columns = 10 index size = 16 }
{ unload file name = svfgen_198.unl number of rows = 40552 }

create table "infsyssr".svfgen 
  (
    stud_num char(7),
    ssn char(9),
    birthdate date,
    pac char(6),
    name varchar(30),
    class char(2),
    branch smallint,
    college char(1),
    department char(6),
    status char(1)
  );
revoke all on "infsyssr".svfgen from "public";

create index "infsyssr".stud_num_ix on "infsyssr".svfgen (stud_num);


grant all on "informix".fvfgen_hepps to "accsys" as "informix";
grant select on "informix".fvfgen_hepps to "fox" as "informix";
grant select on "informix".fvfgen_hepps to "hugh" as "informix";
grant select on "informix".fvfgen_hepps to "imf" as "informix";
grant select on "informix".fvfgen_hepps to "ken" as "informix";
grant select on "informix".fvfgen_hepps to "liuser" as "informix";
grant select on "informix".fvfgen_hepps to "pete" as "informix";
grant select on "informix".fvfgen_hepps to "remmers" as "informix";
grant select on "informix".fvfgen_hepps to "yonah" as "informix";
grant select on "accsys".bvfgen to "shuk1" as "accsys";
grant update on "accsys".bvfgen to "shuk1" as "accsys";
grant insert on "accsys".bvfgen to "shuk1" as "accsys";
grant delete on "accsys".bvfgen to "shuk1" as "accsys";
grant select on "infsyssr".svfgen_old to "fox" as "infsyssr";
grant select on "infsyssr".svfgen_old to "hugh" as "infsyssr";
grant select on "infsyssr".svfgen_old to "imf" as "infsyssr";
grant all on "infsyssr".svfgen_old to "informix" as "infsyssr";
grant select on "infsyssr".svfgen_old to "ken" as "infsyssr";
grant select on "infsyssr".svfgen_old to "liuser" as "infsyssr";
grant select on "infsyssr".svfgen_old to "pete" as "infsyssr";
grant select on "infsyssr".svfgen_old to "remmers" as "infsyssr";
grant select on "infsyssr".svfgen_old to "yonah" as "infsyssr";
grant select on "accsys".bvfgen_2 to "public" as "accsys";
grant update on "accsys".bvfgen_2 to "public" as "accsys";
grant insert on "accsys".bvfgen_2 to "public" as "accsys";
grant delete on "accsys".bvfgen_2 to "public" as "accsys";
grant index on "accsys".bvfgen_2 to "public" as "accsys";
grant select on "accsys".bvfgen_1 to "public" as "accsys";
grant update on "accsys".bvfgen_1 to "public" as "accsys";
grant insert on "accsys".bvfgen_1 to "public" as "accsys";
grant delete on "accsys".bvfgen_1 to "public" as "accsys";
grant index on "accsys".bvfgen_1 to "public" as "accsys";
grant select on "infsyssr".svfgen to "fox" as "infsyssr";
grant select on "infsyssr".svfgen to "hugh" as "infsyssr";
grant select on "infsyssr".svfgen to "imf" as "infsyssr";
grant all on "infsyssr".svfgen to "informix" as "infsyssr";
grant select on "infsyssr".svfgen to "ken" as "infsyssr";
grant select on "infsyssr".svfgen to "liuser" as "infsyssr";
grant select on "infsyssr".svfgen to "pete" as "infsyssr";
grant select on "infsyssr".svfgen to "remmers" as "infsyssr";
grant select on "infsyssr".svfgen to "yonah" as "infsyssr";



 








 

dbexport completed



From echaffin@u.washington.edu Mon Nov 24 11:08:24 1997
Date: Fri, 21 Nov 1997 08:56:13 -0800 (PST)
From: Elizabeth Runkle 
To: Hugh Sheets 
Subject: example #2 .... vitcos sequim dbexport (fwd)

---------- Forwarded message ----------
Date: Thu, 20 Nov 1997 20:50:21 -0800
From: Vitcos Informix 
To: dba@u.u.washington.edu, echaffin@vitcos.u.washington.edu,
    lmeyer@vitcos.u.washington.edu
Subject: vitcos sequim dbexport

{ DATABASE sequim  delimiter | }

grant dba to "accsys";



{ TABLE "accsys".svfgen row size = 69 number of columns = 10 index size = 36 }
{ unload file name = svfgen_102.unl number of rows = 101 }

create table "accsys".svfgen 
  (
    stud_num char(7),
    ssn char(9),
    birthdate date,
    pac char(6),
    name varchar(30),
    class char(2),
    branch smallint,
    college char(1),
    department char(6),
    status char(1),
    primary key (stud_num) constraint "accsys".u102_7
  );
revoke all on "accsys".svfgen from "public";

create index "accsys".svfssn_ix on "accsys".svfgen (ssn);
{ TABLE "accsys".fvftest row size = 94 number of columns = 8 index size = 0 }
{ unload file name = fvftest104.unl number of rows = 13 }

create table "accsys".fvftest 
  (
    ssn char(9),
    name varchar(60),
    unit char(3),
    type char(1),
    budget char(6),
    birthdate date,
    faccode char(2),
    mstop char(8)
  );
revoke all on "accsys".fvftest from "public";

{ TABLE "accsys".fvfgen row size = 94 number of columns = 8 index size = 19 }
{ unload file name = fvfgen_105.unl number of rows = 34713 }

create table "accsys".fvfgen 
  (
    ssn char(9),
    name varchar(60),
    unit char(3),
    type char(1),
    budget char(6),
    birthdate date,
    faccode char(2),
    mstop char(8)
  );
revoke all on "accsys".fvfgen from "public";

create index "accsys".fvfssn_ix on "accsys".fvfgen (ssn);
{ TABLE "accsys".bdf row size = 38 number of columns = 3 index size = 36 }
{ unload file name = bdf____106.unl number of rows = 906 }

create table "accsys".bdf 
  (
    budget char(6),
    code char(10),
    name char(22),
    primary key (budget) constraint "accsys".u106_9
  );
revoke all on "accsys".bdf from "public";

create index "accsys".bdf_code_ix on "accsys".bdf (code);
{ TABLE "accsys".svftest row size = 69 number of columns = 10 index size = 16 }
{ unload file name = svftest144.unl number of rows = 0 }

create table "accsys".svftest 
  (
    stud_num char(7),
    ssn char(9),
    birthdate date,
    pac char(6),
    name varchar(30),
    class char(2),
    branch smallint,
    college char(1),
    department char(6),
    status char(1),
    primary key (stud_num) constraint "accsys".u144_13
  );
revoke all on "accsys".svftest from "public";

{ TABLE "accsys".avf row size = 75 number of columns = 7 index size = 0 }
{ unload file name = avf____145.unl number of rows = 5889 }

create table "accsys".avf 
  (
    owner char(8),
    avf_college char(2),
    avf_department char(6),
    avf_category integer,
    avf_expiration date,
    avf_name varchar(30),
    avf_comment varchar(19)
  );
revoke all on "accsys".avf from "public";

{ TABLE "accsys".tablemod row size = 32 number of columns = 2 index size = 43 }
{ unload file name = tablemo182.unl number of rows = 1 }

create table "accsys".tablemod 
  (
    tablename char(25),
    last_mod_date datetime year to minute 
        default current year to minute,
    primary key (tablename) constraint "accsys".u182_97
  );
revoke all on "accsys".tablemod from "public";

{ TABLE "accsys".bvfgen row size = 81 number of columns = 4 index size = 19 }
{ unload file name = bvfgen_184.unl number of rows = 6338 }

create table "accsys".bvfgen 
  (
    ssn char(9),
    name varchar(60),
    birthdate date,
    mod_date datetime year to minute 
        default current year to minute
  );
revoke all on "accsys".bvfgen from "public";

create index "accsys".bvfssn_ix on "accsys".bvfgen (ssn);
{ TABLE "accsys".ua_group_r row size = 85 number of columns = 2 index size = 12 }
{ unload file name = ua_grou187.unl number of rows = 8 }

create table "accsys".ua_group_r 
  (
    ua_group_code integer,
    ua_group_name varchar(80),
    primary key (ua_group_code) constraint "accsys".u187_104
  );
revoke all on "accsys".ua_group_r from "public";

{ TABLE "accsys".principals row size = 74 number of columns = 3 index size = 31 }
{ unload file name = princip189.unl number of rows = 0 }

create table "accsys".principals 
  (
    uwuid serial not null constraint "accsys".n189_112,
    vn char(9),
    name varchar(60),
    primary key (uwuid) constraint "accsys".u189_111
  );
revoke all on "accsys".principals from "public";

create index "accsys".princ_vn_ix on "accsys".principals (vn);
{ TABLE "accsys".owners row size = 209 number of columns = 19 index size = 58 }
{ unload file name = owners_190.unl number of rows = 0 }

create table "accsys".owners 
  (
    owner_id serial not null constraint "accsys".n190_115,
    uwuid integer not null constraint "accsys".n190_116,
    owner char(8),
    name varchar(60),
    pac char(6),
    birthdate date,
    avn char(7),
    college char(2),
    department char(6),
    category smallint,
    unit char(3),
    hepps_type char(1),
    budget char(6),
    faccode char(2),
    mailstop char(7),
    class char(2),
    branch smallint,
    sdb_status char(1),
    comment varchar(80),
    primary key (owner_id) constraint "accsys".u190_113
  );
revoke all on "accsys".owners from "public";

create index "accsys".avn_ix on "accsys".owners (avn);
create index "accsys".owner_ix on "accsys".owners (owner);
{ TABLE "accsys".ua_groups row size = 152 number of columns = 7 index size = 42 }
{ unload file name = ua_grou191.unl number of rows = 0 }

create table "accsys".ua_groups 
  (
    ua_group_id serial not null constraint "accsys".n191_120,
    owner_id integer not null constraint "accsys".n191_121,
    ua_group_code integer not null constraint "accsys".n191_122,
    ua_group_value varchar(50),
    update date,
    expire date,
    comment varchar(80),
    primary key (owner_id,ua_group_code) constraint "accsys".u191_117
  );
revoke all on "accsys".ua_groups from "public";


alter table "accsys".owners add constraint (foreign key (uwuid) references 
    "accsys".principals  on delete cascade constraint "accsys".r190_114);

alter table "accsys".ua_groups add constraint (foreign key (owner_id) 
    references "accsys".owners  on delete cascade constraint "accsys".r191_118);
    

alter table "accsys".ua_groups add constraint (foreign key (ua_group_code) 
    references "accsys".ua_group_r  constraint "accsys".r191_119);





 








 

dbexport completed



From echaffin@u.washington.edu Mon Nov 24 11:08:44 1997
Date: Fri, 21 Nov 1997 08:55:54 -0800 (PST)
From: Elizabeth Runkle 
To: Hugh Sheets 
Subject: example ....vitcos lidb dbexport (fwd)


Hugh,  Here's last night's vitcos libdb export log.  We email the
log of most DBA-scheduled exports, backups, etc.  Many scripts also
send the daemon-results also.  DBA team scans INBOX for receipt of
job summaries, and greps for aborts, abnormal terminations, etc.

fyi, liz

---------- Forwarded message ----------
Date: Thu, 20 Nov 1997 20:45:15 -0800
From: Vitcos Informix 
To: dba@u.u.washington.edu, echaffin@vitcos.u.washington.edu,
    lmeyer@vitcos.u.washington.edu
Subject: vitcos lidb dbexport

{ DATABASE lidb  delimiter | }

grant dba to "informix";
grant connect to "plo";
grant dba to "fox";
grant dba to "ken";
grant dba to "yonah";
grant dba to "imf";
grant dba to "pete";
grant dba to "hugh";
grant dba to "remmers";
grant resource to "infsyssr";

create role "liuser" ;

grant "liuser" to "plo" ;

{ TABLE "informix".accounts row size = 73 number of columns = 6 index size = 55 }
{ unload file name = account100.unl number of rows = 0 }

create table "informix".accounts 
  (
    account char(8),
    account_type char(1),
    user_name varchar(40),
    birthdate char(6),
    student_no char(8),
    ssn char(9)
  );
revoke all on "informix".accounts from "public";

create unique cluster index "informix".accounts_ix on "informix".accounts (account);
    
create index "informix".accounts_ix1 on "informix".accounts (student_no);
create index "informix".accounts_ix2 on "informix".accounts (ssn);
{ TABLE "informix".hosts row size = 43 number of columns = 3 index size = 55 }
{ unload file name = hosts__101.unl number of rows = 84 }

create table "informix".hosts 
  (
    host_id smallint,
    host_name varchar(32),
    host_type char(8)
  );
revoke all on "informix".hosts from "public";

create index "informix".hosts_ix on "informix".hosts (host_name);
{ TABLE "informix".assign_uid row size = 4 number of columns = 1 index size = 0 }
{ unload file name = assign_103.unl number of rows = 0 }

create table "informix".assign_uid 
  (
    last_uid integer
  );
revoke all on "informix".assign_uid from "public";

{ TABLE "informix".crns row size = 38 number of columns = 4 index size = 49 }
{ unload file name = crns___105.unl number of rows = 0 }

create table "informix".crns 
  (
    account char(8),
    id char(12),
    crn_id char(9),
    crn char(9)
  );
revoke all on "informix".crns from "public";

create unique index "informix".crns_ix on "informix".crns (account,id,crn_id);
    
{ TABLE "informix".last_uid row size = 5 number of columns = 1 index size = 0 }
{ unload file name = last_ui106.unl number of rows = 1 }

create table "informix".last_uid 
  (
    uid char(5)
  );
revoke all on "informix".last_uid from "public";

{ TABLE "remmers".systableext row size = 384 number of columns = 5 index size = 102 
              }
{ unload file name = systabl107.unl number of rows = 1 }

create table "remmers".systableext 
  (
    owner char(32),
    tabname char(32),
    extowner char(32),
    tabalias char(32),
    remarks char(256)
  );
revoke all on "remmers".systableext from "public";

create unique index "remmers".tableext1 on "remmers".systableext (owner,tabname);
    
{ TABLE "remmers".syscolumnext row size = 516 number of columns = 10 index size = 
              150 }
{ unload file name = syscolu108.unl number of rows = 0 }

create table "remmers".syscolumnext 
  (
    owner char(32),
    tabname char(32),
    colname char(32),
    extowner char(32),
    colalias char(32),
    collabel char(32),
    coltitle char(32),
    remarks char(256),
    subtype char(4),
    class char(32)
  );
revoke all on "remmers".syscolumnext from "public";

create unique index "remmers".columnext1 on "remmers".syscolumnext (owner,tabname,
    colname);
{ TABLE "remmers".syscolformats row size = 875 number of columns = 16 index size 
              = 303 }
{ unload file name = syscolf109.unl number of rows = 0 }

create table "remmers".syscolformats 
  (
    owner char(32),
    tabname char(32),
    colname char(32),
    extowner char(32),
    priority smallint,
    typeface char(64),
    fontsize smallint,
    fontstyle smallint,
    fontcolor integer,
    aidfa char(30),
    formatmask char(256),
    format4gl char(128),
    align char(1),
    case char(1),
    ruletype char(1),
    checktext char(256)
  );
revoke all on "remmers".syscolformats from "public";

create unique index "remmers".colformats1 on "remmers".syscolformats (owner,
    tabname,colname,priority);
create index "remmers".colformats2 on "remmers".syscolformats (owner,tabname,
    colname);
{ TABLE "remmers".syscolinput row size = 266 number of columns = 6 index size = 315 
              }
{ unload file name = syscoli110.unl number of rows = 0 }

create table "remmers".syscolinput 
  (
    owner char(32),
    tabname char(32),
    colname char(32),
    extowner char(32),
    attrname char(10),
    attrval char(128)
  );
revoke all on "remmers".syscolinput from "public";

create unique index "remmers".colinput1 on "remmers".syscolinput (owner,tabname,
    colname,attrname);
create index "remmers".colinput2 on "remmers".syscolinput (owner,tabname,colname);
    
{ TABLE "remmers".syscolinclude row size = 259 number of columns = 8 index size = 
              303 }
{ unload file name = syscoli111.unl number of rows = 0 }

create table "remmers".syscolinclude 
  (
    owner char(32),
    tabname char(32),
    colname char(32),
    extowner char(32),
    priority smallint,
    extvalue char(64),
    intvalue char(64),
    range char(1)
  );
revoke all on "remmers".syscolinclude from "public";

create unique index "remmers".colinclude1 on "remmers".syscolinclude (owner,
    tabname,colname,priority);
create index "remmers".colinclude2 on "remmers".syscolinclude (owner,tabname,
    colname);
{ TABLE "remmers".syssuperviews row size = 140 number of columns = 4 index size = 
              66 }
{ unload file name = syssupe112.unl number of rows = 0 }

create table "remmers".syssuperviews 
  (
    svwid serial not null constraint "remmers".n112_1,
    owner char(32),
    svwname char(32),
    remarks char(72)
  );
revoke all on "remmers".syssuperviews from "public";

create unique index "remmers".superview1 on "remmers".syssuperviews (svwid);
    
create unique index "remmers".superview2 on "remmers".syssuperviews (svwname);
    
{ TABLE "remmers".syssvwtables row size = 242 number of columns = 10 index size = 
              78 }
{ unload file name = syssvwt113.unl number of rows = 0 }

create table "remmers".syssvwtables 
  (
    svwid integer,
    tableseq integer,
    owner char(32),
    tabname char(32),
    masteralias char(32),
    cardinality char(1),
    usetype char(1),
    tabalias char(32),
    levelname char(32),
    remarks char(72)
  );
revoke all on "remmers".syssvwtables from "public";

create unique index "remmers".svwtables1 on "remmers".syssvwtables (svwid,tabalias);
    
create unique index "remmers".svwtables2 on "remmers".syssvwtables (svwid,tableseq);
    
{ TABLE "remmers".syssvwjoins row size = 136 number of columns = 7 index size = 63 
              }
{ unload file name = syssvwj114.unl number of rows = 0 }

create table "remmers".syssvwjoins 
  (
    svwid integer,
    tabalias char(32),
    jcolseq smallint,
    mastercol char(32),
    detailcol1 char(32),
    detailcol2 char(32),
    joinoperator char(2)
  );
revoke all on "remmers".syssvwjoins from "public";

create unique index "remmers".svwjoins1 on "remmers".syssvwjoins (svwid,tabalias,
    jcolseq);
{ TABLE "remmers".syssvwaliases row size = 170 number of columns = 8 index size = 
              186 }
{ unload file name = syssvwa115.unl number of rows = 0 }

create table "remmers".syssvwaliases 
  (
    svwid integer,
    tabalias char(32),
    colseq integer,
    colname char(32),
    colalias char(32),
    label char(32),
    title char(32),
    flag smallint
  );
revoke all on "remmers".syssvwaliases from "public";

create unique index "remmers".svwaliases1 on "remmers".syssvwaliases (svwid,
    tabalias,colname);
create unique index "remmers".svwaliases2 on "remmers".syssvwaliases (svwid,
    colalias);
create index "remmers".svwaliases3 on "remmers".syssvwaliases (svwid,colseq);
    
{ TABLE "remmers".syssvworder row size = 39 number of columns = 4 index size = 15 
              }
{ unload file name = syssvwo116.unl number of rows = 0 }

create table "remmers".syssvworder 
  (
    svwid integer,
    seqno smallint,
    colalias char(32),
    sorttype char(1)
  );
revoke all on "remmers".syssvworder from "public";

create unique index "remmers".svworder1 on "remmers".syssvworder (svwid,seqno);
    
{ TABLE "remmers".syssvwauth row size = 66 number of columns = 8 index size = 60 
              }
{ unload file name = syssvwa117.unl number of rows = 0 }

create table "remmers".syssvwauth 
  (
    svwid integer,
    username char(32),
    svwauth char(8),
    rowlimit integer,
    readlimit integer,
    readsperrowlimit float,
    elapsedtimelimit integer,
    isolationmode smallint
  );
revoke all on "remmers".syssvwauth from "public";

create unique index "remmers".svwauth1 on "remmers".syssvwauth (svwid,username);
    
{ TABLE "remmers".syssvwformats row size = 783 number of columns = 14 index size 
              = 123 }
{ unload file name = syssvwf118.unl number of rows = 0 }

create table "remmers".syssvwformats 
  (
    svwid integer,
    colalias char(32),
    priority smallint,
    typeface char(64),
    fontsize smallint,
    fontstyle smallint,
    fontcolor integer,
    aidfa char(30),
    formatmask char(256),
    format4gl char(128),
    align char(1),
    case char(1),
    ruletype char(1),
    checktext char(256)
  );
revoke all on "remmers".syssvwformats from "public";

create unique index "remmers".svwformats1 on "remmers".syssvwformats (svwid,
    colalias,priority);
create index "remmers".svwformats2 on "remmers".syssvwformats (svwid,colalias);
    
{ TABLE "remmers".syssvwinput row size = 174 number of columns = 4 index size = 135 
              }
{ unload file name = syssvwi119.unl number of rows = 0 }

create table "remmers".syssvwinput 
  (
    svwid integer,
    colalias char(32),
    attrname char(10),
    attrval char(128)
  );
revoke all on "remmers".syssvwinput from "public";

create unique index "remmers".svwinput1 on "remmers".syssvwinput (svwid,colalias,
    attrname);
create index "remmers".svwinput2 on "remmers".syssvwinput (svwid,colalias);
{ TABLE "remmers".syssvwinclude row size = 167 number of columns = 6 index size = 
              123 }
{ unload file name = syssvwi120.unl number of rows = 0 }

create table "remmers".syssvwinclude 
  (
    svwid integer,
    colalias char(32),
    priority smallint,
    extvalue char(64),
    intvalue char(64),
    range char(1)
  );
revoke all on "remmers".syssvwinclude from "public";

create unique index "remmers".svwinclude1 on "remmers".syssvwinclude (svwid,
    colalias,priority);
create index "remmers".svwinclude2 on "remmers".syssvwinclude (svwid,colalias);
    
{ TABLE "remmers".sysulist row size = 96 number of columns = 2 index size = 54 }
{ unload file name = sysulis121.unl number of rows = 11 }

create table "remmers".sysulist 
  (
    username char(32),
    remarks char(64)
  );
revoke all on "remmers".sysulist from "public";

create unique index "remmers".ulist1 on "remmers".sysulist (username);
{ TABLE "remmers".tomstest row size = 24 number of columns = 2 index size = 12 }
{ unload file name = tomstes122.unl number of rows = 0 }

create table "remmers".tomstest 
  (
    col1 serial not null constraint "remmers".n122_2,
    col2 char(20)
  );
revoke all on "remmers".tomstest from "public";

create unique index "remmers".ix122_1 on "remmers".tomstest (col1);
{ TABLE "infsyssr".svfgen_old row size = 69 number of columns = 10 index size = 16 
              }
{ unload file name = svfgen_124.unl number of rows = 0 }

create table "infsyssr".svfgen_old 
  (
    stud_num char(7),
    ssn char(9),
    birthdate date,
    pac char(6),
    name varchar(30),
    class char(2),
    branch smallint,
    college char(1),
    department char(6),
    status char(1),
    primary key (stud_num) constraint "infsyssr".u124_4
  );
revoke all on "infsyssr".svfgen_old from "public";

