Message-Id: <199709292256.PAA07596@mailhost2.cac.washington.edu> From: "James W DeRoest" <deroest@cac.washington.edu> To: "AST Webpage" <astweb@u.washington.edu> Subject: Accounting meeting.... Date: Mon, 29 Sep 1997 15:57:06 -0700
-----Original Message----- From: Hugh Sheets <hugh@u.washington.edu> Date: Monday, September 29, 1997 3:49 PM Subject: Accounting meeting....
Jim DeRoest joined the meeting to discuss the need to get K5 authorization and authentication synchronized with Shuksan, and have this happen dynamically. Customers want to make LDAP queries to Shuksan (not just queries, but administrative access - adding, expiring, permitting, so on). This is part of the Accounting project, but this piece has been given a high priority. There is a need to add large blocks of customers to Shuksan who actually would not have UA accounts, but just a "presence" in Shuksan for various authentication purposes. These would be in a large part non-University people. In fact, Jim warns we should be prepared for a huge name space, possibly a million entries and make provision for many flags that control access to many permitted services. There is the desire to allow the management of blocks of these sorts of customers be performed by non-University administrators, so controls need to be in-place to limit the scope of these administrators to only "their" customers. There is a plan to make this work a break-out subgroup of the accounting group so it can proceed in parallel to the accounting project. Jim will set up a time for this group to meet next week.
Tom has an LDAP backend interface on Vitcos to serve Tracy's validate web client. Tom will talk to Frank F. about security issues, which right now don't exist with the LDAP on Vitcos. From talking to Jim D., the LDAP Tom built on Vitcos is a dead-end version from U. of Michigan, and we should probably be using Netscape's LDAP. Tom is having trouble connecting with Martha Smith about Faculty/Staff data. Jim D. will talk to Mike Pingree about who we should be talking to.
Pete's web-based renew is accessible from the C&bleaC home page. He is working on improved logging as he is only logging successes. He expects a new version next week. For web-based new and renew, he is proposing a certified site name of "accounts.washington.edu" which will point to the machine name of "carver.u.washington.edu".
Yonah has talked to Sandy about different entities in Shuksan (if students should be completely separate from Fac/Staff if they are the same person, for example) and will write up a summary to circulate.
This stimulated a lengthy discussion about how we should store information in Shuksan. Since Jim's information on the really large and diverse influx of customers we can expect, the topic of keeping people as separate entities makes this look like a big problem, keeping multiple records of the same person and trying to connect them. We thought the only way to correlate them would be the SSN, or a number that looked like an SSN for those who don't have one. This needs further thought and planning as this could change the Shuksan design, and we need a ruling from Sandy whether it is OK to use the SSN in this way. We also need to talk to Lori Stevens about the way we should hold clinicians in Shuksan. I believe Yonah volunteered to talk to Sandy and Lori....
Lots more to discuss, but we ran out of time.
Task review: ------------ Tom: Lots; database development, loading, processing. Start thinking about clinicians expiration process. Start working on Faculty/Staff data loading, processing. Investigate commercial LDAP/Informix interface. Talk to Frank F. about LDAP security.
Pete: Web-based new, renew.
Tracy: Manipulation clients, first an AVF add/modify client.
Yonah: Writing a requirements document. Consider keeping completely separate Student/Staff/Fac/Clinician records in the database. Write up summary from talking to Sandy. Talk to Sandy about using SSN. Talk to Lori about how to store clinicians in Shuksan.
Jim: Think about the process to update Li with Shuksan data.