{ TABLE "infsyssr".svfgen row size = 69 number of columns = 10 index size = 16 }
{ unload file name = svfgen_125.unl number of rows = 331 }

create table "infsyssr".svfgen 
  (
    stud_num char(7),
    ssn char(9),
    birthdate date,
    pac char(6),
    name varchar(30),
    class char(2),
    branch smallint,
    college char(1),
    department char(6),
    status char(1),
    primary key (stud_num) constraint "infsyssr".u125_5
  );
revoke all on "infsyssr".svfgen from "public";



grant all on "informix".hosts to "liuser" as "informix";
grant select on "remmers".systableext to "fox" with grant option as "remmers";
grant update on "remmers".systableext to "fox" with grant option as "remmers";
grant insert on "remmers".systableext to "fox" with grant option as "remmers";
grant delete on "remmers".systableext to "fox" with grant option as "remmers";
grant index on "remmers".systableext to "fox" with grant option as "remmers";
grant select on "remmers".systableext to "hugh" with grant option as "remmers";
grant update on "remmers".systableext to "hugh" with grant option as "remmers";
grant insert on "remmers".systableext to "hugh" with grant option as "remmers";
grant delete on "remmers".systableext to "hugh" with grant option as "remmers";
grant index on "remmers".systableext to "hugh" with grant option as "remmers";
grant select on "remmers".systableext to "imf" with grant option as "remmers";
grant update on "remmers".systableext to "imf" with grant option as "remmers";
grant insert on "remmers".systableext to "imf" with grant option as "remmers";
grant delete on "remmers".systableext to "imf" with grant option as "remmers";
grant index on "remmers".systableext to "imf" with grant option as "remmers";
grant select on "remmers".systableext to "informix" with grant option as "remmers";
grant update on "remmers".systableext to "informix" with grant option as "remmers";
grant insert on "remmers".systableext to "informix" with grant option as "remmers";
grant delete on "remmers".systableext to "informix" with grant option as "remmers";
grant index on "remmers".systableext to "informix" with grant option as "remmers";
grant select on "remmers".systableext to "ken" with grant option as "remmers";
grant update on "remmers".systableext to "ken" with grant option as "remmers";
grant insert on "remmers".systableext to "ken" with grant option as "remmers";
grant delete on "remmers".systableext to "ken" with grant option as "remmers";
grant index on "remmers".systableext to "ken" with grant option as "remmers";
grant select on "remmers".systableext to "pete" with grant option as "remmers";
grant update on "remmers".systableext to "pete" with grant option as "remmers";
grant insert on "remmers".systableext to "pete" with grant option as "remmers";
grant delete on "remmers".systableext to "pete" with grant option as "remmers";
grant index on "remmers".systableext to "pete" with grant option as "remmers";
grant select on "remmers".systableext to "public" as "remmers";
grant select on "remmers".systableext to "yonah" with grant option as "remmers";
grant update on "remmers".systableext to "yonah" with grant option as "remmers";
grant insert on "remmers".systableext to "yonah" with grant option as "remmers";
grant delete on "remmers".systableext to "yonah" with grant option as "remmers";
grant index on "remmers".systableext to "yonah" with grant option as "remmers";
grant select on "remmers".syscolumnext to "fox" with grant option as "remmers";
grant update on "remmers".syscolumnext to "fox" with grant option as "remmers";
grant insert on "remmers".syscolumnext to "fox" with grant option as "remmers";
grant delete on "remmers".syscolumnext to "fox" with grant option as "remmers";
grant index on "remmers".syscolumnext to "fox" with grant option as "remmers";
grant select on "remmers".syscolumnext to "hugh" with grant option as "remmers";
grant update on "remmers".syscolumnext to "hugh" with grant option as "remmers";
grant insert on "remmers".syscolumnext to "hugh" with grant option as "remmers";
grant delete on "remmers".syscolumnext to "hugh" with grant option as "remmers";
grant index on "remmers".syscolumnext to "hugh" with grant option as "remmers";
grant select on "remmers".syscolumnext to "imf" with grant option as "remmers";
grant update on "remmers".syscolumnext to "imf" with grant option as "remmers";
grant insert on "remmers".syscolumnext to "imf" with grant option as "remmers";
grant delete on "remmers".syscolumnext to "imf" with grant option as "remmers";
grant index on "remmers".syscolumnext to "imf" with grant option as "remmers";
grant select on "remmers".syscolumnext to "informix" with grant option as "remmers";
grant update on "remmers".syscolumnext to "informix" with grant option as "remmers";
grant insert on "remmers".syscolumnext to "informix" with grant option as "remmers";
grant delete on "remmers".syscolumnext to "informix" with grant option as "remmers";
grant index on "remmers".syscolumnext to "informix" with grant option as "remmers";
grant select on "remmers".syscolumnext to "ken" with grant option as "remmers";
grant update on "remmers".syscolumnext to "ken" with grant option as "remmers";
grant insert on "remmers".syscolumnext to "ken" with grant option as "remmers";
grant delete on "remmers".syscolumnext to "ken" with grant option as "remmers";
grant index on "remmers".syscolumnext to "ken" with grant option as "remmers";
grant select on "remmers".syscolumnext to "pete" with grant option as "remmers";
grant update on "remmers".syscolumnext to "pete" with grant option as "remmers";
grant insert on "remmers".syscolumnext to "pete" with grant option as "remmers";
grant delete on "remmers".syscolumnext to "pete" with grant option as "remmers";
grant index on "remmers".syscolumnext to "pete" with grant option as "remmers";
grant select on "remmers".syscolumnext to "public" as "remmers";
grant select on "remmers".syscolumnext to "yonah" with grant option as "remmers";
grant update on "remmers".syscolumnext to "yonah" with grant option as "remmers";
grant insert on "remmers".syscolumnext to "yonah" with grant option as "remmers";
grant delete on "remmers".syscolumnext to "yonah" with grant option as "remmers";
grant index on "remmers".syscolumnext to "yonah" with grant option as "remmers";
grant select on "remmers".syscolformats to "fox" with grant option as "remmers";
grant update on "remmers".syscolformats to "fox" with grant option as "remmers";
grant insert on "remmers".syscolformats to "fox" with grant option as "remmers";
grant delete on "remmers".syscolformats to "fox" with grant option as "remmers";
grant index on "remmers".syscolformats to "fox" with grant option as "remmers";
grant select on "remmers".syscolformats to "hugh" with grant option as "remmers";
grant update on "remmers".syscolformats to "hugh" with grant option as "remmers";
grant insert on "remmers".syscolformats to "hugh" with grant option as "remmers";
grant delete on "remmers".syscolformats to "hugh" with grant option as "remmers";
grant index on "remmers".syscolformats to "hugh" with grant option as "remmers";
grant select on "remmers".syscolformats to "imf" with grant option as "remmers";
grant update on "remmers".syscolformats to "imf" with grant option as "remmers";
grant insert on "remmers".syscolformats to "imf" with grant option as "remmers";
grant delete on "remmers".syscolformats to "imf" with grant option as "remmers";
grant index on "remmers".syscolformats to "imf" with grant option as "remmers";
grant select on "remmers".syscolformats to "informix" with grant option as "remmers";
grant update on "remmers".syscolformats to "informix" with grant option as "remmers";
grant insert on "remmers".syscolformats to "informix" with grant option as "remmers";
grant delete on "remmers".syscolformats to "informix" with grant option as "remmers";
grant index on "remmers".syscolformats to "informix" with grant option as "remmers";
grant select on "remmers".syscolformats to "ken" with grant option as "remmers";
grant update on "remmers".syscolformats to "ken" with grant option as "remmers";
grant insert on "remmers".syscolformats to "ken" with grant option as "remmers";
grant delete on "remmers".syscolformats to "ken" with grant option as "remmers";
grant index on "remmers".syscolformats to "ken" with grant option as "remmers";
grant select on "remmers".syscolformats to "pete" with grant option as "remmers";
grant update on "remmers".syscolformats to "pete" with grant option as "remmers";
grant insert on "remmers".syscolformats to "pete" with grant option as "remmers";
grant delete on "remmers".syscolformats to "pete" with grant option as "remmers";
grant index on "remmers".syscolformats to "pete" with grant option as "remmers";
grant select on "remmers".syscolformats to "public" as "remmers";
grant select on "remmers".syscolformats to "yonah" with grant option as "remmers";
grant update on "remmers".syscolformats to "yonah" with grant option as "remmers";
grant insert on "remmers".syscolformats to "yonah" with grant option as "remmers";
grant delete on "remmers".syscolformats to "yonah" with grant option as "remmers";
grant index on "remmers".syscolformats to "yonah" with grant option as "remmers";
grant select on "remmers".syscolinput to "fox" with grant option as "remmers";
grant update on "remmers".syscolinput to "fox" with grant option as "remmers";
grant insert on "remmers".syscolinput to "fox" with grant option as "remmers";
grant delete on "remmers".syscolinput to "fox" with grant option as "remmers";
grant index on "remmers".syscolinput to "fox" with grant option as "remmers";
grant select on "remmers".syscolinput to "hugh" with grant option as "remmers";
grant update on "remmers".syscolinput to "hugh" with grant option as "remmers";
grant insert on "remmers".syscolinput to "hugh" with grant option as "remmers";
grant delete on "remmers".syscolinput to "hugh" with grant option as "remmers";
grant index on "remmers".syscolinput to "hugh" with grant option as "remmers";
grant select on "remmers".syscolinput to "imf" with grant option as "remmers";
grant update on "remmers".syscolinput to "imf" with grant option as "remmers";
grant insert on "remmers".syscolinput to "imf" with grant option as "remmers";
grant delete on "remmers".syscolinput to "imf" with grant option as "remmers";
grant index on "remmers".syscolinput to "imf" with grant option as "remmers";
grant select on "remmers".syscolinput to "informix" with grant option as "remmers";
grant update on "remmers".syscolinput to "informix" with grant option as "remmers";
grant insert on "remmers".syscolinput to "informix" with grant option as "remmers";
grant delete on "remmers".syscolinput to "informix" with grant option as "remmers";
grant index on "remmers".syscolinput to "informix" with grant option as "remmers";
grant select on "remmers".syscolinput to "ken" with grant option as "remmers";
grant update on "remmers".syscolinput to "ken" with grant option as "remmers";
grant insert on "remmers".syscolinput to "ken" with grant option as "remmers";
grant delete on "remmers".syscolinput to "ken" with grant option as "remmers";
grant index on "remmers".syscolinput to "ken" with grant option as "remmers";
grant select on "remmers".syscolinput to "pete" with grant option as "remmers";
grant update on "remmers".syscolinput to "pete" with grant option as "remmers";
grant insert on "remmers".syscolinput to "pete" with grant option as "remmers";
grant delete on "remmers".syscolinput to "pete" with grant option as "remmers";
grant index on "remmers".syscolinput to "pete" with grant option as "remmers";
grant select on "remmers".syscolinput to "public" as "remmers";
grant select on "remmers".syscolinput to "yonah" with grant option as "remmers";
grant update on "remmers".syscolinput to "yonah" with grant option as "remmers";
grant insert on "remmers".syscolinput to "yonah" with grant option as "remmers";
grant delete on "remmers".syscolinput to "yonah" with grant option as "remmers";
grant index on "remmers".syscolinput to "yonah" with grant option as "remmers";
grant select on "remmers".syscolinclude to "fox" with grant option as "remmers";
grant update on "remmers".syscolinclude to "fox" with grant option as "remmers";
grant insert on "remmers".syscolinclude to "fox" with grant option as "remmers";
grant delete on "remmers".syscolinclude to "fox" with grant option as "remmers";
grant index on "remmers".syscolinclude to "fox" with grant option as "remmers";
grant select on "remmers".syscolinclude to "hugh" with grant option as "remmers";
grant update on "remmers".syscolinclude to "hugh" with grant option as "remmers";
grant insert on "remmers".syscolinclude to "hugh" with grant option as "remmers";
grant delete on "remmers".syscolinclude to "hugh" with grant option as "remmers";
grant index on "remmers".syscolinclude to "hugh" with grant option as "remmers";
grant select on "remmers".syscolinclude to "imf" with grant option as "remmers";
grant update on "remmers".syscolinclude to "imf" with grant option as "remmers";
grant insert on "remmers".syscolinclude to "imf" with grant option as "remmers";
grant delete on "remmers".syscolinclude to "imf" with grant option as "remmers";
grant index on "remmers".syscolinclude to "imf" with grant option as "remmers";
grant select on "remmers".syscolinclude to "informix" with grant option as "remmers";
grant update on "remmers".syscolinclude to "informix" with grant option as "remmers";
grant insert on "remmers".syscolinclude to "informix" with grant option as "remmers";
grant delete on "remmers".syscolinclude to "informix" with grant option as "remmers";
grant index on "remmers".syscolinclude to "informix" with grant option as "remmers";
grant select on "remmers".syscolinclude to "ken" with grant option as "remmers";
grant update on "remmers".syscolinclude to "ken" with grant option as "remmers";
grant insert on "remmers".syscolinclude to "ken" with grant option as "remmers";
grant delete on "remmers".syscolinclude to "ken" with grant option as "remmers";
grant index on "remmers".syscolinclude to "ken" with grant option as "remmers";
grant select on "remmers".syscolinclude to "pete" with grant option as "remmers";
grant update on "remmers".syscolinclude to "pete" with grant option as "remmers";
grant insert on "remmers".syscolinclude to "pete" with grant option as "remmers";
grant delete on "remmers".syscolinclude to "pete" with grant option as "remmers";
grant index on "remmers".syscolinclude to "pete" with grant option as "remmers";
grant select on "remmers".syscolinclude to "public" as "remmers";
grant select on "remmers".syscolinclude to "yonah" with grant option as "remmers";
grant update on "remmers".syscolinclude to "yonah" with grant option as "remmers";
grant insert on "remmers".syscolinclude to "yonah" with grant option as "remmers";
grant delete on "remmers".syscolinclude to "yonah" with grant option as "remmers";
grant index on "remmers".syscolinclude to "yonah" with grant option as "remmers";
grant select on "remmers".syssuperviews to "fox" with grant option as "remmers";
grant update on "remmers".syssuperviews to "fox" with grant option as "remmers";
grant insert on "remmers".syssuperviews to "fox" with grant option as "remmers";
grant delete on "remmers".syssuperviews to "fox" with grant option as "remmers";
grant index on "remmers".syssuperviews to "fox" with grant option as "remmers";
grant select on "remmers".syssuperviews to "hugh" with grant option as "remmers";
grant update on "remmers".syssuperviews to "hugh" with grant option as "remmers";
grant insert on "remmers".syssuperviews to "hugh" with grant option as "remmers";
grant delete on "remmers".syssuperviews to "hugh" with grant option as "remmers";
grant index on "remmers".syssuperviews to "hugh" with grant option as "remmers";
grant select on "remmers".syssuperviews to "imf" with grant option as "remmers";
grant update on "remmers".syssuperviews to "imf" with grant option as "remmers";
grant insert on "remmers".syssuperviews to "imf" with grant option as "remmers";
grant delete on "remmers".syssuperviews to "imf" with grant option as "remmers";
grant index on "remmers".syssuperviews to "imf" with grant option as "remmers";
grant select on "remmers".syssuperviews to "informix" with grant option as "remmers";
grant update on "remmers".syssuperviews to "informix" with grant option as "remmers";
grant insert on "remmers".syssuperviews to "informix" with grant option as "remmers";
grant delete on "remmers".syssuperviews to "informix" with grant option as "remmers";
grant index on "remmers".syssuperviews to "informix" with grant option as "remmers";
grant select on "remmers".syssuperviews to "ken" with grant option as "remmers";
grant update on "remmers".syssuperviews to "ken" with grant option as "remmers";
grant insert on "remmers".syssuperviews to "ken" with grant option as "remmers";
grant delete on "remmers".syssuperviews to "ken" with grant option as "remmers";
grant index on "remmers".syssuperviews to "ken" with grant option as "remmers";
grant select on "remmers".syssuperviews to "pete" with grant option as "remmers";
grant update on "remmers".syssuperviews to "pete" with grant option as "remmers";
grant insert on "remmers".syssuperviews to "pete" with grant option as "remmers";
grant delete on "remmers".syssuperviews to "pete" with grant option as "remmers";
grant index on "remmers".syssuperviews to "pete" with grant option as "remmers";
grant select on "remmers".syssuperviews to "public" as "remmers";
grant select on "remmers".syssuperviews to "yonah" with grant option as "remmers";
grant update on "remmers".syssuperviews to "yonah" with grant option as "remmers";
grant insert on "remmers".syssuperviews to "yonah" with grant option as "remmers";
grant delete on "remmers".syssuperviews to "yonah" with grant option as "remmers";
grant index on "remmers".syssuperviews to "yonah" with grant option as "remmers";
grant select on "remmers".syssvwtables to "fox" with grant option as "remmers";
grant update on "remmers".syssvwtables to "fox" with grant option as "remmers";
grant insert on "remmers".syssvwtables to "fox" with grant option as "remmers";
grant delete on "remmers".syssvwtables to "fox" with grant option as "remmers";
grant index on "remmers".syssvwtables to "fox" with grant option as "remmers";
grant select on "remmers".syssvwtables to "hugh" with grant option as "remmers";
grant update on "remmers".syssvwtables to "hugh" with grant option as "remmers";
grant insert on "remmers".syssvwtables to "hugh" with grant option as "remmers";
grant delete on "remmers".syssvwtables to "hugh" with grant option as "remmers";
grant index on "remmers".syssvwtables to "hugh" with grant option as "remmers";
grant select on "remmers".syssvwtables to "imf" with grant option as "remmers";
grant update on "remmers".syssvwtables to "imf" with grant option as "remmers";
grant insert on "remmers".syssvwtables to "imf" with grant option as "remmers";
grant delete on "remmers".syssvwtables to "imf" with grant option as "remmers";
grant index on "remmers".syssvwtables to "imf" with grant option as "remmers";
grant select on "remmers".syssvwtables to "informix" with grant option as "remmers";
grant update on "remmers".syssvwtables to "informix" with grant option as "remmers";
grant insert on "remmers".syssvwtables to "informix" with grant option as "remmers";
grant delete on "remmers".syssvwtables to "informix" with grant option as "remmers";
grant index on "remmers".syssvwtables to "informix" with grant option as "remmers";
grant select on "remmers".syssvwtables to "ken" with grant option as "remmers";
grant update on "remmers".syssvwtables to "ken" with grant option as "remmers";
grant insert on "remmers".syssvwtables to "ken" with grant option as "remmers";
grant delete on "remmers".syssvwtables to "ken" with grant option as "remmers";
grant index on "remmers".syssvwtables to "ken" with grant option as "remmers";
grant select on "remmers".syssvwtables to "pete" with grant option as "remmers";
grant update on "remmers".syssvwtables to "pete" with grant option as "remmers";
grant insert on "remmers".syssvwtables to "pete" with grant option as "remmers";
grant delete on "remmers".syssvwtables to "pete" with grant option as "remmers";
grant index on "remmers".syssvwtables to "pete" with grant option as "remmers";
grant select on "remmers".syssvwtables to "public" as "remmers";
grant select on "remmers".syssvwtables to "yonah" with grant option as "remmers";
grant update on "remmers".syssvwtables to "yonah" with grant option as "remmers";
grant insert on "remmers".syssvwtables to "yonah" with grant option as "remmers";
grant delete on "remmers".syssvwtables to "yonah" with grant option as "remmers";
grant index on "remmers".syssvwtables to "yonah" with grant option as "remmers";
grant select on "remmers".syssvwjoins to "fox" with grant option as "remmers";
grant update on "remmers".syssvwjoins to "fox" with grant option as "remmers";
grant insert on "remmers".syssvwjoins to "fox" with grant option as "remmers";
grant delete on "remmers".syssvwjoins to "fox" with grant option as "remmers";
grant index on "remmers".syssvwjoins to "fox" with grant option as "remmers";
grant select on "remmers".syssvwjoins to "hugh" with grant option as "remmers";
grant update on "remmers".syssvwjoins to "hugh" with grant option as "remmers";
grant insert on "remmers".syssvwjoins to "hugh" with grant option as "remmers";
grant delete on "remmers".syssvwjoins to "hugh" with grant option as "remmers";
grant index on "remmers".syssvwjoins to "hugh" with grant option as "remmers";
grant select on "remmers".syssvwjoins to "imf" with grant option as "remmers";
grant update on "remmers".syssvwjoins to "imf" with grant option as "remmers";
grant insert on "remmers".syssvwjoins to "imf" with grant option as "remmers";
grant delete on "remmers".syssvwjoins to "imf" with grant option as "remmers";
grant index on "remmers".syssvwjoins to "imf" with grant option as "remmers";
grant select on "remmers".syssvwjoins to "informix" with grant option as "remmers";
grant update on "remmers".syssvwjoins to "informix" with grant option as "remmers";
grant insert on "remmers".syssvwjoins to "informix" with grant option as "remmers";
grant delete on "remmers".syssvwjoins to "informix" with grant option as "remmers";
grant index on "remmers".syssvwjoins to "informix" with grant option as "remmers";
grant select on "remmers".syssvwjoins to "ken" with grant option as "remmers";
grant update on "remmers".syssvwjoins to "ken" with grant option as "remmers";
grant insert on "remmers".syssvwjoins to "ken" with grant option as "remmers";
grant delete on "remmers".syssvwjoins to "ken" with grant option as "remmers";
grant index on "remmers".syssvwjoins to "ken" with grant option as "remmers";
grant select on "remmers".syssvwjoins to "pete" with grant option as "remmers";
grant update on "remmers".syssvwjoins to "pete" with grant option as "remmers";
grant insert on "remmers".syssvwjoins to "pete" with grant option as "remmers";
grant delete on "remmers".syssvwjoins to "pete" with grant option as "remmers";
grant index on "remmers".syssvwjoins to "pete" with grant option as "remmers";
grant select on "remmers".syssvwjoins to "public" as "remmers";
grant select on "remmers".syssvwjoins to "yonah" with grant option as "remmers";
grant update on "remmers".syssvwjoins to "yonah" with grant option as "remmers";
grant insert on "remmers".syssvwjoins to "yonah" with grant option as "remmers";
grant delete on "remmers".syssvwjoins to "yonah" with grant option as "remmers";
grant index on "remmers".syssvwjoins to "yonah" with grant option as "remmers";
grant select on "remmers".syssvwaliases to "fox" with grant option as "remmers";
grant update on "remmers".syssvwaliases to "fox" with grant option as "remmers";
grant insert on "remmers".syssvwaliases to "fox" with grant option as "remmers";
grant delete on "remmers".syssvwaliases to "fox" with grant option as "remmers";
grant index on "remmers".syssvwaliases to "fox" with grant option as "remmers";
grant select on "remmers".syssvwaliases to "hugh" with grant option as "remmers";
grant update on "remmers".syssvwaliases to "hugh" with grant option as "remmers";
grant insert on "remmers".syssvwaliases to "hugh" with grant option as "remmers";
grant delete on "remmers".syssvwaliases to "hugh" with grant option as "remmers";
grant index on "remmers".syssvwaliases to "hugh" with grant option as "remmers";
grant select on "remmers".syssvwaliases to "imf" with grant option as "remmers";
grant update on "remmers".syssvwaliases to "imf" with grant option as "remmers";
grant insert on "remmers".syssvwaliases to "imf" with grant option as "remmers";
grant delete on "remmers".syssvwaliases to "imf" with grant option as "remmers";
grant index on "remmers".syssvwaliases to "imf" with grant option as "remmers";
grant select on "remmers".syssvwaliases to "informix" with grant option as "remmers";
grant update on "remmers".syssvwaliases to "informix" with grant option as "remmers";
grant insert on "remmers".syssvwaliases to "informix" with grant option as "remmers";
grant delete on "remmers".syssvwaliases to "informix" with grant option as "remmers";
grant index on "remmers".syssvwaliases to "informix" with grant option as "remmers";
grant select on "remmers".syssvwaliases to "ken" with grant option as "remmers";
grant update on "remmers".syssvwaliases to "ken" with grant option as "remmers";
grant insert on "remmers".syssvwaliases to "ken" with grant option as "remmers";
grant delete on "remmers".syssvwaliases to "ken" with grant option as "remmers";
grant index on "remmers".syssvwaliases to "ken" with grant option as "remmers";
grant select on "remmers".syssvwaliases to "pete" with grant option as "remmers";
grant update on "remmers".syssvwaliases to "pete" with grant option as "remmers";
grant insert on "remmers".syssvwaliases to "pete" with grant option as "remmers";
grant delete on "remmers".syssvwaliases to "pete" with grant option as "remmers";
grant index on "remmers".syssvwaliases to "pete" with grant option as "remmers";
grant select on "remmers".syssvwaliases to "public" as "remmers";
grant select on "remmers".syssvwaliases to "yonah" with grant option as "remmers";
grant update on "remmers".syssvwaliases to "yonah" with grant option as "remmers";
grant insert on "remmers".syssvwaliases to "yonah" with grant option as "remmers";
grant delete on "remmers".syssvwaliases to "yonah" with grant option as "remmers";
grant index on "remmers".syssvwaliases to "yonah" with grant option as "remmers";
grant select on "remmers".syssvworder to "fox" with grant option as "remmers";
grant update on "remmers".syssvworder to "fox" with grant option as "remmers";
grant insert on "remmers".syssvworder to "fox" with grant option as "remmers";
grant delete on "remmers".syssvworder to "fox" with grant option as "remmers";
grant index on "remmers".syssvworder to "fox" with grant option as "remmers";
grant select on "remmers".syssvworder to "hugh" with grant option as "remmers";
grant update on "remmers".syssvworder to "hugh" with grant option as "remmers";
grant insert on "remmers".syssvworder to "hugh" with grant option as "remmers";
grant delete on "remmers".syssvworder to "hugh" with grant option as "remmers";
grant index on "remmers".syssvworder to "hugh" with grant option as "remmers";
grant select on "remmers".syssvworder to "imf" with grant option as "remmers";
grant update on "remmers".syssvworder to "imf" with grant option as "remmers";
grant insert on "remmers".syssvworder to "imf" with grant option as "remmers";
grant delete on "remmers".syssvworder to "imf" with grant option as "remmers";
grant index on "remmers".syssvworder to "imf" with grant option as "remmers";
grant select on "remmers".syssvworder to "informix" with grant option as "remmers";
grant update on "remmers".syssvworder to "informix" with grant option as "remmers";
grant insert on "remmers".syssvworder to "informix" with grant option as "remmers";
grant delete on "remmers".syssvworder to "informix" with grant option as "remmers";
grant index on "remmers".syssvworder to "informix" with grant option as "remmers";
grant select on "remmers".syssvworder to "ken" with grant option as "remmers";
grant update on "remmers".syssvworder to "ken" with grant option as "remmers";
grant insert on "remmers".syssvworder to "ken" with grant option as "remmers";
grant delete on "remmers".syssvworder to "ken" with grant option as "remmers";
grant index on "remmers".syssvworder to "ken" with grant option as "remmers";
grant select on "remmers".syssvworder to "pete" with grant option as "remmers";
grant update on "remmers".syssvworder to "pete" with grant option as "remmers";
grant insert on "remmers".syssvworder to "pete" with grant option as "remmers";
grant delete on "remmers".syssvworder to "pete" with grant option as "remmers";
grant index on "remmers".syssvworder to "pete" with grant option as "remmers";
grant select on "remmers".syssvworder to "public" as "remmers";
grant select on "remmers".syssvworder to "yonah" with grant option as "remmers";
grant update on "remmers".syssvworder to "yonah" with grant option as "remmers";
grant insert on "remmers".syssvworder to "yonah" with grant option as "remmers";
grant delete on "remmers".syssvworder to "yonah" with grant option as "remmers";
grant index on "remmers".syssvworder to "yonah" with grant option as "remmers";
grant select on "remmers".syssvwauth to "fox" with grant option as "remmers";
grant update on "remmers".syssvwauth to "fox" with grant option as "remmers";
grant insert on "remmers".syssvwauth to "fox" with grant option as "remmers";
grant delete on "remmers".syssvwauth to "fox" with grant option as "remmers";
grant index on "remmers".syssvwauth to "fox" with grant option as "remmers";
grant select on "remmers".syssvwauth to "hugh" with grant option as "remmers";
grant update on "remmers".syssvwauth to "hugh" with grant option as "remmers";
grant insert on "remmers".syssvwauth to "hugh" with grant option as "remmers";
grant delete on "remmers".syssvwauth to "hugh" with grant option as "remmers";
grant index on "remmers".syssvwauth to "hugh" with grant option as "remmers";
grant select on "remmers".syssvwauth to "imf" with grant option as "remmers";
grant update on "remmers".syssvwauth to "imf" with grant option as "remmers";
grant insert on "remmers".syssvwauth to "imf" with grant option as "remmers";
grant delete on "remmers".syssvwauth to "imf" with grant option as "remmers";
grant index on "remmers".syssvwauth to "imf" with grant option as "remmers";
grant select on "remmers".syssvwauth to "informix" with grant option as "remmers";
grant update on "remmers".syssvwauth to "informix" with grant option as "remmers";
grant insert on "remmers".syssvwauth to "informix" with grant option as "remmers";
grant delete on "remmers".syssvwauth to "informix" with grant option as "remmers";
grant index on "remmers".syssvwauth to "informix" with grant option as "remmers";
grant select on "remmers".syssvwauth to "ken" with grant option as "remmers";
grant update on "remmers".syssvwauth to "ken" with grant option as "remmers";
grant insert on "remmers".syssvwauth to "ken" with grant option as "remmers";
grant delete on "remmers".syssvwauth to "ken" with grant option as "remmers";
grant index on "remmers".syssvwauth to "ken" with grant option as "remmers";
grant select on "remmers".syssvwauth to "pete" with grant option as "remmers";
grant update on "remmers".syssvwauth to "pete" with grant option as "remmers";
grant insert on "remmers".syssvwauth to "pete" with grant option as "remmers";
grant delete on "remmers".syssvwauth to "pete" with grant option as "remmers";
grant index on "remmers".syssvwauth to "pete" with grant option as "remmers";
grant select on "remmers".syssvwauth to "public" as "remmers";
grant select on "remmers".syssvwauth to "yonah" with grant option as "remmers";
grant update on "remmers".syssvwauth to "yonah" with grant option as "remmers";
grant insert on "remmers".syssvwauth to "yonah" with grant option as "remmers";
grant delete on "remmers".syssvwauth to "yonah" with grant option as "remmers";
grant index on "remmers".syssvwauth to "yonah" with grant option as "remmers";
grant select on "remmers".syssvwformats to "fox" with grant option as "remmers";
grant update on "remmers".syssvwformats to "fox" with grant option as "remmers";
grant insert on "remmers".syssvwformats to "fox" with grant option as "remmers";
grant delete on "remmers".syssvwformats to "fox" with grant option as "remmers";
grant index on "remmers".syssvwformats to "fox" with grant option as "remmers";
grant select on "remmers".syssvwformats to "hugh" with grant option as "remmers";
grant update on "remmers".syssvwformats to "hugh" with grant option as "remmers";
grant insert on "remmers".syssvwformats to "hugh" with grant option as "remmers";
grant delete on "remmers".syssvwformats to "hugh" with grant option as "remmers";
grant index on "remmers".syssvwformats to "hugh" with grant option as "remmers";
grant select on "remmers".syssvwformats to "imf" with grant option as "remmers";
grant update on "remmers".syssvwformats to "imf" with grant option as "remmers";
grant insert on "remmers".syssvwformats to "imf" with grant option as "remmers";
grant delete on "remmers".syssvwformats to "imf" with grant option as "remmers";
grant index on "remmers".syssvwformats to "imf" with grant option as "remmers";
grant select on "remmers".syssvwformats to "informix" with grant option as "remmers";
grant update on "remmers".syssvwformats to "informix" with grant option as "remmers";
grant insert on "remmers".syssvwformats to "informix" with grant option as "remmers";
grant delete on "remmers".syssvwformats to "informix" with grant option as "remmers";
grant index on "remmers".syssvwformats to "informix" with grant option as "remmers";
grant select on "remmers".syssvwformats to "ken" with grant option as "remmers";
grant update on "remmers".syssvwformats to "ken" with grant option as "remmers";
grant insert on "remmers".syssvwformats to "ken" with grant option as "remmers";
grant delete on "remmers".syssvwformats to "ken" with grant option as "remmers";
grant index on "remmers".syssvwformats to "ken" with grant option as "remmers";
grant select on "remmers".syssvwformats to "pete" with grant option as "remmers";
grant update on "remmers".syssvwformats to "pete" with grant option as "remmers";
grant insert on "remmers".syssvwformats to "pete" with grant option as "remmers";
grant delete on "remmers".syssvwformats to "pete" with grant option as "remmers";
grant index on "remmers".syssvwformats to "pete" with grant option as "remmers";
grant select on "remmers".syssvwformats to "public" as "remmers";
grant select on "remmers".syssvwformats to "yonah" with grant option as "remmers";
grant update on "remmers".syssvwformats to "yonah" with grant option as "remmers";
grant insert on "remmers".syssvwformats to "yonah" with grant option as "remmers";
grant delete on "remmers".syssvwformats to "yonah" with grant option as "remmers";
grant index on "remmers".syssvwformats to "yonah" with grant option as "remmers";
grant select on "remmers".syssvwinput to "fox" with grant option as "remmers";
grant update on "remmers".syssvwinput to "fox" with grant option as "remmers";
grant insert on "remmers".syssvwinput to "fox" with grant option as "remmers";
grant delete on "remmers".syssvwinput to "fox" with grant option as "remmers";
grant index on "remmers".syssvwinput to "fox" with grant option as "remmers";
grant select on "remmers".syssvwinput to "hugh" with grant option as "remmers";
grant update on "remmers".syssvwinput to "hugh" with grant option as "remmers";
grant insert on "remmers".syssvwinput to "hugh" with grant option as "remmers";
grant delete on "remmers".syssvwinput to "hugh" with grant option as "remmers";
grant index on "remmers".syssvwinput to "hugh" with grant option as "remmers";
grant select on "remmers".syssvwinput to "imf" with grant option as "remmers";
grant update on "remmers".syssvwinput to "imf" with grant option as "remmers";
grant insert on "remmers".syssvwinput to "imf" with grant option as "remmers";
grant delete on "remmers".syssvwinput to "imf" with grant option as "remmers";
grant index on "remmers".syssvwinput to "imf" with grant option as "remmers";
grant select on "remmers".syssvwinput to "informix" with grant option as "remmers";
grant update on "remmers".syssvwinput to "informix" with grant option as "remmers";
grant insert on "remmers".syssvwinput to "informix" with grant option as "remmers";
grant delete on "remmers".syssvwinput to "informix" with grant option as "remmers";
grant index on "remmers".syssvwinput to "informix" with grant option as "remmers";
grant select on "remmers".syssvwinput to "ken" with grant option as "remmers";
grant update on "remmers".syssvwinput to "ken" with grant option as "remmers";
grant insert on "remmers".syssvwinput to "ken" with grant option as "remmers";
grant delete on "remmers".syssvwinput to "ken" with grant option as "remmers";
grant index on "remmers".syssvwinput to "ken" with grant option as "remmers";
grant select on "remmers".syssvwinput to "pete" with grant option as "remmers";
grant update on "remmers".syssvwinput to "pete" with grant option as "remmers";
grant insert on "remmers".syssvwinput to "pete" with grant option as "remmers";
grant delete on "remmers".syssvwinput to "pete" with grant option as "remmers";
grant index on "remmers".syssvwinput to "pete" with grant option as "remmers";
grant select on "remmers".syssvwinput to "public" as "remmers";
grant select on "remmers".syssvwinput to "yonah" with grant option as "remmers";
grant update on "remmers".syssvwinput to "yonah" with grant option as "remmers";
grant insert on "remmers".syssvwinput to "yonah" with grant option as "remmers";
grant delete on "remmers".syssvwinput to "yonah" with grant option as "remmers";
grant index on "remmers".syssvwinput to "yonah" with grant option as "remmers";
grant select on "remmers".syssvwinclude to "fox" with grant option as "remmers";
grant update on "remmers".syssvwinclude to "fox" with grant option as "remmers";
grant insert on "remmers".syssvwinclude to "fox" with grant option as "remmers";
grant delete on "remmers".syssvwinclude to "fox" with grant option as "remmers";
grant index on "remmers".syssvwinclude to "fox" with grant option as "remmers";
grant select on "remmers".syssvwinclude to "hugh" with grant option as "remmers";
grant update on "remmers".syssvwinclude to "hugh" with grant option as "remmers";
grant insert on "remmers".syssvwinclude to "hugh" with grant option as "remmers";
grant delete on "remmers".syssvwinclude to "hugh" with grant option as "remmers";
grant index on "remmers".syssvwinclude to "hugh" with grant option as "remmers";
grant select on "remmers".syssvwinclude to "imf" with grant option as "remmers";
grant update on "remmers".syssvwinclude to "imf" with grant option as "remmers";
grant insert on "remmers".syssvwinclude to "imf" with grant option as "remmers";
grant delete on "remmers".syssvwinclude to "imf" with grant option as "remmers";
grant index on "remmers".syssvwinclude to "imf" with grant option as "remmers";
grant select on "remmers".syssvwinclude to "informix" with grant option as "remmers";
grant update on "remmers".syssvwinclude to "informix" with grant option as "remmers";
grant insert on "remmers".syssvwinclude to "informix" with grant option as "remmers";
grant delete on "remmers".syssvwinclude to "informix" with grant option as "remmers";
grant index on "remmers".syssvwinclude to "informix" with grant option as "remmers";
grant select on "remmers".syssvwinclude to "ken" with grant option as "remmers";
grant update on "remmers".syssvwinclude to "ken" with grant option as "remmers";
grant insert on "remmers".syssvwinclude to "ken" with grant option as "remmers";
grant delete on "remmers".syssvwinclude to "ken" with grant option as "remmers";
grant index on "remmers".syssvwinclude to "ken" with grant option as "remmers";
grant select on "remmers".syssvwinclude to "pete" with grant option as "remmers";
grant update on "remmers".syssvwinclude to "pete" with grant option as "remmers";
grant insert on "remmers".syssvwinclude to "pete" with grant option as "remmers";
grant delete on "remmers".syssvwinclude to "pete" with grant option as "remmers";
grant index on "remmers".syssvwinclude to "pete" with grant option as "remmers";
grant select on "remmers".syssvwinclude to "public" as "remmers";
grant select on "remmers".syssvwinclude to "yonah" with grant option as "remmers";
grant update on "remmers".syssvwinclude to "yonah" with grant option as "remmers";
grant insert on "remmers".syssvwinclude to "yonah" with grant option as "remmers";
grant delete on "remmers".syssvwinclude to "yonah" with grant option as "remmers";
grant index on "remmers".syssvwinclude to "yonah" with grant option as "remmers";
grant select on "remmers".sysulist to "fox" with grant option as "remmers";
grant update on "remmers".sysulist to "fox" with grant option as "remmers";
grant insert on "remmers".sysulist to "fox" with grant option as "remmers";
grant delete on "remmers".sysulist to "fox" with grant option as "remmers";
grant index on "remmers".sysulist to "fox" with grant option as "remmers";
grant select on "remmers".sysulist to "hugh" with grant option as "remmers";
grant update on "remmers".sysulist to "hugh" with grant option as "remmers";
grant insert on "remmers".sysulist to "hugh" with grant option as "remmers";
grant delete on "remmers".sysulist to "hugh" with grant option as "remmers";
grant index on "remmers".sysulist to "hugh" with grant option as "remmers";
grant select on "remmers".sysulist to "imf" with grant option as "remmers";
grant update on "remmers".sysulist to "imf" with grant option as "remmers";
grant insert on "remmers".sysulist to "imf" with grant option as "remmers";
grant delete on "remmers".sysulist to "imf" with grant option as "remmers";
grant index on "remmers".sysulist to "imf" with grant option as "remmers";
grant select on "remmers".sysulist to "informix" with grant option as "remmers";
grant update on "remmers".sysulist to "informix" with grant option as "remmers";
grant insert on "remmers".sysulist to "informix" with grant option as "remmers";
grant delete on "remmers".sysulist to "informix" with grant option as "remmers";
grant index on "remmers".sysulist to "informix" with grant option as "remmers";
grant select on "remmers".sysulist to "ken" with grant option as "remmers";
grant update on "remmers".sysulist to "ken" with grant option as "remmers";
grant insert on "remmers".sysulist to "ken" with grant option as "remmers";
grant delete on "remmers".sysulist to "ken" with grant option as "remmers";
grant index on "remmers".sysulist to "ken" with grant option as "remmers";
grant select on "remmers".sysulist to "pete" with grant option as "remmers";
grant update on "remmers".sysulist to "pete" with grant option as "remmers";
grant insert on "remmers".sysulist to "pete" with grant option as "remmers";
grant delete on "remmers".sysulist to "pete" with grant option as "remmers";
grant index on "remmers".sysulist to "pete" with grant option as "remmers";
grant select on "remmers".sysulist to "public" as "remmers";
grant select on "remmers".sysulist to "yonah" with grant option as "remmers";
grant update on "remmers".sysulist to "yonah" with grant option as "remmers";
grant insert on "remmers".sysulist to "yonah" with grant option as "remmers";
grant delete on "remmers".sysulist to "yonah" with grant option as "remmers";
grant index on "remmers".sysulist to "yonah" with grant option as "remmers";
grant select on "remmers".tomstest to "public" as "remmers";
grant update on "remmers".tomstest to "public" as "remmers";
grant insert on "remmers".tomstest to "public" as "remmers";
grant delete on "remmers".tomstest to "public" as "remmers";
grant index on "remmers".tomstest to "public" as "remmers";
grant select on "infsyssr".svfgen_old to "fox" as "infsyssr";
grant select on "infsyssr".svfgen_old to "hugh" as "infsyssr";
grant select on "infsyssr".svfgen_old to "imf" as "infsyssr";
grant all on "infsyssr".svfgen_old to "informix" as "infsyssr";
grant select on "infsyssr".svfgen_old to "ken" as "infsyssr";
grant select on "infsyssr".svfgen_old to "liuser" as "infsyssr";
grant select on "infsyssr".svfgen_old to "pete" as "infsyssr";
grant select on "infsyssr".svfgen_old to "remmers" as "infsyssr";
grant select on "infsyssr".svfgen_old to "yonah" as "infsyssr";
grant select on "infsyssr".svfgen to "fox" as "infsyssr";
grant select on "infsyssr".svfgen to "hugh" as "infsyssr";
grant select on "infsyssr".svfgen to "imf" as "infsyssr";
grant all on "infsyssr".svfgen to "informix" as "infsyssr";
grant select on "infsyssr".svfgen to "ken" as "infsyssr";
grant select on "infsyssr".svfgen to "liuser" as "infsyssr";
grant select on "infsyssr".svfgen to "pete" as "infsyssr";
grant select on "infsyssr".svfgen to "remmers" as "infsyssr";
grant select on "infsyssr".svfgen to "yonah" as "infsyssr";


create procedure "informix".li_add(
        _id             char(12),
        _host_name      char(12),
        _account        char(8),
        _mail_fwd_addr  varchar(80),
        _uid            char(5)
        )
insert into users
        (
        id,
        account,
        mail_fwd_addr,
        uid
        )
values
        (
        _id,
        _account,
        _mail_fwd_addr,
        _uid
        );
insert into hosts_users
        (
        id,
        account,
        uid,
        host_name
        )
values
        (
        _id,
        _account,
        _uid,
        _host_name
        );
end procedure;

create procedure "informix".li_mail_forward(
        _id             char(12)
        )
returning char(12), varchar(255);
define o_id char(12);
define o_mail_fwd_addr varchar(255);
select id, mail_fwd_addr
into o_id, o_mail_fwd_addr
from mail_forward
where id=_id;
return o_id, o_mail_fwd_addr;
end procedure;


 

grant  execute on "informix".li_add to "public" as "informix";
grant  execute on "informix".li_mail_forward to "public" as "informix";







 

dbexport completed



From deroest@cac.washington.edu Mon Nov 24 11:09:01 1997
Date: Thu, 20 Nov 1997 16:06:53 -0800
From: James W DeRoest 
To: James W DeRoest ,
    Hugh Sheets ,
    Yonah Karp ,
    Pete Pulliam ,
    Tom Remmers ,
    Jim Fox , Ken Lowe ,
    Donn Cave 
Cc: Lori Stevens ,
    Brad Greer 
Subject: Re: Multiple realms

    [The following text is in the "iso-8859-1" character set]
    [Your display is set for the "us-ascii" character set]
    [Some characters may be displayed incorrectly]

 I should have also added that we do want to support remote sites running
there own authorization data the is used in addition to the base
authorization information in Li.  For example Rob Christ is using a local
MCIS authorization database to decide who has access to clinical data.  His
app will first authenticate against our name space which assumes some base
presence in Li.  Once that is successful, then the app will authorize the
user against his local DB.

Jim

-----Original Message-----
From: James W DeRoest 
To: Hugh Sheets ; Yonah Karp
; Pete Pulliam ; Tom Remmers
; Jim Fox ; Ken Lowe
; Donn Cave 
Cc: Lori Stevens ; Brad Greer

Date: Thursday, November 20, 1997 2:18 PM
Subject: Multiple realms

Ken and I talked for a minute after the coord meeting concerning your
multiple realms idea for regonal/department populations.  I don't see any
problem with this as long as we maintain local controls.  The consensus from
a long couple of years worth of discussions concerning
security/access-control is that we will not trust anyone/anygroup outside of
C&anygC.  We need to be able to deny access to any individual on a per
service
or globally for all local services as required.  This means granularity for
turning off access to one user in a group without effecting anyone else.
What this means is that we will likely have to map namespaces with large
groups like WSU or run the total namespace locally.  Whether we run it all
from one ldap/kdc realm or a hierarchy of ldap/kdc realms is up to you as
long as it scales.

This namespace mapping business is pretty much a given.  Every product seems
to have its own ldap/security implementation that may not be interoperable
with anyone else.  Example the Netscape Directory Service and Domino.  We
should probably look seriously at gateway products like Zoomit's Via or
start developing our own gateway capability.

Jim


From deroest@cac.washington.edu Mon Nov 24 11:09:13 1997
Date: Thu, 20 Nov 1997 14:18:22 -0800
From: James W DeRoest 
To: Hugh Sheets ,
    Yonah Karp ,
    Pete Pulliam ,
    Tom Remmers ,
    Jim Fox , Ken Lowe ,
    Donn Cave 
Cc: Lori Stevens ,
    Brad Greer 
Subject: Multiple realms

    [The following text is in the "iso-8859-1" character set]
    [Your display is set for the "us-ascii" character set]
    [Some characters may be displayed incorrectly]

 Ken and I talked for a minute after the coord meeting concerning your
multiple realms idea for regonal/department populations.  I don't see any
problem with this as long as we maintain local controls.  The consensus from
a long couple of years worth of discussions concerning
security/access-control is that we will not trust anyone/anygroup outside of
C&C.  We need to be able to deny access to any individual on a per service
or globally for all local services as required.  This means granularity for
turning off access to one user in a group without effecting anyone else.
What this means is that we will likely have to map namespaces with large
groups like WSU or run the total namespace locally.  Whether we run it all
from one ldap/kdc realm or a hierarchy of ldap/kdc realms is up to you as
long as it scales.

This namespace mapping business is pretty much a given.  Every product seems
to have its own ldap/security implementation that may not be interoperable
with anyone else.  Example the Netscape Directory Service and Domino.  We
should probably look seriously at gateway products like Zoomit's Via or
start developing our own gateway capability.

Jim


From echaffin@u.washington.edu Mon Nov 24 11:09:31 1997
Date: Thu, 20 Nov 1997 12:03:31 -0800 (PST)
From: Elizabeth Runkle 
To: Hugh Sheets 
Subject: Vitcos backups....

Hugh,

  Sid forwarded your Vitcos Informix query to me.

  Informix backups are performed for entire-system recovery, nightly at
22:00.  Tapes are archived for about 2 weeks.  This backup can only be
used to restore the entire server to a dump time, or using the transaction
log to completely apply the last transaction log backup.  All databases
must be restored to the same master catalog timestamp.  This database
backup is used only for complete server, or hardware disaster.

  Individual databases can be recreated/restored via the dbexport and
dbimport utilities.  dbexport must be explicitly scheduled, and run with
no-user connections to the database.  If user connections prevent the
successful dbexport of one of your databases for any night, DBA has
been notifying Tom Remmers. DBA team has cron'd dbexports for shuksan,
sequim, and lidb databases.
accsys database export:
45 20 * * *             /informix/v7/dba/lidb/dbexport.scpt
50 20 * * *             /informix/v7/dba/sequim/dbexport.scpt
55 20 * * *             /informix/v7/dba/shuksan/dbexport.scpt
05 21 * * *             /informix/v7/dba/shuksan/tar.scpt

All the dbexport files are tar'd and fstored to tape:
/infxdump3/infxacctar.yymmddhhmmss.Z
-rw-r--r--   1 informix informix 8306967 Nov 19 21:05
                                    infxacctar.971119210500.Z
keep about 2 weeks of export files:
fstore -list vitcos.informix.infxacctar.yymmddhhmmss.Z

This routine was established for the vitcos2 (SABRE - Disaster testing)
environment, but could be utilized or modified to your requirements.
dbexport & dbimport requires 'DBA' permission on the database to run.
	sequim	accsys is DBA
	shuksan accsys is DBA
	lidb    informix created the database, then granted DBA
		  to each programmer id (e.g. hugh, yonah, remmers, etc.)
dbexport unloads the schema commands to rebuild the database, and the
table data.  It's possible to use that data to create a table.  If the
dbimport is used to rebuild the entire database to that point-in-time
of the dbexport, then it expects to create the database anew.

If you're interested in the sequence to drop, rebuild, and dbimport
a database, I can provide you with sample syntax.  Needs to include
dbspace to locate the database, and reinstate the logging option.

It is also possible to unload specific tables to files via a script or
interactively.  DBA is not doing this for any accsys tables.  Sample:

isql - - <
To: Liz Runkle 
Subject: [Hugh Sheets: Vitcos backups....]

Liz, can you respond to Hugh's queston?

-Sid

 ** Begin Forwarded Message **

Date: Thu, 20 Nov 1997 10:47:15 -0800 (PST)
From: Hugh Sheets 
Subject: Vitcos backups....
To: smcharg@cac.washington.edu
cc: hugh@cac.washington.edu

Sid: Can you tell me (or maybe redirect me) when vitcos backups are done?
     Also, what is the process for doing restores?

     I know vitcos is a development machine and the backup schedule
     may differ for a production machine, but we would like to know
     what is being done now.  When we have our Informix database
     running in production, can we restore a portion of the database
     if somehow a table gets destroyed, as opposed to the whole database
     as of the last backup?  If the restore procedure is such that
     we could do our own restores if needed rather than working through
     your staff that would would speed recovery.

Hugh


Date: Mon, 17 Nov 1997 12:35:16 -0800 (PST)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hugh@cac.washington.edu, ken@cac.washington.edu,
    pete@cac.washington.edu, remmers@cac.washington.edu,
    stenvik@cac.washington.edu, yonah@cac.washington.edu
Cc: deroest@cac.washington.edu
Subject: Accounting project....

From 97/11/13 meeting:

Tom has continued to work on the Informix DB design and performance.  He
has also been experimenting with NT.  

Bill Uhrich (clinician administrator) wants to proceed with using the 
ACCESS client he developed to administer clinicians.  At the moment the 
aagaard /cluster/MCIS/clinicians file is the only access.  Ken mentioned
this file is still needed for other uses even with an administrative 
client, so Tom will be sure the client updates /cluster/MCIS/clinicians 
and will put Bill Uhrich's client in production.  

A discussion ensued on what happens when somebody wipes out the Informix
DB, or makes some mistaken change that causes 1000 accounts to expire, 
or the like.  With our model of allowing managers to manipulate some 
subset of Shuksan, we need administrative tools to restore our data and 
limit damage others can do.  We need a "published" policy of what we can
restore to and what the sub-managers need to keep for their own 
restores.  For an example, if we can restore Shuksan to that last dump 
done last night and some manager in Cle Elum adds and changes 100 
accounts today then something happens to destroy a part of Shuksan 
affecting Cle Elum people/accounts, the Cle Elum manager has to be able 
to recreate what they did today because we won't have that data.  We 
have already discussed the need to "compartmentalize" Shuksan so one 
managers mistake won't affect another manager's data.  We also need more
specifics of how Shuksan is being backed-up and when, and how restores 
are done.  Hugh will talk to Sid.  We can all plainly see the potential
for other people making mistakes that we will spend a lot of time
fixing up.

Tom is planning a call to Netscape next week to ask about their LDAP 
server.  Tom is also looking at a MicroSoft product called "Active 
Server Pages", which seems to be an easy way to create web forms and and
can interface to ODBC.  This may be an easy way to make administrative
web-based clients and is worth following..  This would require an NT box 
and Internet Explorer for each administrator, but no other required 
products (we had considered ACCESS clients, but ACCESS would have to be 
installed on every NT box).  

The DB2 license has arrived - the license manager will run on mead1 as 
do our other licensed products.  Cybele is not a good choice to test 
DB2, but strunk, white, king, or queen may be available and would be a 
better, non-impacting test machine.  

Tom reports Martha Smith will be trying to send the HEPPs data to Vitcos
directly (in parallel with the existing Austen process) this Friday (Nov
14) so we all hope this is finally progressing.  

People are encouraged to look at the Accounting project web page - Yonah
has the requirements document available and the project page has a new 
look.  Yonah has removed Max and Carson from the billing programs on 
Austen.  

Hugh has scheduled a clients meeting next Thursday at 09:00 and will be 
circulating an agenda to us internal folks before then.  Hopefully we 
can all attend and hear needs firsthand and present a unified front.

Until we ran out of time, we discussed the two projects we are calling 
the namespace and the accounting, which make up the overall accounting 
project.  We have been working on the namespace project, and there are 
still some questions/concerns/doubts maybe about the specification Jim 
DeRoest has given us concerning the potential for a very large namespace
populated with people we have not dealt with in the past who in fact 
will not have accounts on our systems but will need to authenticate for 
some reason.  (After the meeting Hugh resent a portion of the last 
meeting minutes that Jim attended where this is explained.  Hopefully 
this will help clarify - if people read it - and then we can address 
specific questions next meeting.  If needed, we can invite Jim again for
more discussion.)  

Task review:
------------
Tom: Database development, loading, processing.
     Faculty/Staff data loading, processing.
     Clinician data loading, processing, addid-type client.
     LDAP from Netscape?
     DB2 for a test Informix replacement.
     Explore NT.

Pete: Web-based new.

Tracy: Work on entire suite of clients.

Yonah/Hugh: Work on backup/restore policies.

Hugh: Talk to Sid about Vitcos backups, the schedule, and restores.


Date: Fri, 14 Nov 1997 13:57:23 -0700
From: Donn Cave 
To: li + acctg -- Jim Fox ,
    Hugh Sheets ,
    Tracy Stenvik , Ken Lowe ,
    Pete Pulliam ,
    Thomas W Remmers , yonah@u.washington.edu
Cc: James W DeRoest 
Subject: Informix IDs for LDAP DNs

We have talked about using an ID automatically generated for Informix,
for a hopefully unique and immutable identity for the LDAP ``Distinguished
Name'' that represents each person.  Whether we use one or many LDAP services,
I'd think we'd want that numeric key as a common feature in all of them.

We can't get there with the current staff and student directory information,
without some help from the HEPPS and student database people;  I was talking
with Tom about this and it looks complicated and touchy enough that I should
lay it out here before going off to Martha with ideas about what they could
do for us.

I can't get the Informix IDs reliably even for those staff who have UA
accounts, because the SSN -> email correlation that IS does for us is
filtered through various HEPPS screen options.  Most staff have email
user@u addresses that I could use, but many who could don't, and a few
are wrong - especially among doctors, it's somewhat common to supply their
secretary's email address in staffdir, for example.

Secondly, what I want is not ``UA computer account'', but ``UW person''.
What we used to call ``the tapes''.  I want the same kind of ID for everyone
in the directory.  I assume the IDs can be there in Informix for everyone,
whether there's a computer account or not, I just need some way to get them,
and obviously email addresses won't do it.

The apparent solution is for IS to provide the same SSN for the HEPPS staff
directory information, as they provide in ``the tapes''.  Then I would expect
to be able to look up the Informix ID by SSN.

Another approach would be for them to merge those two extracts, into a
single UA extract that would have fields for everything, both directory
information and the current department stuff.  There's no overlap whatsoever -
the name is different, the departments are probably somewhat different,
even the email can conflict.  So I can't see much benefit in this merge,
and I suspect that it would take much longer to get (year 2000?), so I
wouldn't ask for it but would hold it out as a satisfactory alternative.

The same issues would have to be addressed with the student data, and
in theory it would be better to use SSNs here too.  That way, LDAP DN
stays the same as people move back and forth between student and staff
status, because I look up the Informix ID from the same key.  That's
all I care about, is that I will reliably get the same Informix ID,
and if the system internally correlates SSN with SN, that's enough.
I don't expect the students will be as hard to work out, anyway, so
the staff data is the first thing on my agenda.

So if any of this inspires brilliant ideas, cold sweat and trembling,
howls of outrage etc., do speak up.

        Donn Cave, University Computing Services, University of Washington
        donn@u.washington.edu


Date: Fri, 14 Nov 1997 10:38:50 -0800 (PST)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hugh@cac.washington.edu, ken@cac.washington.edu,
    pete@cac.washington.edu, remmers@cac.washington.edu,
    stenvik@cac.washington.edu, yonah@cac.washington.edu
Subject: Re: Accounting project....

Yesterday's accounting meeting brought attention to the fact that a key
specification of what we are working on is not universally embraced/
understood/agreed-upon.  Rather than bring Jim DeRoest in again (right
away) to reiterate, I'm resending a portion of the minutes from the last
meeting Jim attended to explain this important aspect of the project,
which was the meeting on Oct 23.  It is not long, and please read it.  
Jim DeRoest did see this and agreed this is what we need to do.  The 
method to accomplish this has been left to us.

It is not important whether we all think this is a wonderful thing to 
do, but it is important to know this is what we have to be prepared for.
None of us has any question about our "traditional" customers - faculty,
staff, students, clinicians; those we are handling now.

What is right now still a concept is the potential for other classes of
"customers" who don't actually have accounts, but are in Shuksan and
the Kerberos database (because they need to authenticate for some
reason) and are administered similarly to the clinicians -
not by us or C&CI, but some other outside managers.  The volume of these
"other customers" could be very large.  If we just keep this in mind
during this design and development phase, we can be ready when an actual
group of these "other customers" comes along.  Maybe, after careful
thought, the best way to handle them is multiple Shuksan and/or
Kerberos databases, or additional realms.  Lets talk about the specifics
and how this would work.  Maybe having one big Shuksan DB and Kerberos DB
is the best way, I don't know.  But we have to figure this out.

On Fri, 24 Oct 1997, Hugh Sheets wrote:

> 
> From 97/10/23 meeting:
> 
> Jim DeRoest joined us to review a couple of issues.  The namespace and 
> accounting are two separate projects.  The accounting is a process that 
> will use the namespace.  The primary work we have been doing so far with
> Shuksan is the namespace.  The namespace project is high priority, with 
> other groups needing this functionality, and there is a danger of 
> fragmented parallel development taking place if we don't deliver 
> something usable soon.  
> 
> The namespace, in a nutshell, is the authorization data in Shuksan, and 
> the authentication data in the Kerberos database.  Authorization data is
> loaded into Shuksan and will need to propegate to the Kerberos database 
> as Kerberos principals whether or not the customers will have UA 
> accounts.  This includes clients for adding, expiring, maintaining this 
> data by a variety of managers, and support for querying the data (LDAP, 
> maybe other methods).  This also needs to be scalable to very large 
> numbers of entries, many with no accounts on C&C machines, with no 
> direct affiliation with the UW, with subgroups managed by diverse 
> managers responsible for only their subgroup.  Thus, we will need to be 
> able to flag customers as members of wide and varied groups, with 
> varying authorizations in mind-boggling combinations.  
> 


Date: Fri, 24 Oct 1997 13:20:23 -0700 (PDT)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hugh@cac.washington.edu, ken@cac.washington.edu,
    pete@cac.washington.edu, remmers@cac.washington.edu,
    stenvik@cac.washington.edu, yonah@cac.washington.edu
Cc: deroest@cac.washington.edu
Subject: Accounting project....

From 97/10/23 meeting:

Jim DeRoest joined us to review a couple of issues.  The namespace and 
accounting are two separate projects.  The accounting is a process that 
will use the namespace.  The primary work we have been doing so far with
Shuksan is the namespace.  The namespace project is high priority, with 
other groups needing this functionality, and there is a danger of 
fragmented parallel development taking place if we don't deliver 
something usable soon.  

The namespace, in a nutshell, is the authorization data in Shuksan, and 
the authentication data in the Kerberos database.  Authorization data is
loaded into Shuksan and will need to propegate to the Kerberos database 
as Kerberos principals whether or not the customers will have UA 
accounts.  This includes clients for adding, expiring, maintaining this 
data by a variety of managers, and support for querying the data (LDAP, 
maybe other methods).  This also needs to be scalable to very large 
numbers of entries, many with no accounts on C&C machines, with no 
direct affiliation with the UW, with subgroups managed by diverse 
managers responsible for only their subgroup.  Thus, we will need to be 
able to flag customers as members of wide and varied groups, with 
varying authorizations in mind-boggling combinations.  

Jim also stressed the importance of supporting NT.  It is worth 
investigating whether the namespace project should be done on NT rather 
than UNIX to ensure NT will work.  Tom will borrow Yonah's PC to upgrade
to NT 5.0 and begin to examine NT in detail.  Jim will try to massage 
the budget to bring in some more NT boxes, maybe even one to start.  
Zardoz is not running well since installing its NT disk, and staff would
raise a fuss if we "appropriated" it.  

Jim is setting up a larger namespace/LDAP meeting including the 
interested parties to try to form a consensus on who will be providing 
the data (us, it is hoped) and how that data will be accessed (LDAP?).  
A likely outcome of that meeting will be a smaller development group who
will work on the namespace project.  

Hugh will convene a meeting in early November to identify clients.  We 
will invite target client users.  

Tom is still having trouble connecting with anyone who can implement the
direct transfer of hepps data to vitcos.  Jim explained the programmer 
shortage in IS, but will try to talk to Mike Pingree.  In the meantime, 
Tom will ftp data by hand from Austen as needed for development.  

Tom may try to talk to Netscape through Jim's contacts about Netscape's 
LDAP.  

Tom and Pete will work with Rob Christ and Bill Urich on the addid-type 
client they need for aagaard users.  They want to assign usernames and 
passwords rather than allowing the customers to run new.  

Pete has a new version of web-based renew, plus is moving the web-based 
new down to the next level of reviewers, having gone through the first 
level.  

Jim Fox is now loading Li with the daily Shuksan-generated student data 
files instead of those Rhys is producing.  No problems to report.  

Task review:
------------
Tom: Database development, loading, processing.
     Faculty/Staff data loading, processing.
     Clinician data loading, processing, addid-type client.
     LDAP from Netscape.
     DB2 license for a test Informix replacement.
     Explore NT

Pete: Web-based new.

Tracy: Work on entire suite of clients.

Yonah: Writing a requirements document.
       Remove Carson, Max from current accounting system.

Hugh: Convene a client meeting.


(97/10/13 Hugh - I concatenated several email messages into the following
                 entry which is a summary.  The text has not been changed    
                 but has had duplicate text removed to make a more concise
                 entry in this log.)
>
Date: Mon, 13 Oct 1997 14:56:13 -0700 (PDT)
From: Oren Sreebny 
To: Yonah Karp 
Cc: "T. Stenvik" ,
    "Michael S. Hornung" ,
    Doris Gallaugher ,
    Oren Sreebny ,
    Hugh Sheets ,
    Jim DeRoest 
Subject: Re: Use of fvf and svf

I third the motion - I'm definitely in favor of no copying of this kind of
info from machine to machine.  Having said that, it will be important for
Mike and crew to be able to express the needs they have and have those
needs met - as this new "who" seems to accomplish.

- Oren

> On Mon, 13 Oct 1997, Yonah Karp wrote:
>
> Yes, let me second this.  One of the design goals of the new
> accounting system is to not have unencrypted files of sensitive
> data anywhere -- and to not have files of data (even encrypted)
> around at all, if possible.
>
> All needs will be met with secure clients.  So that's where my
> questions from a couple of weeks ago came from -- we need to
> know what your requirements are so that we can meet them with
> appropriate clients.
>
> On Mon, 13 Oct 1997, T. Stenvik wrote:
>
> who.new has an option (5) to search the avf/fvf/svf files for an encrypted
> ssn, ssn, and student number, respectively, and return the contents of the
> matched avf/fvf/svf record in the standard who format.  I think this does
> exactly what you want.  If not, let me know what it lacks.  
> 
> We're also trying to move away from copying sensitive data around as much
> as possible, regardless of how "secure" the target machine is.  If we can
> provide client/server access to the data you need, there's no need to lug
> the raw data around.
> 
> On Mon, 13 Oct 1997, Michael S. Hornung wrote:
>
>   We use the svf, fvf, and avf to verify people when they call up for
> password changes, so I would say that they are quite helpful to have on
> Daffy (which is supposed to be a secure machine anyhow).  Not having them
> there would be an inconvenience as we'd have to have an active connection
> to Austen open to look at them from there (which is something we're
> trying to move away from).
>    I'll make sure the move to "who.new" is made.  Thanks.
>
> On Mon, 13 Oct 1997, T. Stenvik wrote:
>
> Could you start using /u/info/bin/who.new instead?  It does the same thing
> yours does, but it gets its info differently - especially the svf/fvf/avf
> data.  Except for raw data for your who, is there any other reason you need
> to copy the svf/fvf/avf files from austen?  We'd prefer that this info not
> leave austen if at all possible.
>
> On Wed, 24 Sep 1997, Michael S. Hornung wrote:
>
>   Currently the versions of svf and fvf are being copied to Daffy on a
> daily basis so we can use them to verify people.   We also have a version
> of "who" on Daffy (/u/info/bin/who2) that works really well to utilize the
> information we have available.  


Date: Mon, 13 Oct 1997 12:56:07 -0700 (PDT)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hugh@cac.washington.edu, ken@cac.washington.edu,
    pete@cac.washington.edu, remmers@cac.washington.edu,
    stenvik@cac.washington.edu, yonah@cac.washington.edu
Subject: Accounting meeting....


From 97/10/09 meeting:

We discussed the high priority plans for Shuksan that were laid out in a
meeting Oct 1.  The need to add clinicians into Shuksan and have them 
get added as a Kerberos principal and get an aagaard account is at hand.
The clinician administrator (Bill Urich) needs an addid type client to 
add/manipulate/expire clinicians.  At that meeting Jim D.  reminded us 
we need to be prepared for very large numbers of entries in Shuksan and 
Kerberos for various authorization and authentication purposes.  This 
was met with some skepticism in this meeting, so we'll see if we can get
Jim to come to the next accounting meeting to clarify this for those who
did not attend the Oct 1 meeting.  

Tom is rethinking the Shuksan design in light of the directive to 
prepare for very large numbers of entries, likely dividing them into 
groups.  Tom is working on handling clinicians via the existing Li to 
handle the immediate needs.  

Tom is awaiting Netscape's LDAP and has abandoned the old Univ. of 
Michigan release.  Netscape's LDAP is due any time.  
  
Jim Fox will begin loading Li with Tom's student files created on 
vitcos.  

Yonah reported the web-based renew is doing better logging, and Pete is 
working on web-based new, the documentation review group is going over 
the wording/look-and-feel now.  

Ken mentioned there are machines that do not participate in the EOQ/IDF 
game, namely the haleys and our server machines.  These machines don't 
expire accounts and should, so this needs to be handled properly in the 
new accounting system.  

Jim Fox asked about DB2; he said even Sid thinks DB2 might be better 
than Informix.  Tom is working on getting a DB2 license so we can 
investigate.  

Tom mentioned again he has hit a brick wall with Martha Smith.  We can't
do a thing about getting the Fac/Staff file to vitcos until we get 
to/through/around Martha.  Tom will talk to Jim D.  to see if we can get
some top-down assistance.  

We are planning to include UW auditors in the review of Shuksan and 
clients as soon as we have something to show for a review from a legal 
perspective.  

Yonah will remove Carson and Max from current accounting system now that
Doris has run quarterly reports.  Hugh has done EOQ and QTRREP.  

Task review:
------------
Tom: Database development, loading, processing.
     Faculty/Staff data loading, processing.
     Clinician data loading, processing. 
     LDAP from Netscape.
     DB2 license for a test Informix replacement.

Pete: Web-based new.

Tracy: Work on entire suite of clients.

Yonah: Writing a requirements document.
       Remove Carson, Max from current accounting system.

Hugh: Invite Jim D. to next meeting to review projected large number
      of entries in authorization (Shuksan) and authentication (Kerberos).

Jim: Update Li with Shuksan data.


Date: Mon, 6 Oct 1997 13:24:27 -0700 (PDT)
From: Yonah Karp 
To: li + acctg -- Jim Fox ,
    Hugh Sheets ,
    "T. Stenvik" , Ken Lowe ,
    "P. Pulliam" ,
    Thomas W Remmers 
Subject: Re: Draft 2 - Supplemental account process (fwd)

Note the point at the bottom about making sure that a billed
"email" account doesn't continue to be billed after its
expiration date.  Needs to be factored into the new system.

  Yonah

---------- Forwarded message ----------
Date: Mon, 6 Oct 1997 12:15:30 -0700 (PDT)
From: "Michael S. Hornung" 
To: Oren Sreebny 
Cc: Sandy Moy ,
    David Wall ,
    Yonah Karp ,
    Jim DeRoest ,
    Doris Holmes ,
    Nathan Dors 
Subject: Re: Draft 2 - Supplemental account process

On Mon, 6 Oct 1997, Oren Sreebny wrote:

>THE CONTACT PERSON AND REGISTERED USERS 
>  
>The contact person will be the owner of the account.  The contact person
>must be a full time UW staff or faculty.  The contact person is
>responsible for proper use, billing, account maintenance, file privileges,
>et al.  It may help to have one or two other "Registered Users" to
>maintain the account.  A registered user would have limited power over the
>account, but would be able to inquire into its status and have the
>password changed.  Registered users must be UW staff, or faculty. 

  To expand on my earlier point, I think that students should be able to
be resistered users for an account since we have assurance from the
contact person that the account will be used appropriately.

>  --------------------------------------------------------------------------
>        o Name of Contact Person (must be UW staff or faculty member)
>        o Social Security Number of Contact Person
>        o Preferred login name for account (eight letters maximum, must be 
>          unique and different from owner's account)
>        o Second choice for login name (in case first is already in use)
>        o Department 
>        o Box Number
>        o Phone Number
>        o Account Type (Course, Departmental, Faculty, Staff, Student or  
>           Sponsored)

  Did you say you took out the "student" part?

>        o Expiration date (do you want to set an expiration date for this
>          account?  If so, when?

  This here is a problem (and can aid in the restructuring of the
accounting and billing systems).  When a sponsored account expires, it
will still be billed until it is manually removed from a certain file
(email.bill on Austen).  Telling people that they can request it be
expired on a given date in the future is problematic because at that later
time there is no way for us to know that the account should stop being
billed.  Make sense?  The acount automatically expires on the given date,
but does not stop getting billed on that date as well.
  What we've been wanting of sponsored accounts in order to prevent this
rampant billing is to have the sponsoring person let us know when they
want accounts to go away AT THAT TIME.  This prevents us from overbilling
accounts.  This, I think, is also why we were preferring a separate form
for sponsored accounts, since the expiration process is so much different.

_________________________
Michael Hornung, hornung@u.washington.edu
Student Lead, Computing & Communications Information
(206) 543-5970, FAX: (206) 543-3909, Box 355670


Date: Fri, 3 Oct 1997 16:30:32 -0700 (PDT)
From: Thomas W Remmers 
To: James W DeRoest 
Cc: Donn Cave , Yonah Karp ,
    Robert Christ ,
    Lori Stevens ,
    Hugh Sheets ,
    Brad Greer , Ken Lowe 
Subject: Authorization DB mtg, followup.

I felt the meeting went very well because we achieved the goal Jim set
out at the beginning, to all get on the same page, and that we will be
able to satisfy clinician needs. Here are the salient points I saw.  I
just threw this together so my apologies for any mistakes.

I.  MCIS needs

From the MCIS perspective, they want to 1) tell Li that a person is a
clinician, 2) remove a person as a clinician from Li, and 3) assign a
principle and password to the K5 server if that person does not already
have a UA account. No further contact with Li or Shuksan (Informix Li)
is needed.  Various MCIS clients will query the K5 server for
authentication.

To meet these needs, at several utilities will be created for MCIS.
One will add a person to Shuksan identifying them as a clinician.  The
second utility will create an Aagaard account and add an entry to the K5
server.  Another will remove a persons clinician identification.

The first utility takes as input the persons social security number,
name and birthdate, the minimum information necessary to create an
account.  If the person is not already in Shuksan a new record will be
created for them as an "AVF", a person who can have a UA account who is
not affiliated with the UW.  The person will be marked as a clinician.
An encrypted validation file will then be sent to the current Li, which
every will read the file every four hours.

Once the current Li reads this file, an Aagaard account can be created
with a modified "addid" program.  (The clinician information must be
sent to the current Li because addid uses the current Li to validate
whether a person can create account.  It is a design goal to direct
addid to Shuksan for this validation)  This modified addid program
takes as input,

  ssn
  birthdate
  last name
  desired login name
  desired password

If the person already has a non-student account, the utility will return
the existing login name for MCIS to use as a unique identifier in other
services.  The login name and password should already be in the K5
server at this point.  If the person does not have a non-student
account, one will be created with the desired login name and password,
and the account will be configured to require the person to change the
login name the first time they login to Aagaard.  The desired login name
and password will be populated in the K5 server. 

Persons will be removed as clinicians in two ways.  In one instance, the
expiration date will be entered using the first utility above.  Likely
scenarios are for temporary visitors to the University.  On the
expiration date, automated processes on Shuksan will 

  - notify Aagaard to expire the user:  the login shell is set to 
    /usr/local/etc/expired, which shows the user an informational text
    and closes the connection.  After 21 days, the files will be
    deleted.

  - notify MCIS in some way (details to be worked out later).

The second way to remove a clinician will be with a utility similar to
the first one described.  This will initial the two steps listed
immediately preceding.

Note 1: If a person is not in Shuksan as a non-student, then added as a
clinician, then becomes an employee and is in HEPPS, that person will
automatically lose their clinician status if they leave the University.
MCIS will not have to manually delete these people.  They will not
automatically return to AVF status.

Note 2: Currently with HEPPS and SDB, the list of all valid people is
received every day.  For clinicians, Shuksan will only be informed of
new clinicians and clinicians to delete (with the exception of the ones
entered with expiration dates).

I have talked with Rob and there is a clearly defined path to achieve
what he needs.

II) It should be possible to add a person to Shuksan and assign them a
K5 principle and password without creating a Uniform Access account. 
Tools should exist for others beyond the third floor to connect to
Shuksan, be authorized, then add and delete a defined subset of
principles. 

III) It should be possible to add a person to Shuksan and associate them
with any number of "groups" or "services".  The idea is that Shuksan
could be queried by ssn or other key to determine if this person is part
of a given group.  Brad envisions a utility that could allow local
department administrators to add, delete and query whether are certain
individual is part of a given group.  One example would be a locally
maintained email list.  He could use LDAP or any other tool, it doesn't
really matter to him.

IV) A unique Serial ID starting at 10000000 (probably) will be assigned
by the database to each person in Shuksan.  Currently the SSN is the
only viable method of uniquely identifying a person, however there could
be legal issues in the future.  Brad mentioned that U Michigan is moving
away from using SSN's as a search key. 

V) LDAP:  I just downloaded the specs for Netscape's Directory server
3.0, and it allows for user defined back-ends to commercial databases,
ie. Informix.  It also will do Kerberos authentication and ACL's.  It
looks very promising and I hope to get at least a demo copy shortly.  It
was supposed to have shipped in 3rd quarter 1997.


Date: Mon, 29 Sep 1997 15:49:01 -0700 (PDT)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hugh@cac.washington.edu, ken@cac.washington.edu,
    pete@cac.washington.edu, remmers@cac.washington.edu,
    stenvik@cac.washington.edu, yonah@cac.washington.edu
Cc: deroest@cac.washington.edu
Subject: Accounting meeting....

From 97/09/25 meeting:

Jim DeRoest joined the meeting to discuss the need to get K5 
authorization and authentication synchronized with Shuksan, and have 
this happen dynamically.  Customers want to make LDAP queries to Shuksan
(not just queries, but administrative access - adding, expiring, 
permitting, so on).  This is part of the Accounting project, but this 
piece has been given a high priority.  There is a need to add large 
blocks of customers to Shuksan who actually would not have UA accounts, 
but just a "presence" in Shuksan for various authentication purposes.  
These would be in a large part non-University people.  In fact, Jim 
warns we should be prepared for a huge name space, possibly a million 
entries and make provision for many flags that control access to many 
permitted services.  There is the desire to allow the management of 
blocks of these sorts of customers be performed by non-University 
administrators, so controls need to be in-place to limit the scope of 
these administrators to only "their" customers.  There is a plan to make
this work a break-out subgroup of the accounting group so it can proceed
in parallel to the accounting project.  Jim will set up a time for this 
group to meet next week.  

Tom has an LDAP backend interface on Vitcos to serve Tracy's validate web
client.  Tom will talk to Frank F.  about security issues, which right 
now don't exist with the LDAP on Vitcos.  From talking to Jim D., the 
LDAP Tom built on Vitcos is a dead-end version from U.  of Michigan, and
we should probably be using Netscape's LDAP.  Tom is having trouble 
connecting with Martha Smith about Faculty/Staff data.  Jim D.  will 
talk to Mike Pingree about who we should be talking to.  

Pete's web-based renew is accessible from the C&C home page.  He is 
working on improved logging as he is only logging successes.  He expects
a new version next week.  For web-based new and renew, he is proposing a
certified site name of "accounts.washington.edu" which will point to the
machine name of "carver.u.washington.edu".  

Yonah has talked to Sandy about different entities in Shuksan (if 
students should be completely separate from Fac/Staff if they are the 
same person, for example) and will write up a summary to circulate.  

This stimulated a lengthy discussion about how we should store 
information in Shuksan.  Since Jim's information on the really large and
diverse influx of customers we can expect, the topic of keeping people 
as separate entities makes this look like a big problem, keeping 
multiple records of the same person and trying to connect them.  We 
thought the only way to correlate them would be the SSN, or a number 
that looked like an SSN for those who don't have one.  This needs 
further thought and planning as this could change the Shuksan design, 
and we need a ruling from Sandy whether it is OK to use the SSN in this 
way.  We also need to talk to Lori Stevens about the way we should hold 
clinicians in Shuksan.  I believe Yonah volunteered to talk to Sandy and
Lori....  

Lots more to discuss, but we ran out of time.

Task review:
------------
Tom: Lots; database development, loading, processing.
     Start thinking about clinicians expiration process.
     Start working on Faculty/Staff data loading, processing.
     Investigate commercial LDAP/Informix interface.
     Talk to Frank F. about LDAP security.

Pete: Web-based new, renew.

Tracy: Manipulation clients, first an AVF add/modify client.

Yonah: Writing a requirements document.
       Consider keeping completely separate Student/Staff/Fac/Clinician
         records in the database.  Write up summary from talking to Sandy.
       Talk to Sandy about using SSN.
       Talk to Lori about how to store clinicians in Shuksan.

Jim: Think about the process to update Li with Shuksan data.


Date: Fri, 26 Sep 1997 14:42:49 -0700 (PDT)
From: "Michael S. Hornung" 
To: Yonah Karp 
Cc: Doris Gallaugher ,
    Oren Sreebny ,
    "T. Stenvik" ,
    Hugh Sheets ,
    "P. Pulliam" ,
    Thomas W Remmers ,
    Jim Fox , Ken Lowe ,
    Jim DeRoest ,
    Jeanne Branom-Sherman 
Subject: Re: Use of fvf and svf

!Yes, I second what Oren said wholeheartedly (and Ken Lowe would
!third and fourth and fifth it were he in on the conversation).
!With the new accounting system well underway, we are more
!interested than ever in writing clients for you and to hear your
!needs and specifications.  (I.e., there's never been a better
!time for you to tell us what you want.)  We have your requests
!from long ago, also, which are being factored into the new
!system design.

  I think that it would be nice if "who" were to query the data in avf,
svf, and fvf.  Particularly the name, ssn, student number, and birthdays
are good for verification of identity.  It's nice to look up a
departmental account in "who" and see at the same time who the responsible
person is.
  It would be nice to have a central location (a command line environment,
like Daffy) where we can use these utilities (I'm personally of the belief
that command line utilities of this sort are better than web-based ones).
  It would be nice to be able to finger accounts (or use cpw) remotely in
order to check for expiration or disuserment.  We made one called "rf".
It might even be nice for "who" to display the shell field of the password
file for users, which would immediately indicate account status.
  It would be nice to use one command to look at the new.logs for users on
Daffy and on a given host all at once.  We have something called "newlog"
on Daffy for that purpose.
  It would be great if "reuser" would do things like check to see if the
user's directories/files have been deleted before reactivation, so as to
avoid an angry user.  Reuser should also check for CDF records and
automatically add them for us if necessary (we don't always want to add
one).

!One of the main concerns with your writing your own tools to 
!massage sensitive data is security -- we need a really good
!audit trail for who sees what, when, and under what
!circumstances.  If we write it we can provide a consistent
!level of security and tracking.

  Ok.  Seems odd that we have access to things like Li and HEPPS if we're
not supposed to see the information, even though a lot of it is necessary
in assisting users.  I was under the assumption that since the data was
there for us, we had might as well use it the best ways possible. 

!Is the web-based "who" providing the functionality you need?
!Could you retire what you wrote on daffy?  If not, what would a
!client need to do to mimic that functionality so that you could
!retire it?

  See comments above.  I feel that it being web-based is a bad idea.

!We've made significant progress with the faculty/staff and
!student processing, though, so we may be able to retire those
!uses off austen and put their functionality onto clients a
!platform (web? PC?) of your choice.

  I would prefer X until NT has something better or comparable to offer,
but I'm not sure how much my opinion is valued.  Considering the number of
things we need to be doing all at once in C&CI, highly multi-tasking
servers are MUCH appreciated.

_________________________
Michael Hornung, hornung@u.washington.edu
Student Lead, Computing & Communications Information
(206) 543-5970, FAX: (206) 543-3909, Box 355670


Date: Wed, 24 Sep 1997 16:43:54 -0700
From: James W DeRoest 
To: Yonah Karp ,
    Tom Remmers ,
    Donn Cave ,
    Hugh Sheets , Ken Lowe 
Subject: Namespace issues

    [The following text is in the "iso-8859-1" character set]
    [Your display is set for the "us-ascii" character set]
    [Some characters may be displayed incorrectly]

There is mounting pressure to use our namespace (K5 and Informix/LDAP Li)
for applications outside of general UA accounting.  So I'm wondering if we
can't get a subgroup working on:

    Expiration/disuser synchronization of K5 and Li
    Mirroring Informix Li and old Li
    Administrative views of Informix Li data
    LDAP ODBC access to required Informix Li data

My concern is that the overall accounting project has many more concerns
other than just making this namespace available to general Web based
applications.  The Bench to Bedside and Beyond project (NLM/NII) is already
going to build a work around architecture because we don't have the
synchronized authentication (K5) and authorization (Informix/LDAP Li) ready.
What I would like to see happen with the account rewrite continues is that
we mirror the old Li name space in Informix and make it available to these
other application sets.  I'd like to get together and discuss how we might
make this happen in parallel with the new accounting system development.

Jim


Date: Wed, 24 Sep 1997 16:42:02 -0700 (PDT)
From: Yonah Karp 
To: "Michael S. Hornung" ,
    Doris Gallaugher 
Cc: Oren Sreebny ,
    "T. Stenvik" ,
    Hugh Sheets ,
    "P. Pulliam" ,
    Thomas W Remmers ,
    Jim Fox , Ken Lowe ,
    Jim DeRoest ,
    Jeanne Branom-Sherman 
Subject: Re: Use of fvf and svf

Yes, I second what Oren said wholeheartedly (and Ken Lowe would
third and fourth and fifth it were he in on the conversation).
With the new accounting system well underway, we are more
interested than ever in writing clients for you and to hear your
needs and specifications.  (I.e., there's never been a better
time for you to tell us what you want.)  We have your requests
from long ago, also, which are being factored into the new
system design.

One of the main concerns with your writing your own tools to 
massage sensitive data is security -- we need a really good
audit trail for who sees what, when, and under what
circumstances.  If we write it we can provide a consistent
level of security and tracking.

Is the web-based "who" providing the functionality you need?
Could you retire what you wrote on daffy?  If not, what would a
client need to do to mimic that functionality so that you could
retire it?

"exps" functionality will find its way into a new client that we
will give you when you move off Austen.  For right now, as long
as expiration processing originates on Austen, exps will
continue to need to be there.

Billing will remain on Austen until that software is
reengineered.  That process hasn't even begun, so it will be
some time before you're totally off Austen. 

We've made significant progress with the faculty/staff and
student processing, though, so we may be able to retire those
uses off austen and put their functionality onto clients a
platform (web? PC?) of your choice.

Class lists are also a function that will move eventually.  

  Yonah

************ below added by Hugh for this archive **************

On Wed, 24 Sep 1997, Michael S. Hornung wrote:

  Well, then what I think we would like to see are shell based utilities
much like what we are currently using since they seem to work so well
without trouble.

_________________________
Michael Hornung, hornung@u.washington.edu
Student Lead, Computing & Communications Information
(206) 543-5970, FAX: (206) 543-3909, Box 355670

************ above added by Hugh for this archive **************

On Wed, 24 Sep 1997, Oren Sreebny wrote:

> I would much rather have the UCS systems folks providing us (C&CI) with
> the tools we need rather than have us in the business of devising and
> maintaining our own tools on Daffy or elsewhere.
> 
> - Oren
> 
> On Wed, 24 Sep 1997, Michael S. Hornung wrote:
> 
> >   See comments throughout:
> > 
> > !We need to know how you use the svf and fvf files (svf.info and
> > !fvf.info).  We don't want to break anything that you're already
> > !using this for.  What we're thinking of is to enable you to look
> > !at the same information via a client.  We also needing to change
> > !the format of the current Austen file for short-term needs --
> > !will doing so (specifically, putting a colon or other field
> > !separator between fields in the svf and fvf) break anything
> > !you've written for your own use?
> > 
> >   Currently the versions of svf and fvf are being copied to Daffy on a
> > daily basis so we can use them to verify people.   We also have a version
> > of "who" on Daffy (/u/info/bin/who2) that works really well to utilize the
> > information we have available.  
> >   The only other uses for svf and fvf that I know of are on Austen where
> > we use a utility called "exps" that searches through the current and old
> > files for matches so we can tell if a person's account should have expired
> > or not.
> >   Doris?  I can't think of any other times that we need to use these
> > files.
> > 
> > !We also need to know how you're using the Austen INFO account
> > !so that we can work towards migrating you onto a client-based
> > !model.  For starters, we'd like to retire svf.info and fvf.info
> > !since that information is already in the Informix database and
> > !it's straightforward to build clients for you to meet your
> > !needs.
> > 
> >   Oh sheesh.  We try to stay off of Austen as much as possible but the
> > following are things that we still use it for:
> > 
> > o maintaining and copying the AVF.DAT
> > o creating Austen accounts for UW staff/faculty
> > o uniform access billing
> >  (Jeanne probably knows most about the billing software we use on Austen)
> >  o posting of printing output charges, bulk disks, and file
> >    restores.
> >  o "charges" program to give us information about CTI output.
> >  o maintain working list of external budgets and such
> > o maintain a list of visiting scholars (with accounts) who have no US
> >   social security number.
> > o adding class resources
> > o generating class lists for course instructors
> > 
> > Doris can correct me if I've missed anything.
> > 
> > _________________________
> > Michael Hornung, hornung@u.washington.edu
> > Student Lead, Computing & Communications Information
> > (206) 543-5970, FAX: (206) 543-3909, Box 355670
> > 
> > 
> 
 

Date: Tue, 23 Sep 1997 18:06:29 -0700 (PDT)
From: Thomas W Remmers 
To: New Accounting System Development -- Jim Fox ,
    Hugh Sheets , Ken Lowe ,
    "P. Pulliam" ,
    Thomas W Remmers , stenvik@u.washington.edu,
    Yonah Karp 
Cc: Jim DeRoest 
Subject: ldap works

I hacked an odbc ldap backend for the validate program.  On Tracy's
validate page, 

http://neruda.cac.washington.edu/ast/projects/validate/validate.html

validating a student number (not ssn) uses an ldap server running on
vitcos that connects via ODBC to the development database (sequim).
Adding ssn would now be trivial.

I initially was not too happy with ldap, but for well defined ways of
looking at the data, ldap should be fine, once security is ironed out.

If you want to connect directly to the ldap server, try,

  ldapsearch -h vitcos -p 4048 'sn=1033337'

Right now I'm trying to keep port 4048 up and running, while 4047 is
used for development.

Tom


Date: Tue, 23 Sep 97 15:02:13 -0700
From: Ken Lowe 
To: pete@u.washington.edu, yonah@u.washington.edu
Cc: fox@u.washington.edu, hugh@u.washington.edu, imf@u.washington.edu,
    remmers@u.washington.edu
Subject: Re: homer vs dante (fwd)

It's not quite that simple even as it stands.  If you're a clinician you
*CANNOT* create a homer account regardless of whether Li says you're staff.
This is not yet implemented by text-new but will be soon.

-Ken

-----

From pete@u.washington.edu  Tue Sep 23 14:42:11 1997
Date: Tue, 23 Sep 1997 14:42:08 -0700 (PDT)
From: "P. Pulliam" 
Reply-To: "P. Pulliam" 
To: (Yonah Karp) yonah@u.washington.edu
Cc: (li + acctg -- Jim Fox) fox@u.washington.edu,
        (Hugh Sheets) hugh@u.washington.edu,
        ("T. Stenvik") imf@u.washington.edu, (Ken Lowe) ken@u.washington.edu,
        (Thomas W Remmers) remmers@u.washington.edu
Subject: Re: homer vs dante (fwd)

The method I currently use in web based new to determine which machines
someone can create accounts on is based on the flags returned by the li
validate call.  Regardless of what validation info they use, if li returns
a (student) flag, they have the student machines available.  If li returns
a (staff) flag, they have the staff machines. For each flag, the machines
associated with it are added inclusively to the list of allowed machines.

This is different than the text based new, but has the similar results.

I did it this way when we were planning on using flags for classification
in the upcoming accounting system.  We now seem to be backing away from
that approach to some extent (though not entirely?).

Pete


Date: Tue, 23 Sep 1997 14:24:34 -0700 (PDT)
From: Yonah Karp 
To: li + acctg -- Jim Fox ,
    Hugh Sheets ,
    "T. Stenvik" , Ken Lowe ,
    "P. Pulliam" ,
    Thomas W Remmers 
Subject: Re: homer vs dante (fwd)

Message 2 of 2.  We need to make sure that the types of users
discussed below are considered "student" or "staff" and get
on the right hosts regardless of where their data comes from
or whether their account is created with a ssn or a student #.

  Yonah

---------- Forwarded message ----------
Date: Wed, 4 Dec 1996 11:32:22 -0800 (PST)
From: Oren Sreebny 
To: "Doris J. Holmes" 
Cc: Yonah Karp ,
    Michael Hornung 
Subject: Re: homer vs dante

My opinions below.

On Tue, 3 Dec 1996, Doris J. Holmes wrote:

> Oren and Yonah,
> 
> I've a mixture of policy and technical questions.  It seems that the
> criteria to use when creating an account on dante vs homer (using addid)
> should be whether or not we use a student number for account name.  And
> maybe I'm thinking too much, but I'm wondering about particular situations
> such as... 
> 
> Extension students pay the tech fee, so they seem like Dante-ites to me. 
> However, their accounts are created with SSNs (unless they take credit
> courses and are in the svf).  Can we create a Dante account using an SSN?
> 
> Distance Learning students at Extension pay no tech fee.  The accounts are
> provided for enrollment in a particular class.  I'm thinking Homer unless
> the money Extension pays us goes into the same pot as the tech fee money.

Distance Learning and Extension should both be on Dante.  The money for DE
should go into the tech fee account - I'm not sure if it's doing thaty
yet, and Doris, if you could check that I'd appreciate it.

> 
> Visiting Scholars do not pay the tech fee (I don't think) and accounts are
> created with SSNs.  These clearly look like Homer-ites since they're
> students from other U's. 

Yep - Homer - these are typically faculty types.

> 
> Sponsored student accounts?  No svf, fee paid by a dept, probably have an
> existing Dante account needing avf protection (using student #).  Looks
> like Dante, but should the money collected be going to tech fee pot? 

Sounds right

> 
> Will the student vs staff modem pools base user status on account name
> (SSN vs student #) regardless of host?  Will validation files be involved
> in the least?

Modem pool validation is based (I think) on what machine the password file
comes from.  Check with McNair on this.

> 
> Thanks for your help.  I'm trying to make it simple... really... I am.
> 
> :)
> 
> Doris
> 
> Doris J. Holmes
> Manager, Computing & Communications Information
> Client Services, Computing & Communications
> University of Washington
> Box 355670
> Seattle, WA  98195
> 
> email: dorish@cac.washington.edu
> voice: 206-543-5925
> fax: 206-543-3909
> 


Date: Tue, 23 Sep 1997 14:22:56 -0700 (PDT)
From: Yonah Karp 
To: li + acctg -- Jim Fox ,
    Hugh Sheets ,
    "T. Stenvik" , Ken Lowe ,
    "P. Pulliam" ,
    Thomas W Remmers 
Subject: homer vs dante (fwd)

Student vs staff, message 1 of 2

  Yonah

---------- Forwarded message ----------
Date: Tue, 3 Dec 1996 15:46:37 -0800 (PST)
From: "Doris J. Holmes" 
To: Yonah Karp ,
    Oren Sreebny 
Cc: Michael Hornung 
Subject: homer vs dante

Oren and Yonah,

I've a mixture of policy and technical questions.  It seems that the
criteria to use when creating an account on dante vs homer (using addid)
should be whether or not we use a student number for account name.  And
maybe I'm thinking too much, but I'm wondering about particular situations
such as... 

Extension students pay the tech fee, so they seem like Dante-ites to me. 
However, their accounts are created with SSNs (unless they take credit
courses and are in the svf).  Can we create a Dante account using an SSN?

Distance Learning students at Extension pay no tech fee.  The accounts are
provided for enrollment in a particular class.  I'm thinking Homer unless
the money Extension pays us goes into the same pot as the tech fee money.

Visiting Scholars do not pay the tech fee (I don't think) and accounts are
created with SSNs.  These clearly look like Homer-ites since they're
students from other U's. 

Sponsored student accounts?  No svf, fee paid by a dept, probably have an
existing Dante account needing avf protection (using student #).  Looks
like Dante, but should the money collected be going to tech fee pot? 

Will the student vs staff modem pools base user status on account name
(SSN vs student #) regardless of host?  Will validation files be involved
in the least?

Thanks for your help.  I'm trying to make it simple... really... I am.

:)

Doris

Doris J. Holmes
Manager, Computing & Communications Information
Client Services, Computing & Communications
University of Washington
Box 355670
Seattle, WA  98195

email: dorish@cac.washington.edu
voice: 206-543-5925
fax: 206-543-3909


Date: Fri, 19 Sep 1997 11:09:28 -0700 (PDT)
From: Thomas W Remmers 
To: New Accounting System Development -- Jim Fox ,
    Hugh Sheets , Ken Lowe ,
    "P. Pulliam" ,
    Thomas W Remmers , stenvik@u.washington.edu,
    Yonah Karp 
Subject: separation

After thinking about the student - faculty/staff dichotomy, I've decided
to procede as if a person who is both is actually two separate beings.
Apparently there is no current situation, other than a possible extreme
disuser situation, where the two types of accounts are related.  I'm
doing this as a preventative measure so that I can make the changes now
and not later.  Tools can be created if we ever need to know if someone
is both.

Tom


Date: Tue, 16 Sep 1997 09:42:22 -0700
From: James W DeRoest 
To: Hugh Sheets 
Cc: Hugh Sheets ,
    Tom Remmers , Ken Lowe ,
    Yonah Karp 
Subject: Re: Li servers

These are two machines dedicated to supporting Li/Informix/LDAP.  I'm not
worrying at this point who runs them.

Jim

-----Original Message-----
From: Hugh Sheets 
To: James W DeRoest 
Cc: Hugh Sheets ; Tom Remmers
; Ken Lowe ; Yonah Karp

Date: Tuesday, September 16, 1997 9:38 AM
Subject: Re: Li servers

Lets hear from Tom for certain, but I think Informix is working out well
and we should continue with it.

Not that it makes any difference budget-wise, but you do mean these
machines are for Sid to run/maintain for us as we discussed, correct?

Hugh

On Tue, 16 Sep 1997, James W DeRoest wrote:

>  Is it still looking like you'll go with Informix for the Li backend?  I'm
> putting together a spending plan for a directors mtg.  I'm thinking a
couple
> of machines and Informix licenses for Li if that is the direction you're
> heading.
>
> Jim
>

 
Date: Tue, 16 Sep 1997 09:38:33 -0700 (PDT)
From: Hugh Sheets 
To: James W DeRoest 
Cc: Hugh Sheets ,
    Tom Remmers , Ken Lowe ,
    Yonah Karp 
Subject: Re: Li servers

Lets hear from Tom for certain, but I think Informix is working out well
and we should continue with it.

Not that it makes any difference budget-wise, but you do mean these
machines are for Sid to run/maintain for us as we discussed, correct?

Hugh

On Tue, 16 Sep 1997, James W DeRoest wrote:

>  Is it still looking like you'll go with Informix for the Li backend?  I'm
> putting together a spending plan for a directors mtg.  I'm thinking a couple
> of machines and Informix licenses for Li if that is the direction you're
> heading.
> 
> Jim
> 


Date: Tue, 16 Sep 1997 09:04:04 -0700
From: James W DeRoest 
To: Hugh Sheets ,
    Tom Remmers 
Cc: Ken Lowe , Yonah Karp 
Subject: Li servers

    [The following text is in the "iso-8859-1" character set]
    [Your display is set for the "us-ascii" character set]
    [Some characters may be displayed incorrectly]

 Is it still looking like you'll go with Informix for the Li backend?  I'm
putting together a spending plan for a directors mtg.  I'm thinking a couple
of machines and Informix licenses for Li if that is the direction you're
heading.

Jim


Date: Fri, 12 Sep 1997 12:27:11 -0700 (PDT)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hugh@cac.washington.edu, ken@cac.washington.edu,
    pete@cac.washington.edu, remmers@cac.washington.edu,
    stenvik@cac.washington.edu, yonah@cac.washington.edu
Subject: Accounting meeting....

From 97/09/11 meeting:

This meeting was cut short as Hugh forgot to reserve the room, and a 
properly reserved meeting drove us out....  

Tom reported the the production database is code named "Shuksan" and the
development database is code named "Sequim".  The student enrollment 
information is geting transferred nightly from the UNISYS system to 
vitcos using the automatic databridge, developed by Sid, Liz, and Bill 
Shirey.  It is getting loaded into Shuksan, and Shuksan is producing the
three Li files which are getting copied nightly to the Li servers (Li2 
and Li4).  They are not used to update Li as yet, they will go through 
some more testing and comparing with those simultaneously producted by 
Rhys.  Once we are totally convinced they are accurate, Li will start 
using Shuksan files for a longer test period before we finally 
decommission Rhys.  

Tom will begin to work on a similar process for the Faculty/Staff data.  

Yonah reported web-based new will not be rushed into production in a big
way for day 1, but web-based renew will be ready.  Web based new needs a
more extensive beautification and a lower-key trial introduction, yet to
be worked-out by Client Services.  

Yonah spoke to Bill Shirey and Martha Smith about the data discrepancies
where Student and Fac/Staff data overlap.  They were not very concerned.
Since they don't try to "combine" data as we are trying, its not a 
problem for them.  As the meeting broke up, a couple of us were talking 
in the hall.  Ken said he thought we should not try to combine the data,
but keep Student records and Fac/Staff records (and I would presume 
Clinician records) as there are different guidelines for each type of 
"customer".  We have accounted for this, but there are some good reasons
for keeping separate records.  More thought will be given to this, and 
possibly consult for legal opinions on how separate we need to keep 
different "customers" when they are really the same person.  This is not
a major roadblock at this point in the project, and work can proceed.  

Regrettably, we didn't get to Tracy's progress in the meeting, but 
afterwards he showed Yonah and I two clients he has available, a web 
"validate": 
http://neruda.cac.washington.edu/ast/projects/validate/validate.html
and a web "who": 
http://neruda.cac.washington.edu/ast/projects/who/who.html.

Task review:
------------
Tom: Lots; database development, loading, processing, MS Access clients.
     Start thinking about clinicians expiration process.
     Start working on Faculty/Staff data.
     Investigate commercial LDAP/Informix interface.

Pete: Web-based new, renew.

Tracy: Manipulation clients, first an AVF add/modify client.

Yonah: Writing a requirements document.
       Make a red client to return a student name when given a student
         number for the Commons Lab.
       Consider keeping completely separate Student/Staff/Fac/Clinician
         records in the database.

Jim: Think about the process to update Li with Shuksan data.


Date: Thu, 11 Sep 1997 15:36:11 -0700 (PDT)
From: Yonah Karp 
To: li + acctg -- Jim Fox ,
    Hugh Sheets ,
    "T. Stenvik" , Ken Lowe ,
    "P. Pulliam" ,
    Thomas W Remmers 
Cc: Jim DeRoest ,
    Oren Sreebny 
Subject: Web validate

Tracy just showed me two ready-for-prime-time clients he wrote:

Web validate:

  http://neruda.cac.washington.edu/ast/projects/validate/validate.html

Web who:

  http://neruda.cac.washington.edu/ast/projects/who/who.html

They run on neruda and are only accessible from cac machines.
Client Services can use it at will.

Great work!

  Yonah


Date: Tue, 9 Sep 1997 17:38:28 -0700 (PDT)
From: Thomas W Remmers 
To: New Accounting System Development -- Jim Fox ,
    Hugh Sheets , Ken Lowe ,
    "P. Pulliam" ,
    Thomas W Remmers , stenvik@u.washington.edu,
    Yonah Karp 
Subject: svf data in production

If the cron job works tonight the student Li files will be copied to li2
and li4 at 7 AM every week day.  The files are in ~uas and are,

  shuksan.svfp.key
  shuksan.svfp.dat   
  shuksan.svfp.log

I will contact the HEPPS person about sending the data to shuksan.

BTW, the name of the production database is shuksan and the development
database is sequim.  The shuksan home page will have a nice picture once
I scan one in or find one.

Tom


Date: Tue, 2 Sep 1997 16:05:18 -0700 (PDT)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hugh@cac.washington.edu, ken@cac.washington.edu,
    pete@cac.washington.edu, remmers@cac.washington.edu,
    stenvik@cac.washington.edu, yonah@cac.washington.edu
Subject: Accounting meeting....


From 97/08/28 meeting:

Pete will give us a demo of web-based new next week - we will try to 
meet next Wednesday instead of Thursday - Hugh will notify everyone.  

Some more discussion took place concerning some data conflicts between 
sources, specifically Staff/Faculty and Student data occasionally 
conflict.  An example would be conflicting birthdates.  There are 
clearly at least two opinions - Tom wants to keep both and note their 
source for later reconciliation while others want to store only one and 
simply log the discrepancy for later reconciliation.  No consensus was 
reached.  Yonah plans to meet with Bill and Martha to bring this up - 
maybe we can assume a "master" source that will override the others.  

Designed in to the database loading should be some sanity checks and 
bounds checking.  Sometimes, for example, some usage figures are 
corrupted somehow to report impossible (or highly improbable) numbers.  
Tom thinks this should be easy to do in INFORMIX provided we can define 
the mathematical checking to apply.  

We further discussed Clinician expiration.  Yonah mentioned aagaard 
users would not be allowed a homer account even if "normally" allowed 
one.  This was met with some skepticism by the group, so it was agreed 
Yonah and Ken would talk to Lori Stevens to review this.  Tom will work 
with Ken on Clinician expiration.  

Yonah received a request from a student consultant for the Commons Lab 
for a client on red that will return a student name when given a student
number.  Ultimately this seems like a typical client for our database, 
but Yonah will put something together in a shorter time frame.  

Task review:
------------
Tom: Lots; database development, loading, processing, MS Access clients.
     Start thinking about clinicians expiration process.

Pete: Web-based new, renew.  Target completion Aug 31, 1997.

Tracy: Query clients, first a "validate" replacement.
       Manipulation clients, first an AVF add/modify client.

Yonah: Writing a requirements document.
       Get Fac/Staff data code definitions
       Meet with Bill Shirey/Martha Smith about data discrepancies.
       Make a red client to return a student name when given a student
         number for the Commons Lab.


Date: Fri, 22 Aug 1997 15:57:39 -0700 (PDT)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hugh@cac.washington.edu, ken@cac.washington.edu,
    pete@cac.washington.edu, remmers@cac.washington.edu,
    stenvik@cac.washington.edu, yonah@cac.washington.edu
Cc: deroest@cac.washington.edu
Subject: Accounting meeting....

From 97/08/21 meeting:

Jim D.  joined us.  We discussed a few concerns about depending on a 
machine and product we don't manage (Vitcos, Informix).  Sid's group has
extensive expertise in this arena and for this portion of the project we
will be the customer - a role we are not used to but are expected to 
cultivate.  

Jim will verify our support understandings and concerns with Sid.

Jim also reminded us an LDAP interface to Informix should be developed 
as we proceed, as this can/will be used by other groups in C&C who need 
access to our database.  There are commercial LDAP-to-just-about- 
every-DB interfaces we can buy.  

We are waiting on the databridge for Student, Fac/Staff data additions; 
this should proceed when Liz is back from vacation.  

Tom has loaded clinicians, AVF, SAF folks into the DB.  We discussed 
using a client to add/remove these records in place of handling the 
traditional files once the "base" records have been added.  

Tom mentioned he has observed conflicting birthdates in Student data and
Fac/Staff data where these records intersect.  This should be discussed 
with Bill Shirey and Martha Smith, as obviously we will record only one 
birthdate per person and which do we take?  

An extended discussion took place on the value of holding our historic 
account category in the DB to no current resolution.  The Fac/Staff data
has a fine granularity, but no one was clear on how to decode the codes 
in the data (for example Faculty have a lot of possible sub-categories).
Yonah will pursue this with Martha Smith.  

Tracy will use LDAP for his "validate" client.  He will talk to Donn 
who may be already investigating LDAP.  Tracy will also work on a client
to replace the AVF.DAT file.  A client to replace the clinicians file 
should be similar.  We are looking at a prototype for Fall Quarter for 
these clients.  

Pete will give a demo of the web-based new interface next Thursday.

We briefly discussed expiration, which will be the next phase of 
concentration in this project.  Since the clinicians are not in our 
historic expiration process, they are an ideal category to develop the 
process for first.  As we noted already, they will expire on much faster
cycles than other customer categories.  Tom will start thinking about 
the expiration process.  

Task review:
------------
Tom: Lots; database development, loading, processing, MS Access clients.
     Start thinking about clinicians expiration process.

Pete: Web-based new, renew.  Target completion Aug 31, 1997.

Tracy: Query clients, first a "validate" replacement.
       Manipulation clients, first an AVF add/modify client.

Yonah: Writing a requirements document.
       Get Fac/Staff data code definitions


Date: Tue, 12 Aug 1997 14:02:17 -0700 (PDT)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hugh@cac.washington.edu, ken@cac.washington.edu,
    pete@cac.washington.edu, remmers@cac.washington.edu,
    stenvik@cac.washington.edu, yonah@cac.washington.edu
Subject: Accounting project reminder....

Don't forget about the /tulsa/doc/acctg.issues and acctg.specs files
to document needs for the new accounting system.  I just added some
items to /tulsa/doc/acctg.specs so they don't get lost.  As the 
project matures, we will use these like checklists to be sure we
cover everything.

Hugh


Date: Tue, 12 Aug 1997 12:19:19 -0700 (PDT)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hugh@cac.washington.edu, ken@cac.washington.edu,
    pete@cac.washington.edu, remmers@cac.washington.edu,
    stenvik@cac.washington.edu, yonah@cac.washington.edu
Subject: Accounting meeting....


From 97/08/06 meeting (and some from 97/07/24 meeting):

Tom has completed the student processing equivalent of the nightly rhys 
processing.  This is done in parallel with rhys, and rhys is still the 
production machine.  Vitcos does not yet receive the nightly student 
data file, Tom ftps it by hand on occasion.  We are awaiting Sid's 
databridge to start automatically receiving the nightly data.  Tom has 
now moved to doing faculty/staff in the same manner, also anticipating 
Sid's databridge to automatically move the data from the UNISYS system 
to Vitcos.  Tom will start thinking about how to process clinician data.
We discussed the need to have clinicians expired on faster cycles than 
faculty/staff/students.  Tom will need to attach a date to the database 
flag that designates categories, that is whether the customer is 
faculty, staff, student, clinician or any combination thereof.  
Customers can move in and out of these categories and that should affect
only that category; if a customer is both student and staff and they 
are no longer a student the customer is still staff and should not 
expire.  

Tom is in communication with Sid/Ping/Bill Shirey about the databridge.  
 
Tom is also considering encrypting the data in the database as an added 
security level.  

Tom is installing DB2 on cybele for a performance test - he reports 
sporadic performance problems on vitcos.  We reminded ourselves vitcos 
is a development machine and Sid discussed two new machines for 
production.  

Tracy is thinking about clients, specifically a "validate" client for 
C&CI.  Tom has put together a couple of query clients using MicroSoft 
Access on Zardoz that could be our standard.  The downside is you need a
PC with MicroSoft Access which limits the clientele that would get 
access to the database.  Client Services requested a client that will 
report a wide variety of information on a customer such as assets, email
forwarding, user category, what machines the customer has accounts on, 
etc.  

Pete anticipates web-based new will be ready by Aug 31.  He will build 
in the "renew" capability (a student can change their forgotten password
if they can provide a name, birthdate, student number, and PAC).  A 
web-based "renew" will not be done for staff/faculty/clinicians until 
they have PACs.  

Task review:
------------
Tom: Lots; database development, loading, processing, MS Access clients.

Pete: Web-based new, renew.  Target completion Aug 31, 1997.

Tracy: Query clients, first a "validate" replacement.

Yonah: Writing a requirements document.


Date: Wed, 6 Aug 1997 11:45:43 -0700 (PDT)
From: Yonah Karp 
To: li + acctg -- Jim Fox ,
    Hugh Sheets ,
    "T. Stenvik" , Ken Lowe ,
    "P. Pulliam" ,
    Thomas W Remmers 
Subject: "charges"

Something to not forget in the accounting system rewrite -- a
tool that has the same functionality of "charges," i.e. people
can input a billing number and find out what their current status
is for the month.

  Yonah


Date: Wed, 23 Jul 1997 09:29:01 -0700 (PDT)
From: Yonah Karp 
To: "P. Pulliam" 
Cc: Hugh Sheets ,
    Thomas W Remmers ,
    New Accounting System Development -- Jim Fox ,
    Ken Lowe , stenvik@u.washington.edu
Subject: Re: database

In all of our previous discussions we talked about binary flags
for class of customer.  Many of our past problems with student/
staff duality can be traced to forcing a user to have only one
identity, i.e. you're a 4 (staff) or a 1 (undergraduate).  So
what Pete said (modulo the extra "l").

  Yonah


On Tue, 22 Jul 1997, P. Pulliam wrote:

> 
> Just to add another two cents to this discussion, these binary fields are
> extremely usefull for other classifications too.  For example, we could
> have a bit that indicates that the person has read access to our database,
> a flag that indicates a person can set another person's clinician (or
> staff or student) flag, a flag that indicates a person can enter data into
> the database, etc.  These binary fields are so usefull for what we are
> doing we might have a problem with overusing them. 
> 
> Pete
> 
> On Tue, 22 Jul 1997, Hugh Sheets wrote:
> 
> > It seems to me having a binary field for each "class of customer" is
> > better; true/false for student, true/false for staff, etc.  This way,
> > I think it is more straightforward to catagorize those customers who
> > fall into multiple catagories.  If we say we have four customer
> > catagories: student, staff, faculty, clinician, the integer or
> > character identification quickly gets complicated if you have a
> > "12" which means this customer is both a student and clinician, to 
> > make up an example.  You will need another translation to determine
> > what a "12" is.  It rapidly gets worse the more customer catagories
> > we have.
> > 
> > Hugh
> > 
> > On Mon, 21 Jul 1997, Thomas W Remmers wrote:
> > 
> > > I'm looking at adding the staff/faculty records to the test database and
> > > I was wondering how to distinguish between students and faculty/staff.
> > > One thought was
> > > 
> > >  - Have one binary field each for student, faculty/staff, etc.
> > >  
> > >  - Have one integer or character field with a code that would represent
> > >    the owner status, eg.. 1=student, 2=faculty/staff.
> > > 
> > > I'm totally open to what would be best, I ask the group in case there is
> > > a specific reason out there which would decide the issue.
> > > 
> > > Thanks,
> > > 
> > > Tom
> > > 
> > > 
> > 
> > 
> 


Date: Tue, 22 Jul 1997 14:04:11 -0700 (PDT)
From: "P. Pulliam" 
To: Hugh Sheets 
Cc: Thomas W Remmers ,
    New Accounting System Development -- Jim Fox ,
    Ken Lowe , stenvik@u.washington.edu,
    Yonah Karp , hugh@cac.washington.edu
Subject: Re: database


Just to add another two cents to this discussion, these binary fields are
extremely usefull for other classifications too.  For example, we could
have a bit that indicates that the person has read access to our database,
a flag that indicates a person can set another person's clinician (or
staff or student) flag, a flag that indicates a person can enter data into
the database, etc.  These binary fields are so usefull for what we are
doing we might have a problem with overusing them. 

Pete

On Tue, 22 Jul 1997, Hugh Sheets wrote:

> It seems to me having a binary field for each "class of customer" is
> better; true/false for student, true/false for staff, etc.  This way,
> I think it is more straightforward to catagorize those customers who
> fall into multiple catagories.  If we say we have four customer
> catagories: student, staff, faculty, clinician, the integer or
> character identification quickly gets complicated if you have a
> "12" which means this customer is both a student and clinician, to 
> make up an example.  You will need another translation to determine
> what a "12" is.  It rapidly gets worse the more customer catagories
> we have.
> 
> Hugh
> 
> On Mon, 21 Jul 1997, Thomas W Remmers wrote:
> 
> > I'm looking at adding the staff/faculty records to the test database and
> > I was wondering how to distinguish between students and faculty/staff.
> > One thought was
> > 
> >  - Have one binary field each for student, faculty/staff, etc.
> >  
> >  - Have one integer or character field with a code that would represent
> >    the owner status, eg.. 1=student, 2=faculty/staff.
> > 
> > I'm totally open to what would be best, I ask the group in case there is
> > a specific reason out there which would decide the issue.
> > 
> > Thanks,
> > 
> > Tom
> > 
> > 
> 
> 


Date: Tue, 22 Jul 1997 11:47:46 -0700 (PDT)
From: Hugh Sheets 
To: Thomas W Remmers 
Cc: New Accounting System Development -- Jim Fox ,
    Ken Lowe , "P. Pulliam" ,
    stenvik@u.washington.edu, Yonah Karp ,
    hugh@cac.washington.edu
Subject: Re: database

It seems to me having a binary field for each "class of customer" is
better; true/false for student, true/false for staff, etc.  This way,
I think it is more straightforward to catagorize those customers who
fall into multiple catagories.  If we say we have four customer
catagories: student, staff, faculty, clinician, the integer or
character identification quickly gets complicated if you have a
"12" which means this customer is both a student and clinician, to 
make up an example.  You will need another translation to determine
what a "12" is.  It rapidly gets worse the more customer catagories
we have.

Hugh

On Mon, 21 Jul 1997, Thomas W Remmers wrote:

> I'm looking at adding the staff/faculty records to the test database and
> I was wondering how to distinguish between students and faculty/staff.
> One thought was
> 
>  - Have one binary field each for student, faculty/staff, etc.
>  
>  - Have one integer or character field with a code that would represent
>    the owner status, eg.. 1=student, 2=faculty/staff.
> 
> I'm totally open to what would be best, I ask the group in case there is
> a specific reason out there which would decide the issue.
> 
> Thanks,
> 
> Tom
> 
 

From: Thomas W Remmers 
To: New Accounting System Development -- Jim Fox ,
    Hugh Sheets , Ken Lowe ,
    "P. Pulliam" ,
    Thomas W Remmers , stenvik@u.washington.edu,
    Yonah Karp 
Subject: database

I'm looking at adding the staff/faculty records to the test database and
I was wondering how to distinguish between students and faculty/staff.
One thought was

 - Have one binary field each for student, faculty/staff, etc.
 
 - Have one integer or character field with a code that would represent
   the owner status, eg. 1=student, 2=faculty/staff.

I'm totally open to what would be best, I ask the group in case there is
a specific reason out there which would decide the issue.

Thanks,

Tom


Date: Thu, 17 Jul 1997 15:42:14 -0700 (PDT)
From: Yonah Karp 
To: li + acctg -- Jim Fox ,
    Hugh Sheets ,
    "T. Stenvik" , Ken Lowe ,
    "P. Pulliam" ,
    Thomas W Remmers 
Cc: Jim DeRoest ,
    Lori Stevens 
Subject: Re: Li Server/Database (fwd)

So that this doesn't get lost in the shuffle...  an old message
outlining the need for accessing Li authorization data from our
"new accounting system" from web servers.  It will need to be
secured, though (maybe SSL, maybe something else).

  Yonah

---------- Forwarded message ----------
Date: Sat, 28 Dec 1996 20:58:40 -0800 (PST)
From: James W DeRoest 
To: Jim Fox 
Cc: deroest@U.WASHINGTON.EDU, yonah@U.WASHINGTON.EDU
Subject: Re: Li Server/Database (fwd)

Marcy was in a meeting with Lori, Frank, myself and the library
support staff.  One of the topics of discussion was authorization
information.  The direction is that Li could provide some of this
demographic data for authorization purposes (faculty/staff/student,
catagory, dept, etc).  Marcy's group would like to access this type
of data for the app that she is outlining below.  We need to start
thinking about an API for accessing Li data from Web servers if we
don't have something already in place.

Jim

On Fri, 27 Dec 1996, Jim Fox wrote:

> 
> Do you know anything about this?  Is this related (or should be related)
> to any of the other web stuff we're doing?  
> 
> Jim
> 
> ---------- Forwarded message ----------
> Date: Tue, 24 Dec 1996 14:08:06 -0800 (PST)
> From: Marcy Tufarolo 
> To: Jim Fox 
> Cc: Marcy Tufarolo 
> Subject: Li Server/Database
> 
> 
> Jim - I'm working on a project that involves a UW wide database
> application for on-line C&C computer training registration.  We're
> thinking web based user interface to an Informix database engine running
> on a central unix machine.
> 
> A part of the security is to validate UW student, faculty, or staff status
> for access into the application from the web browser.
> 
> Additionally, based on the userid (or whatever id is used) we like to pick
> up demographic info on the user (e.g. name, address, phone, status, etc).
> 
> Would you provide information on the about the Li server functionality and
> the data that is available from the Li database? 
> 
> 
> If you'd like to meet to talk through this, let me know.  Thanks,
> 
> Marcy
> 
******************************************************************************
> Marcia M. Tufarolo   Univ. of Washington  C&C Information Systems  Box 354844
> phone: (206)543-9286     fax: (206)543-0831    email: mtufar.u.washington.edu
> 
******************************************************************************
> 
> 


Date: Wed, 16 Jul 1997 16:26:28 -0700 (PDT)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hugh@cac.washington.edu, ken@cac.washington.edu,
    pete@cac.washington.edu, remmers@cac.washington.edu,
    stenvik@cac.washington.edu, yonah@cac.washington.edu
Subject: *NO* Accounting meeting reminder....

We will not have the typical 10:30 accounting meeting tomorrow (Thurs).

In an effort to keep down the meetings yet keep momentum, I'll try
to meet individually when possible and post an email status report 
when it is reasonable to do so.

Tom is processing nightly student data, but by hand and on demand,
and is awaiting Sid/Ping/Bill's transfer.  He will get in touch with
Sid for a status, plus check for blank PACs and insert birthdates.
He also installed DB2 on cybele and is just beginning to examine it.
He will also start defining and loading Faculty/Staff/Clinician
data into INFORMIX so access client development can proceed.

Tracy has been thinking about access clients, and will be talking
with Tom.

Hugh


Date: Mon, 14 Jul 1997 15:28:56 -0700 (PDT)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hugh@cac.washington.edu, ken@cac.washington.edu,
    pete@cac.washington.edu, remmers@cac.washington.edu,
    stenvik@cac.washington.edu, yonah@cac.washington.edu
Subject: Accounting meeting....


From Thurs 97/07/10 meeting:

Tom is using a unique owner key generated by INFORMIX as some students 
do not have SSN's.  SS numbers change more often than we think, so do 
student numbers.  Tom is in-touch with Ping and Bill Shirey about the DB
loading.  Sid is working on a new secure UNISYS-to-Vitcos transfer 
program.  Tom will also set up the DB so we can begin to access it 
(query mode) so we can start working on access clients.  

Tracy will begin on the first access client to replace svf.info on 
Austen.  This would be used by C&CI.  Yonah mentioned "validate" on Red 
- Tracy will think about having his access client include this 
functionality.  Tracy will involve Doris in this design phase.  We are 
assuming Faculty/Staff/Clinicians data will follow the Student DB 
structure.  The student structure, which is what is being worked-on now,
is not defined for certain yet, so work on access clients must keep this
in mind.  

Some discussion took place about the plan for the UNISYS data to start 
reporting four-digit years.  It was concluded by many that our use only 
needs two-digit years, but we will store four-digit years in the DB.  

Some discussion took place about our recent change on Rhys to insert 
birthdates for students with blank PACs.  We will continue to do this 
with the DB loading.  

Yonah will write a requirements document, which will be a project 
overview in an easily readable text format.  This will be linked from 
the project web page and be helpful for Ping when he reviews the DB 
structure.  

Hugh


Date: Sat, 12 Jul 1997 07:38:31 -0700 (PDT)
From: Oren Sreebny 
To: Yonah Karp 
Cc: Oren Sreebny ,
    Hugh Sheets ,
    "T. Stenvik" ,
    Jim DeRoest ,
    Elizabeth Williams ,
    "Mark W. McNair" 
Subject: Re: chargeback?

Yonah -

Sounds good to me.  Our approach to date has been mostly thinking about
lab printing.  We've had conversations with other schools about what
they're doing, which has led us to investigate software called UniPriNT.
It's print account management software which runs on NT and is being used
at a number of other places.  

Our conceptualization so far is that we'd like to be able to start each
student off each quarter with a certain value in a print account against
which all of their printing would be debited, according to the charges for
particular forms on particular printers.  These accounts should be tied to
their UA login/passwords.  If they run their accounts out of the initial
value, they could come to us and give us cash, and we would add the value
to their accounts.  We also want to be able to let other labs on campus
add their printers to this system, so this can be widely shared.

Betsy Williams is coordinating this investigation, and she's got a test
copy of the uniprint software, which she should be working with soon.  I
don't know what the ability is of this software to interact with databases
on other servers, but we should probably find out.  Betsy, can you talk to 
Yonah about this subject?

Thanks

- Oren

On Thu, 10 Jul 1997, Yonah Karp wrote:

> In the parasol meeting 6/30 as well as in the notes from the
> consulting meeting you talked about doing chargeback, both from
> printing and in other ways.  As you know, we are redesigning the
> accounting system, which includes the billing system.  Our goals
> for the billing system include streamlining the processes done
> by C&CI and having the billing done by the Business Office
> itself. 
> 
> I am wondering if there is any overlap or streamlining we can do
> as we both work towards our goals.  Printing, in particular, is
> an issue -- if you have goals related to printing charging we
> should probably build them into the database which will keep
> per-user billing info for the clients which will interact with
> that db.  
> 
>   Yonah
> 


Date: Thu, 10 Jul 1997 17:11:38 -0700 (PDT)
From: Yonah Karp 
To: Oren Sreebny 
Cc: Hugh Sheets , "T. Stenvik" ,
    Jim DeRoest 
Subject: chargeback?

In the parasol meeting 6/30 as well as in the notes from the
consulting meeting you talked about doing chargeback, both from
printing and in other ways.  As you know, we are redesigning the
accounting system, which includes the billing system.  Our goals
for the billing system include streamlining the processes done
by C&CI and having the billing done by the Business Office
itself. 

I am wondering if there is any overlap or streamlining we can do
as we both work towards our goals.  Printing, in particular, is
an issue -- if you have goals related to printing charging we
should probably build them into the database which will keep
per-user billing info for the clients which will interact with
that db.  

  Yonah


Date: Tue, 1 Jul 1997 11:25:00 -0700 (PDT)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hugh@cac.washington.edu, ken@cac.washington.edu,
    pete@cac.washington.edu, remmers@cac.washington.edu,
    stenvik@cac.washington.edu, yonah@cac.washington.edu
Cc: bshirey@cac.washington.edu, jblank@cac.washington.edu,
    plo@cac.washington.edu, smcharg@cac.washington.edu,
    deroest@cac.washington.edu
Subject: Accounting project....

From Thurs 97/06/26 meeting:

Bill Shirey, Jim Blankenship, Ping Lo, and Sid McHarg joined our weekly
meeting to discuss:
- UNISYS-to-INFORMIX database loading (Student data for phase one)
   In reality, our notion of some automated transfer of data from UNISYS
   databases over to our INFORMIX database on Vitcos was not practical.  
   From Bill's perspective, he will continue to generate his daily flat 
   file (for which he selects some information from various data sources
   and does some processing of the data) which will stay on the UNISYS 
   machine.  Sid thought a secure process could pipe this data to 
   Vitcos, checking for an end-of-data marker to ensure a complete 
   transfer.  The data could be received on Vitcos in a "holding table".
   Once the transfer is complete, a process would run on Vitcos to load 
   new and changed records (compared to existing records).  This way, 
   only changes are processed, and we retain records (but "stamp" them) 
   for students no longer enrolled.  
   
   Bill and Ping will work on a test environment to transfer the student
   data in this new way, with Tom working on the process to load the 
   data into the INFORMIX db.  By the way, the current production ftp to
   rhys will continue unchanged until further notice....  
   
- INFORMIX database security (database itself, access control)
   Sid noted Vitcos is considered a development machine.  The production
   INFORMIX database will probably be two new machines, very secure by 
   way of restricted access, with primary/secondary failover 
   capabilities existing in INFORMIX but not fully explored yet.  I will
   continue to use the name Vitcos however.....  Using ODBC standard 
   calls to access the db is a good plan but does have some limitations 
   concerning access controls over proprietary db vendor access calls.  
   Sid feels INFORMIX is no better or worse than other db vendors 
   concerning using ODBC.  The most secure model would probably be 
   clients that talk to a server on Vitcos which then interfaces to the 
   db.  
 
- backup
   The Vitcos databases are backed up to tape nightly, with more 
   frequent database log backups that can be applied to the backed-up db
   to narrow the loss window in case of disaster.  Sid is also looking 
   at another product (ADSM) for backups.  

- review of INFORMIX and how/why it was selected
- INFORMIX licensing in a nutshell
   Sid's group looked at several vendors, and INFORMIX did what they 
   wanted and the licensing was reasonably priced compared to some 
   alternatives.  They also support Oracle and Ingres, which are 
   available for our testing also.  Thanks to ODBC, we can and should 
   try another product to be sure we can easily swap db vendors, and we 
   can compare performance.  Sid's group can likely support any db 
   vendor we choose.  INFORMIX tech support has named people who can 
   call INFORMIX, and Ping can interface for us for now.  We can 
   probably add people if needed.  

- database design
   Ping will critique our design when we are ready - we are not at this 
   point yet.  A requirements document should be ready along with our 
   design when we are ready for a review.  
 
Hugh Sheets
University Computing Services, box 354843
Computing & Communications
hugh@cac.washington.edu, 543-4041


Date: Sun, 29 Jun 1997 19:23:30 -0700 (PDT)
From: Sandy Moy 
To: Nathan Dors 
Cc: Yonah Karp ,
    "P. Pulliam" ,
    Oren Sreebny ,
    Nathan Dors ,
    Kathryn Sharpe ,
    Oren Sreebny ,
    Hugh Sheets , Ken Lowe 
Subject: Re: Web-based "new" prototype

Wow!  Very nice.  (I especially like the policy agreement statement. :)

I am sure people will think of things that need to be added/deleted/
changed, but I think this is very close to what we want.

-Sandy

On Fri, 27 Jun 1997, Nathan Dors wrote:

> 
>     All,
> 
>     The prototype front-end is ready for a looksee. I used Pete's
>     order, as I'm beginning to see the advantages of validating early. 
>     It allows us to tailor the procedure more to the individual. You
>     might click on a link and get a blank page. Those are related
>     help or informational pages that don't exist... yet.
> 
>        See http://weber.u.washington.edu/~dors/projects/new/
> 
>     I've drawn much of the text from my old prototype, which itself
>     came from the telnet-based "new". I also looked at Star Online
>     for a couple of things. Here's my current thinking on each stage:
>  
>     1) "new" home page
>         - What is new?
>         - What do I need to use "new"? (personal information as
>           well as kind of browser)
> 
>     2) validation page
>         - one form for everyone. (if this is awkward, users could
>           tell us they are "student" "staff" or "faculty" on the
>           previous, home page. With this we could generate different 
>           validation forms.)
> 
>     3) select computer
>         - individually tailored list of appropriate computers
>         - if first account, emphasize Homer/Dante
> 
>     4) account specifics
>         - individually tailored (may not even be necessary if
>           the person has an account, whereby we can just grab
>           the same login name and password.)
> 
>     5) policy agreement
> 
>     6) completion 
>         - account(s) summary
>         - privacy concerns (quit your browser!)
>         - links to helpful information
>         - recheck?
>        
> 


Date: Fri, 27 Jun 1997 14:46:50 -0700 (PDT)
From: Nathan Dors 
To: Yonah Karp 
Cc: Sandra Moy ,
    "P. Pulliam" ,
    Oren Sreebny ,
    Nathan Dors ,
    Kathryn Sharpe ,
    Oren Sreebny ,
    Hugh Sheets , Ken Lowe 
Subject: Web-based "new" prototype


    All,

    The prototype front-end is ready for a looksee. I used Pete's
    order, as I'm beginning to see the advantages of validating early. 
    It allows us to tailor the procedure more to the individual. You
    might click on a link and get a blank page. Those are related
    help or informational pages that don't exist... yet.

       See http://weber.u.washington.edu/~dors/projects/new/

    I've drawn much of the text from my old prototype, which itself
    came from the telnet-based "new". I also looked at Star Online
    for a couple of things. Here's my current thinking on each stage:
 
    1) "new" home page
        - What is new?
        - What do I need to use "new"? (personal information as
          well as kind of browser)

    2) validation page
        - one form for everyone. (if this is awkward, users could
          tell us they are "student" "staff" or "faculty" on the
          previous, home page. With this we could generate different 
          validation forms.)

    3) select computer
        - individually tailored list of appropriate computers
        - if first account, emphasize Homer/Dante

    4) account specifics
        - individually tailored (may not even be necessary if
          the person has an account, whereby we can just grab
          the same login name and password.)

    5) policy agreement

    6) completion 
        - account(s) summary
        - privacy concerns (quit your browser!)
        - links to helpful information
        - recheck?



Date: Fri, 27 Jun 1997 10:24:58 -0700 (PDT)
From: Hugh Sheets 
To: Thomas W Remmers 
Cc: Ken Lowe , fox@u.washington.edu,
    pete@u.washington.edu, stenvik@u.washington.edu, yonah@u.washington.edu
Subject: Re: students with no ssn

Check out the project web page under Internal Accounting Group
correspondence.  I'm archiving there - I'm a couple of messages
behind, but they will be there today.  This is an important part
of project documentation and is visible to more than just us....
If something is really sensitive, I'll not put it out for wide
display.

Hugh 

On Fri, 27 Jun 1997, Thomas W Remmers wrote:

> Any objections to creating a listproc list so that our discussion is
> archived in one place?  How about newacc-l@u?  If there no objections,
> I'll put the seven of us on.  Hugh, wanna be the owner?
> 
> Another point for discussion.  I'd like IS to create a group account for
> us on vitcos since most likely we all won't have root access.  The
> accsys account already exists and neither its uid or name collide with
> anything on vitcos.  For security purposes, I would also like it to do
> the CRN-PRN thing on login.  The source code will reside on that
> account, and that account will own the Informix database.
> 
> Tom
> 
> 


Date: Fri, 27 Jun 1997 09:47:16 -0700 (PDT)
From: Thomas W Remmers 
To: Ken Lowe 
Cc: fox@u.washington.edu, hugh@u.washington.edu, pete@u.washington.edu,
    stenvik@u.washington.edu, yonah@u.washington.edu
Subject: Re: students with no ssn

Any objections to creating a listproc list so that our discussion is
archived in one place?  How about newacc-l@u?  If there no objections,
I'll put the seven of us on.  Hugh, wanna be the owner?

Another point for discussion.  I'd like IS to create a group account for
us on vitcos since most likely we all won't have root access.  The
accsys account already exists and neither its uid or name collide with
anything on vitcos.  For security purposes, I would also like it to do
the CRN-PRN thing on login.  The source code will reside on that
account, and that account will own the Informix database.

Tom


Date: Thu, 26 Jun 1997 17:31:45 -0700 (PDT)
From: Thomas W Remmers 
To: "P. Pulliam" 
Cc: New Accounting System Development -- Jim Fox ,
    Hugh Sheets , Ken Lowe ,
    stenvik@u.washington.edu, Yonah Karp 
Subject: Re: students with no ssn

I'm leaning towards creating a serial key for the owners instead of
using the owner field for a couple reasons.  There are many students who
will never have social security numbers, and according to Bill Shirey
students often change social security numbers.  The foreign key in the
accounts table must be a unique, indexed field in the owners table.
I'll build the database for now with a serial owners key, and evaluate
the performance loss on lookups.  It may be that certain lookups are
slower, but not noticable in human perception.

Tom

On Tue, 24 Jun 1997, P. Pulliam wrote:

> 
> What about just creating an index, not a table key, not unique, of the
> owner field.  That would allow fast lookups by owner, but you would have
> the possibility of more than one record being returned. 
> 
> Pete
> 
> On Mon, 23 Jun 1997, Thomas W Remmers wrote:
> 
> > There are currently 1355 student records without social security
> > numbers.  These arrive from the Unisys with ssn=000000000.  If we want
> > to use encrypted ssn as the owner field (table key field, unique
> > identifier) in the owners (formerly users) table, some other unique
> > parameter is needed.  I see two solutions, the first simply using the
> > student number if there is no ssn, the second using a database generated
> > SERIAL field as the table key.  The problem with the second scheme being
> > that you could not search the accounts table by owner, something Fox
> > really wants for performance.  I will implement the first solution for
> > the time being.
> > 
> > Tom
> > 
> > 
> 
> 


Date: Tue, 24 Jun 1997 12:23:05 -0700 (PDT)
From: "P. Pulliam" 
To: Yonah Karp 
Cc: Oren Sreebny ,
    Sandra Moy ,
    Nathan Dors ,
    Kathryn Sharpe ,
    Oren Sreebny ,
    Hugh Sheets , Ken Lowe 
Subject: Re: Web-based "new" design meeting

>     One possible order for the
> ND    quickie front-end prototype:
> 
>       1) what cluster (brief descripition of each)
>       2) select cluster
>       3) validate
>       4) username
>       5) password
> ND    [5.5) email forwarding?  do we want this?  To be brought to CS mtg]
>       6) Policy signoff
>       7) Recheck
> 

Another possible order:

0) Description of what "New" is.
1) validate
2) select cluster from list of machines that the person validated
   can create accounts on. 
3) username, if not already existing.
4) General info, including password (this is the list number 0..x in
   the existing "new")
5) Policy signoff (could be anywhere)

Pete


Date: Tue, 24 Jun 1997 11:17:05 -0700 (PDT)
From: "P. Pulliam" 
To: Thomas W Remmers 
Cc: New Accounting System Development -- Jim Fox ,
    Hugh Sheets , Ken Lowe ,
    stenvik@u.washington.edu, Yonah Karp 
Subject: Re: students with no ssn

What about just creating an index, not a table key, not unique, of the
owner field.  That would allow fast lookups by owner, but you would have
the possibility of more than one record being returned. 

Pete

On Mon, 23 Jun 1997, Thomas W Remmers wrote:

> There are currently 1355 student records without social security
> numbers.  These arrive from the Unisys with ssn=000000000.  If we want
> to use encrypted ssn as the owner field (table key field, unique
> identifier) in the owners (formerly users) table, some other unique
> parameter is needed.  I see two solutions, the first simply using the
> student number if there is no ssn, the second using a database generated
> SERIAL field as the table key.  The problem with the second scheme being
> that you could not search the accounts table by owner, something Fox
> really wants for performance.  I will implement the first solution for
> the time being.
> 
> Tom
> 
> 


Date: Mon, 23 Jun 97 17:29:45 -0700
From: Ken Lowe 
To: fox@u.washington.edu, remmers@u.washington.edu
Cc: hugh@u.washington.edu, pete@u.washington.edu, stenvik@u.washington.edu,
    yonah@u.washington.edu
Subject: Re: students with no ssn

I think we were told that not all students *HAVE* SSNs let alone that
we will get them.

-Ken

-----

From fox@u.washington.edu  Mon Jun 23 16:15:10 1997
Date: Mon, 23 Jun 1997 16:15:05 -0700 (PDT)
From: Jim Fox 
To: (Thomas W Remmers) remmers@u.washington.edu
Cc: (Hugh Sheets) hugh@u.washington.edu, (Ken Lowe) ken@u.washington.edu,
        ("P. Pulliam") pete@u.washington.edu, stenvik@u.washington.edu,
        (Yonah Karp) yonah@u.washington.edu
Subject: Re: students with no ssn

I think we were told that we would have ssns for all students,
so the unisys tape needs to be fixed.

On Mon, 23 Jun 1997, Thomas W Remmers wrote:

> Date: Mon, 23 Jun 1997 15:51:59 -0700 (PDT)
> From: Thomas W Remmers 
> To: New Accounting System Development -- Jim Fox ,
>     Hugh Sheets , Ken Lowe ,
>     "P. Pulliam" ,
>     Thomas W Remmers , stenvik@u.washington.edu,
>     Yonah Karp 
> Subject: students with no ssn
> 
> There are currently 1355 student records without social security
> numbers.  These arrive from the Unisys with ssn=000000000.  If we want
> to use encrypted ssn as the owner field (table key field, unique
> identifier) in the owners (formerly users) table, some other unique
> parameter is needed.  I see two solutions, the first simply using the
> student number if there is no ssn, the second using a database generated
> SERIAL field as the table key.  The problem with the second scheme being
> that you could not search the accounts table by owner, something Fox
> really wants for performance.  I will implement the first solution for
> the time being.
> 
> Tom


Date: Mon, 23 Jun 1997 16:39:37 -0700 (PDT)
From: Yonah Karp 
To: Oren Sreebny 
Cc: Sandra Moy ,
    Nathan Dors ,
    Kathryn Sharpe ,
    Oren Sreebny ,
    Hugh Sheets ,
    "P. Pulliam" , Ken Lowe 
Subject: Re: Web-based "new" design meeting

Nathan, Sandy and I met this a.m.  Results:

  Looks feasable for fall quarter.  We'll shoot for having it
  done by quarter break (Aug 22 on) with a front-end prototype
  asap (thanks, Nathan).  First order of business is Nathan's
  mock-up.  In addition, each of us has various to-do's, either
  now or eventually, below:

TCG  For Homer/ Dante:  tailor what we say to faculty/ staff OR students

     Need to have at least two versions:

       web (netscape/IE/lynx)
       telnet 
YK       (could we could just fork a telnet window running lynx?)

     
    One possible order for the
ND    quickie front-end prototype:

      1) what cluster (brief descripition of each)
      2) select cluster
      3) validate
      4) username
      5) password
ND    [5.5) email forwarding?  do we want this?  To be brought to CS mtg]
      6) Policy signoff
      7) Recheck

Other issues:

SM     Legal -- signing off on form
SM     TCG
SM     Oren -- PAC for faculty feasibility
[all]  "renew" issue -- does this make sense without PAC for fac/staff?
PP/YK  Back end issues, modular programming

  Yonah

On Thu, 19 Jun 1997, Oren Sreebny wrote:

> I'm out of town at a meeting Monday, but don't wait for me - I think y'all
> are more critical than my participation.  My preference is for a small
> group to put their heads together and come up with a prototype for us to
> react to - I certainly trust you folks to do that.
> 
> - Oren
>  ----
> From: Yonah Karp 
> To: Sandra Moy ; Nathan Dors  u>
> Cc: Kathryn Sharpe ; Oren Sreebny  on.edu>
> Date: Thursday, June 19, 1997 5:48 PM
> Subject: Web-based "new" design meeting
> 
> Let's meet asap about this.  Minimally, Sandy, Nathan and I need
> to figure out if this is feasable for the short run (i.e. can
> we get this up for the fall); it would be great if Kathryn and
> Oren could come too.  I'm suggesting Monday -- I'm free all day
> so could work with anyone's schedule.  Are people free Monday?
> If so, when?  How about 10:30?  2:00?  Anything?  The rest of
> the week I'm pretty much booked, so if critical people can't do
> it Monday then you probably should meet without me.  I'm also
> working the back end of this project, which is going well, and
> could meet with one of the front end UI people separately to
> talk about your findings.
> 
> Thanks!
> 
>   Yonah
> 


Date: Mon, 23 Jun 1997 16:15:05 -0700 (PDT)
From: Jim Fox 
To: Thomas W Remmers 
Cc: Hugh Sheets , Ken Lowe ,
    "P. Pulliam" , stenvik@u.washington.edu,
    Yonah Karp 
Subject: Re: students with no ssn

I think we were told that we would have ssns for all students,
so the unisys tape needs to be fixed.

On Mon, 23 Jun 1997, Thomas W Remmers wrote:

> Date: Mon, 23 Jun 1997 15:51:59 -0700 (PDT)
> From: Thomas W Remmers 
> To: New Accounting System Development -- Jim Fox ,
>     Hugh Sheets , Ken Lowe ,
>     "P. Pulliam" ,
>     Thomas W Remmers , stenvik@u.washington.edu,
>     Yonah Karp 
> Subject: students with no ssn
> 
> There are currently 1355 student records without social security
> numbers.  These arrive from the Unisys with ssn=000000000.  If we want
> to use encrypted ssn as the owner field (table key field, unique
> identifier) in the owners (formerly users) table, some other unique
> parameter is needed.  I see two solutions, the first simply using the
> student number if there is no ssn, the second using a database generated
> SERIAL field as the table key.  The problem with the second scheme being
> that you could not search the accounts table by owner, something Fox
> really wants for performance.  I will implement the first solution for
> the time being.
> 
> Tom
> 
 

Date: Mon, 23 Jun 1997 15:51:59 -0700 (PDT)
From: Thomas W Remmers 
To: New Accounting System Development -- Jim Fox ,
    Hugh Sheets , Ken Lowe ,
    "P. Pulliam" ,
    Thomas W Remmers , stenvik@u.washington.edu,
    Yonah Karp 
Subject: students with no ssn

There are currently 1355 student records without social security
numbers.  These arrive from the Unisys with ssn=000000000.  If we want
to use encrypted ssn as the owner field (table key field, unique
identifier) in the owners (formerly users) table, some other unique
parameter is needed.  I see two solutions, the first simply using the
student number if there is no ssn, the second using a database generated
SERIAL field as the table key.  The problem with the second scheme being
that you could not search the accounts table by owner, something Fox
really wants for performance.  I will implement the first solution for
the time being.

Tom


Date: Mon, 23 Jun 1997 14:21:34 -0700 (PDT)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hugh@cac.washington.edu, ken@cac.washington.edu,
    pete@cac.washington.edu, remmers@cac.washington.edu,
    stenvik@cac.washington.edu, yonah@cac.washington.edu
Cc: hugh@cac.washington.edu
Subject: Accounting project....

From Thurs 97/06/19 meeting:

Tom is continuing to make progress with INFORMIX on Vitcos.  He has
a database design document (web page).  Hugh has the project web page
which will be in-place on neruda today.  Link from AST home page under
Projects.  Hugh and Yonah mentioned JimD wants us to not limit ourselves
to INFORMIX simply because it is here and readily available.  If our 
investigation points to a better choice we will consider it.  

We need to meet with Sid, Ping, Bill Shirey, Jim Blankenship, and Jim D.
to talk about INFORMIX before we go much farther.  Hugh will invite them to
this meeting next Thursday, June 26, and we will start at 10:00.  Our 
agenda:
- UNISYS-to-INFORMIX database loading
- INFORMIX database security (database itself, access control)
- backup
- review of INFORMIX and how/why it was selected
- INFORMIX licensing in a nutshell
- database design

We reviewed who is working on what:
 Pete:
  - Web-based new and related, target Fall 1997
  - INFORMIX Li
  - data flow diagram of existing system
  - hospital client (aagaard account authorization)

 Tracy:
  - data specs - billing etc, *VF, Li
  - access clients for C&CI (svf.info client for example)
  - expiration
  - Jim Mock EDF spec

 Tom:
  - INFORMIX Li
  - UNISYS --> INFORMIX loading SVF, FVF, BVF (BlueVF)
  - access clients

 JimF:
  - Li consulting
  - Client API consulting

 Yonah:
  - specs
  - project management
  - expiration
  - policy issues

 Hugh
  - project management

Hugh Sheets
University Computing Services, box 354843
Computing & Communications
hugh@cac.washington.edu, 543-4041


Date: Fri, 20 Jun 1997 11:07:57 -0700 (PDT)
From: Hugh Sheets 
To: bshirey@cac.washington.edu, deroest@cac.washington.edu,
    jblank@cac.washington.edu, plo@cac.washington.edu,
    smcharg@cac.washington.edu
Cc: hugh@cac.washington.edu, yonah@cac.washington.edu
Subject: Accounting project....

Those of us working on the UCS accounting project have some database
questions, and would like the opportunity to sit down with you as
a group in a meeting.  Would you be able to come to our weekly meeting,
Thursday June 26, 10:00, in the 4545 3rd floor conference room?  On the
agenda:
- UNISYS-to-INFORMIX database loading
- INFORMIX database security (database itself, access control)
- backup
- review of INFORMIX and how/why it was selected
- INFORMIX licensing in a nutshell
- database design

Hugh Sheets
University Computing Services, box 354843
Computing & Communications
hugh@cac.washington.edu, 543-4041



Date: Thu, 19 Jun 1997 18:04:15 -0700 (PDT)
From: Thomas W Remmers 
To: Jim Fox 
Cc: Hugh Sheets ,
    Internal Accounting Group ,
    hugh@cac.washington.edu, ken@cac.washington.edu,
    pete@cac.washington.edu, remmers@cac.washington.edu,
    stenvik@cac.washington.edu, yonah@cac.washington.edu,
    deroest@cac.washington.edu
Subject: Re: Accounting project 

> 
> re: Informix accounting structure
> 
> re: Informix atabase tables 
>     (http://neruda.cac.washington.edu/ast/projects/acctg/tables.html)
> 
> 
> 1) The users table is really a table of all people who have or
>    can create accounts.  The owner field is a unique and invarient
>    identifier for a person.  
> 
>    a)  A person is not a student or an other, but can be any or
>        all of student, staff, faculty, doctor, or several others
>        to be determined later.  Therefore the 'owner' field cannot
>        be dependent upon the person's type.  I think we had decided
>        it would be encrypted SS# for everybody.  

Yes.

> 
>    b)  Additional fields in the users database should include:
> 
>         student number
>         flags for person types
>         or possibly start-stop dates for each possible type

I'll add these to the database specs once the specifics are known.

> 
> 
> 2) The username is not a good primary key for account info for
>    a couple of reasons:  
> 
>       a) they are not invarient. (We do change them sometimes)
>       b) they get recycled.  (We couldn't keep any usage history past
>          account expiration.)
> 
>    A better primary key might be:
> 
>       a) account = owner + person_type   (kind of like present system)
> 
>    In the accounts table 'account' and 'username' would be unique,
>    but there ought to be indexed access to 'account', 'username',
>    'owner' and 'uid'.

I had an automatically generated serial number for the accounts key, but
I changed my mind just yesterday.  I've put it back for the reason
listed above.  Serial numbers are guaranteed unique, and are very useful
for relationships within a database.


>    
> 3) It's not clear what the clusters table is for.

The clusters stores all those cluster specific things in the cdf and cuf
or whatever.  I'm less familiar with this data, so right now the table
is pretty sparsely populated with fields.

Good ideas,

Tom

> 
> 
> Jim
>  
> 



Date: Thu, 19 Jun 1997 17:24:25 -0700 (PDT)
From: Jim Fox 
To: Hugh Sheets 
Cc: Internal Accounting Group ,
    hugh@cac.washington.edu, ken@cac.washington.edu,
    pete@cac.washington.edu, remmers@cac.washington.edu,
    stenvik@cac.washington.edu, yonah@cac.washington.edu,
    deroest@cac.washington.edu
Subject: Re: Accounting project 


re: Informix accounting structure

re: Informix atabase tables 
    (http://neruda.cac.washington.edu/ast/projects/acctg/tables.html)


1) The users table is really a table of all people who have or
   can create accounts.  The owner field is a unique and invarient
   identifier for a person.  

   a)  A person is not a student or an other, but can be any or
       all of student, staff, faculty, doctor, or several others
       to be determined later.  Therefore the 'owner' field cannot
       be dependent upon the person's type.  I think we had decided
       it would be encrypted SS# for everybody.  

   b)  Additional fields in the users database should include:

        student number
        flags for person types
        or possibly start-stop dates for each possible type


2) The username is not a good primary key for account info for
   a couple of reasons:  

      a) they are not invarient. (We do change them sometimes)
      b) they get recycled.  (We couldn't keep any usage history past
         account expiration.)

   A better primary key might be:

      a) account = owner + person_type   (kind of like present system)

   In the accounts table 'account' and 'username' would be unique,
   but there ought to be indexed access to 'account', 'username',
   'owner' and 'uid'.
   
3) It's not clear what the clusters table is for.


Jim


Date: Thu, 19 Jun 1997 16:07:27 -0700 (PDT)
From: Thomas W Remmers 
To: New Accounting System Development -- Jim Fox ,
    Hugh Sheets , Ken Lowe ,
    "P. Pulliam" ,
    Thomas W Remmers , stenvik@u.washington.edu,
    Yonah Karp 
Subject: Meeting with Ping and Bill Shirey

I had a quick meeting with Ping and Bill Shirey about sending the data
directly from the Unisys to Informix.  A direct connection is not
possible as originally envisioned.  The daily data Bill sends does not
come directly from the tables since they keep student records back to
1981, rather her processes the data and produces a file as output.  The
databridge connection between the Unisys and Informix can only send all
data from a specific table.  Also, due to limitations with databridge,
only one databridge can be executing on a specific Unisys database at
one time.  Since there are other long runs on the database that includes
the student data, the daily processing could be compromised.

I had the idea to create a transfer database on the Unisys, and the
databridge program could operate on it, eliminating any multiple
connectivity problems with the big database.  The process as proposed
is: 

1.  On the Unisys, on a daily basis, active student records are
identified and the fields we want are sent to another Unisys database. 

2.  The databridge program will copy the student table to a new table
each day in the Informix database.  

3.  Daily processing that we maintain then analyzes the new student
table and updates the real table of all users (now called owners).

4.  We must delete each of the new tables that are created each day at
some point, otherwise there will be a lot of new tables.

This scheme should work for the staff and faculty validation data.

FYI, databridge was developed by Sid and is secure.

I told Ping and Bill that the goal was to have this in place by July 1,
but that could be pushed back if there were technical problems.  I told
them we were going to have a big meeting next week, and they could give
their projection then about how long it would actually take to do.

Tom


Date: Thu, 19 Jun 1997 13:24:04 -0700 (PDT)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hugh@cac.washington.edu, ken@cac.washington.edu,
    pete@cac.washington.edu, remmers@cac.washington.edu,
    stenvik@cac.washington.edu, yonah@cac.washington.edu
Cc: deroest@cac.washington.edu
Subject: Accounting project web page....

The Accounting Project web page is up.  It has the usual link from
the AST Group projects page, or directly:

http://neruda.cac.washington.edu/ast/projects/acctg/

Hugh


Date: Sun, 15 Jun 1997 21:04:20 -0700 ()
From: Jim Fox 
To: Hugh Sheets 
Cc: Internal Accounting Group ,
    hugh@cac.washington.edu, ken@cac.washington.edu,
    pete@cac.washington.edu, remmers@cac.washington.edu,
    stenvik@cac.washington.edu, yonah@cac.washington.edu
Subject: Re: Accounting project.....

I think I also said I would work on the client API.  As it will
probably use the new LSC library for security, Yonah asked me
to talk about that next meeting.  However, I think that's 
unnecessary for a couple of reasons: 1) it's a sort of behind the
sceens thing that doesn't really affect the api; 2) My younger 
daughter has a 5th grade gradutaion next Thursday AM so I might
not get to the meeting anyway.  If you're interested in the
security library check out http://weber/~fox/lsc/

Jim

On Fri, 13 Jun 1997, Hugh Sheets wrote:

> Date: Fri, 13 Jun 1997 15:36:29 -0700 (PDT)
> From: Hugh Sheets 
> To: Internal Accounting Group ,
>     hugh@cac.washington.edu, ken@cac.washington.edu,
>     pete@cac.washington.edu, remmers@cac.washington.edu,
>     stenvik@cac.washington.edu, yonah@cac.washington.edu
> Subject: Accounting project.....
> 
> From Thurs 97/06/12 meeting:
> 
> Tom has been making good progress using INFORMIX on Vitcos.  He is 
> working on creating the svf.info, svf.dat, and three Li files now done
> on Rhys from the INFORMIX DB.  He will be writing the specs for the 
> INFORMIX DB, which we will make available from the project web page, 
> which Hugh is working on.  We will meet with Ping next week to discuss
> "direct" loading of the DB.  He has experimented with accessing the DB
> from MicroSoft ACCESS on a Windows 95 PC which looks to be a promising
> client interface.  Tom's work corresponds to steps 0,1,2 of the phase 
> 1 plan.  
> 
> We need to come up with a name for the INFORMIX DB, more concise than 
> "humptulips", along the lines of "Li", so everyone collect your 
> suggestions.  
> 
> An accounting related issue that came up is blank PACs in svf.ftpdata 
> for those new students who have not yet established a PAC via STAR.  
> Formerly, their birthdate was inserted as the PAC.  "new" will not 
> work with a blank PAC.  The larger issue of the blank PACs will be 
> addressed elsewhere.  As a short-term fix, Hugh will write a program 
> to have Rhys put back the birthdate during the usual nightly 
> processing of svf.ftpdata.  
> 
> The web-based "new" project needs to be picked up - a target 
> implementation will be Fall Quarter.  Yonah will push for the web page
> design while Pete will work on the back-end process.  
> 
> Yonah pointed out Jim Mock gets/needs access to EDF data for 
> scheduling in his Lab, so here is a "class" of customer who will need 
> a level of access to the INFORMIX DB.  
> 
> To do / who is working on what:
>  - Tom is working on steps 0,1,2 of the phase 1 plan, document specs.
>  - Tom + meet with Ping to talk INFORMIX and "direct" loading of the DB.
>    Maybe invite Ping to Thurs June 19 meeting?
>  - Hugh work on project web page, program to fill blank PACs on Rhys.
>  - Pete work on web-based "new" back-end process.
>  - Yonah push the web-based "new" web page design.
> 


Date: Fri, 13 Jun 1997 15:36:29 -0700 (PDT)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hugh@cac.washington.edu, ken@cac.washington.edu,
    pete@cac.washington.edu, remmers@cac.washington.edu,
    stenvik@cac.washington.edu, yonah@cac.washington.edu
Subject: Accounting project.....

From Thurs 97/06/12 meeting:

Tom has been making good progress using INFORMIX on Vitcos.  He is 
working on creating the svf.info, svf.dat, and three Li files now done
on Rhys from the INFORMIX DB.  He will be writing the specs for the 
INFORMIX DB, which we will make available from the project web page, 
which Hugh is working on.  We will meet with Ping next week to discuss
"direct" loading of the DB.  He has experimented with accessing the DB
from MicroSoft ACCESS on a Windows 95 PC which looks to be a promising
client interface.  Tom's work corresponds to steps 0,1,2 of the phase 
1 plan.  

We need to come up with a name for the INFORMIX DB, more concise than 
"humptulips", along the lines of "Li", so everyone collect your 
suggestions.  

An accounting related issue that came up is blank PACs in svf.ftpdata 
for those new students who have not yet established a PAC via STAR.  
Formerly, their birthdate was inserted as the PAC.  "new" will not 
work with a blank PAC.  The larger issue of the blank PACs will be 
addressed elsewhere.  As a short-term fix, Hugh will write a program 
to have Rhys put back the birthdate during the usual nightly 
processing of svf.ftpdata.  

The web-based "new" project needs to be picked up - a target 
implementation will be Fall Quarter.  Yonah will push for the web page
design while Pete will work on the back-end process.  

Yonah pointed out Jim Mock gets/needs access to EDF data for 
scheduling in his Lab, so here is a "class" of customer who will need 
a level of access to the INFORMIX DB.  

To do / who is working on what:
 - Tom is working on steps 0,1,2 of the phase 1 plan, document specs.
 - Tom + meet with Ping to talk INFORMIX and "direct" loading of the DB.
   Maybe invite Ping to Thurs June 19 meeting?
 - Hugh work on project web page, program to fill blank PACs on Rhys.
 - Pete work on web-based "new" back-end process.
 - Yonah push the web-based "new" web page design.


Date: Thu, 12 Jun 1997 10:31:38 -0700 (PDT)
From: Yonah Karp 
To: jim@u.washington.edu
Cc: Sandra Moy ,
    Jim DeRoest ,
    Tracy Stenvik ,
    Pete Pulliam ,
    Hugh Sheets 
Subject: EDF access

As we just discussed, you need access to:

  student #
  courses student is in
  department course is in
  number & section for each course 
  dept name (major eg PREENG)
  sex (m/f)
  login name

Your program determines priority by courses.  As I explained,
the main difference between what you get now vs what you'll get
in the future is that we'll no longer be generating a flat EDF
file as we have for so many years.  You'll have access to an
Informix table with the above data elements, and be able to use
SQL language to do whatever you need with it.  And we promise to
give you access to the same data elements you've been using in 
the past so that your priority programs will work.

  Yonah



Date: Fri, 6 Jun 1997 11:03:46 -0700 (PDT)
From: Hugh Sheets 
To: Yonah Karp 
Cc: hugh@cac.washington.edu
Subject: Re: Accounting et al (fwd)

Yonah - Maybe we can discuss this next week?  I have talked to Keith and
        Mary several times about this, and we talked to Mary together.  I
        have also tried without success to involve Mike Pingree so I'm not
        sure what else we can do. 

Hugh

On Thu, 5 Jun 1997, Yonah Karp wrote:

> refreshing your/ my memory -- Keith is right next to us so we can
> easily talk with him about this.
> 
>   Yonah
> 
> 
> ---------- Forwarded message ----------
> Date: Thu, 17 Apr 1997 10:18:54 -0700
> From: James W DeRoest 
> To: Yonah Karp ,
>     Hugh Sheets 
> Cc: Lori Stevens 
> Subject: Accounting et al
> 
> Tom stopped by to talk about concerns on how TSAT would interface with the
> new system and direction for authentication and authorization.  As I
> mentioned in the meeting, Ed has stated that for new IS apps they will use
> the UA auth system.  We will still need to grandfather in old apps and
> accounts.  It might be worth having Mary Ellen right up her perspective on
> how this would work as she handles accounts for TSAT as well as UA.  Keith
> Mason is probably the person in Sid's group to pester concerning TSAT.  As
> we build the spec we should probably talk with each of the app mgrs in IS
> about their expectations.  Mike Pingree can probably finger the appropriate
> folks.
> 
> Jim
> 


Date: Thu, 5 Jun 1997 16:42:21 -0700 (PDT)
From: Yonah Karp 
To: Hugh Sheets 
Cc: Internal Accounting Group ,
    ken@cac.washington.edu, pete@cac.washington.edu,
    remmers@cac.washington.edu, stenvik@cac.washington.edu
Subject: Re: Accounting project....

I'm assuming we're talking about initially building the pieces
of the DB which include the faculty/staff and student tables
(what will eventually replace the facstaff & student processes
on Austen and on the li servers).  So the data HEPPS and SDB
currently send to Austen is what we're talking about going from
the Unisys directly to the Informix DB, I believe.

  Yonah


On Thu, 5 Jun 1997, Hugh Sheets wrote:

> From today's meeting:
> 
> Jim will not be able to devote as much attention to creating the
> INFORMIX DB at this time as he first thought, so Tom will do the
> primary work on this.  He will start defining the DB structure
> and do some experimentation before we approach Ping to discuss
> the loading process and advice on the DB structure.  Tracy's
> document on the current data fields used now will be very valuable.
> 
> We will be sure to document the specifications as we proceed.  Doing
> this as web pages is a good idea - Hugh is working on the project web page
> so everthing can be linked from there.
> 
> Hugh
> 



Date: Thu, 5 Jun 1997 16:24:18 -0700 (PDT)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hugh@cac.washington.edu, ken@cac.washington.edu,
    pete@cac.washington.edu, remmers@cac.washington.edu,
    stenvik@cac.washington.edu, yonah@cac.washington.edu
Subject: Accounting project....

From today's meeting:

Jim will not be able to devote as much attention to creating the
INFORMIX DB at this time as he first thought, so Tom will do the
primary work on this.  He will start defining the DB structure
and do some experimentation before we approach Ping to discuss
the loading process and advice on the DB structure.  Tracy's
document on the current data fields used now will be very valuable.

We will be sure to document the specifications as we proceed.  Doing
this as web pages is a good idea - Hugh is working on the project web page
so everthing can be linked from there.

Hugh



Date: Thu, 29 May 1997 13:28:22 -0700 (PDT)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hugh@cac.washington.edu, ken@cac.washington.edu,
    pete@cac.washington.edu, remmers@cac.washington.edu,
    stenvik@cac.washington.edu, yonah@cac.washington.edu
Cc: hugh@cac.washington.edu
Subject: Accounting project....

Summing today's meeting, here's the first phase plan:

0. Create INFORMIX DB with Fac/Staff/Student fields
1. UNISYS loads/updates INFORMIX DB with Student information "directly"
2. INFORMIX DB generates (eliminating Rhys):
   - the 3 current Li files sent to Li servers
   - svf.info sent to Austen for C&CI
   - svfd.dat sent to Austen for expiration process
3. Create a client for C&CI to use to replace need for svf.info
4. Do #1,2,3 as appropriate for Fac/Staff
5. Create and use a verify API (removing this function from Li):
   - when done, svfd.dat is the only file still needed (expiration
      function not yet addressed)
   - needs to handle "blue people" (aagaard customers) which we now
     get via flat file from MCIS - create a client for MCIS?

Goals:
1. Have Fac/Staff, Student, Clinician verification information in
   INFORMIX DB
2. Have UNISYS load/update INFORMIX DB directly
3. Eliminate Rhys svf processing, Austen fvf processing, Austen aagaard
   processing
4. Use new verify API against INFORMIX DB, removing this function from Li.

Tom, Yonah, Pete, and Jim will start on step 0., involving Ping/Liz for 
advise on DB design and step 1.

Hugh Sheets
University Computing Services, box 354843
Computing & Communications
hugh@cac.washington.edu, 543-4041
 


Date: Wed, 28 May 1997 14:47:15 -0700 (PDT)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hugh@cac.washington.edu, ken@cac.washington.edu,
    pete@cac.washington.edu, remmers@cac.washington.edu,
    stenvik@cac.washington.edu, yonah@cac.washington.edu
Subject: Accounting meeting reminder....

Don't forget the accounting meeting Thursday at 10:30.  The agenda
includes status reports:
 - Yonah was investigating reports - who looks at what
 - Pete is working on his data flow diagram of the current accounting/
     billing system
 - Tom is experimenting with INFORMIX to create a test database
 - Hugh is investigating UNISYS accounts, think about how billing and
     reporting will be generated from the INFORMIX database
 - Tracy is identifying data elements in the current billing system
     to flesh out specifications for the INFORMIX database.

And, Yonah's email with thoughts on breaking this very large project down
into manageable parts so tangible work can begin.

Hugh Sheets
University Computing Services, box 354843
Computing & Communications
hugh@cac.washington.edu, 543-4041



Date: Fri, 23 May 1997 10:58:27 -0700 (PDT)
From: Yonah Karp 
To: li + acctg -- Jim Fox ,
    Hugh Sheets ,
    Tracy Stenvik , Ken Lowe ,
    Pete Pulliam ,
    Thomas W Remmers 
Cc: James W DeRoest ,
    Donn Cave 
Subject: accounting redesign project(s)

Folks,

As evidenced by the meeting yesterday, this project is getting
larger and larger and losing focus.  Last month we had some
momentum going.  I would hate to lose that, and I would like us
to move forward out of the specs phase as soon as possible -- I
am thinking that the June 30 deadline for specs is still
realistic, under somewhat changed expectations.  I know that for
many of you this is the least pleasant part of the process, so
let's get it over with so we can get to coding.  

Here's what I have for current needs:

    UA reconciliation
  * student validation processing
    Fac/staff validation processing
    Billing
    Reporting (quarterly + ongoing)
  * Li (== UA validation)
    Unisys validation
    Email forwarding (@u)
    LDAP staffdir/studentdir
    Unisys --> (simply, directly) Informix DB

and assuming

    Various clients talk to DB
    Informix DB w/ various tables
    Billing done by Business Office
    Human intervention down to a minimum

There are probably more of each (throw your .02 in please as you
think of them).

My suggestion is that we take the two needs I've starred, the
new Li and the student validation processing, as pilot projects,
and that we get specs for them and get to work on putting them
in place.  During the coding of the pilot projects we can also
work on the specs of the other components, talk to related
people like Martha Smith and Mary Lee, etc.  It's clearly
debatable how the LDAP staffdir/ studentdir will interact with
this system and I don't want to let that discussion slow us
down.  Same with whether or not we do Unisys validation (i.e.
replace TSAT).

Also, I want to mention that Hugh is officially the project lead
now -- please cc him on any of the messages you send to others
related to this project.  I am an interested (okay, very
interested) party on this and will be throwing in my own .02,
.04, whatever on this.

My thinking on the two pilot projects is that they will test
and exercise:

     Unisys --> db loading & refreshing
     ODBC Informix API, how it works
     database design
     save us from trying to spec out the unspec-able

Thoughts?  Comments?

  Yonah


Date: Mon, 5 May 1997 16:20:37 -0700 (PDT)
From: Yonah Karp 
To: li + acctg -- Jim Fox ,
    Hugh Sheets ,
    Tracy Stenvik , Ken Lowe ,
    Pete Pulliam ,
    Thomas W Remmers 
Cc: James W DeRoest 
Subject: acctg meeting

Let's meet Thursday at 10:30.  Some good progress is going on
that we ought to share.  Tom is looking at and experimenting
with Informix, Tracy is working on the data elements in the
current billing system to add to the data elements he compiled
for the rest of the systems, Pete is working on data and work
flow of the current accounting system, and Hugh and I are
working specs for the new systems.

  Yonah


Date: Mon, 28 Apr 1997 12:11:54 -0700 (PDT)
From: Hugh Sheets 
To: Internal Accounting Group ,
    hugh@cac.washington.edu, ken@cac.washington.edu,
    pete@cac.washington.edu, remmers@cac.washington.edu,
    stenvik@cac.washington.edu, yonah@cac.washington.edu
Subject: Accounting system specs....

We have a full Accounting meeting this Wednesday at 10:30.  I know Pete
and Tracy have been assembling some requirements/specifications based
on the current system.  If possible, it would be valuable to have this
to show at this Wednesday's meeting.  I can help assemble this if anyone
has anything they can send me.  In any case, maybe we can all touch base
prior to Wednesday morning.  At the close of the last meeting April 16,
we were going to work on assembling the requirements/specifications and
look at Informix as the database package of choice, so we should be
prepared to report on our progress.  Hopefully, the other folks who 
attended have been thinking about their needs for this system.

Hugh


Date: Thu, 17 Apr 1997 10:18:54 -0700
From: James W DeRoest 
To: Yonah Karp ,
    Hugh Sheets 
Cc: Lori Stevens 
Subject: Accounting et al

    [The following text is in the "iso-8859-1" character set]
    [Your display is set for the "us-ascii" character set]
    [Some characters may be displayed incorrectly]

Tom stopped by to talk about concerns on how TSAT would interface with the
new system and direction for authentication and authorization.  As I
mentioned in the meeting, Ed has stated that for new IS apps they will use
the UA auth system.  We will still need to grandfather in old apps and
accounts.  It might be worth having Mary Ellen right up her perspective on
how this would work as she handles accounts for TSAT as well as UA.  Keith
Mason is probably the person in Sid's group to pester concerning TSAT.  As
we build the spec we should probably talk with each of the app mgrs in IS
about their expectations.  Mike Pingree can probably finger the appropriate
folks.

Jim