Self-Service Privacy Using LDAP at The University of Notre Dame CUMREC 2003 Brendan Bellina Office of Information Technologies University of Notre Dame.

Slides:



Advertisements
Similar presentations
Family Educational Rights and Privacy Act What you should know about FERPA.
Advertisements

FERPA - Sharing Student Information
Protect Our Students Protect Ourselves
FERPA: Family Educational Rights and Privacy Act
The Family Educational Rights and Privacy Act
Family Education Rights & Privacy Act of 1974 FERPA, You, & UC.
Maureen Cronin Associate Registrar for DARS University of Nevada, Reno.
FERPA for Students What Every MSU Student Should Know Prepared by the Office of the Registrar.
F amily E ducational R ights and P rivacy A ct University of Nebraska at Kearney.
LDAP-Enabled Privacy at The University of Notre Dame EduCAUSE conference, October 2002 Brendan Bellina Office of Information Technologies University of.
1 Office of the General Counsel FERPA  Family Educational Rights and Privacy Act (20 U.S.C § 1232g)
FERPA: WHAT YOU SHOULD KNOW ILASFAA April 18, 2008 Amy Perrin Director of Financial Aid Elgin Community College.
Family Educational Rights and Privacy Act What you need to know...
FERPA: Family Educational Rights and Privacy Act.
FERPA Skidmore College Family Education Rights & Privacy Act What is FERPA? It is the Family Educational Rights and Privacy Act of Is also referred.
What is FERPA? Family Educational Rights and Privacy Act.
Directory-Enabling Applications: Techniques from the Trenches Brendan Bellina Senior Systems Engineer University of Notre Dame This presentation is available.
2/16/2010 The Family Educational Records and Privacy Act.
FERPA Family Educational Rights and Privacy Act or Buckley Amendment.
FERPA Overview for CANR Business Managers Rob Kent, MSU Assistant General Counsel October 7, 2014.
The Family Educational Rights and Privacy Act (FERPA) The Importance of Protecting Student Records This session will help you better understand the law.
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
F amily E ducational R ights and P rivacy A ct. 1.The right to inspect and review education records. 2.The right to seek the amendment of education records.
FERPA 101 Student Records: Institutional Responsibility and Student Rights What Every University Employee Should Know Prepared by the Office of the Registrar.
FERPA REFRESHER AND UPDATE FERPA/Protecting Sensitive Information January 17, 2013 Jesh Humphrey, Senior Associate General Counsel.
FERPA Training. What is FERPA? FERPA (the Family Educational Rights and Privacy Act of 1974), also known as the Buckley Amendment, is a Federal law that.
Ten Thing IT Staff Need to Know About Education Records Privacy Ten Things IT Staff Need to Know About Education Records Privacy Jeff von Munkwitz-Smith.
NERCOMP Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.
8/28/2015 The Family Educational Rights and Privacy Act (FERPA)  Also known as the Buckley Amendment.  Statute: 20 U.S.C. 1232g; Regulations: 34 CFR.
The Family Educational Rights and Privacy Act FERPA Tutorial online:
FERPA Family Educational Rights and Privacy Act and Rebecca Macon Registrar University of Georgia Presentation for GASFAA October.
FERPA at The Catholic University of America Presented by Laura Jacobs Anderson Associate Registrar Office of Enrollment Services.
Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.
Confidentiality and Public Information Act LISD Special Education Department Training SY
Uintah School District GRAMA and FERPA. The Government Records Access and Management Act (GRAMA) went into effect in It sets forth guidelines for.
The Family Educational Rights & Privacy Act (FERPA) Presented by: Diane Mendoza.
FERPA Ramapo Style Everything You Wanted to Know But Were Afraid To Ask… And Shouldn’t Tell!
NERCOMP 2002 Ten Things IT Staff Need to Know About Education Records Privacy Jeff von Munkwitz-Smith University Registrar University of Connecticut.
FERPA 101 Student Records: Institutional Responsibility and Student Rights What Every University Employee Should Know Prepared by the Office of Academic.
Family Educational Rights and Privacy Act. From the moment a child enters the school system, sensitive information is collected about the child (and even.
Protecting Privacy of Institutional Data Being aware of and respecting student, faculty and staff requests for privacy of personal data in LAN/NOS environments.
Family Educational Rights and Privacy Act (FERPA) UNION COLLEGE.
An Overview of the Family Educational Rights and Privacy Act (FERPA) University of North Florida Office of the General Counsel.
FERPA Basics From the University of Northern Iowa and Office of the Registrar.
State FERPA Agreements Using Data & Protecting Privacy SHEEO / NCES Data Conference April 2005.
FERPA Family Educational Rights and Privacy Act A Tutorial.
1 CONFIDENTIALITY. 2 Requirement Under IDEA 34 CFR Sec (c) All staff collecting or using personally identifiable information in public education.
Family Educational Rights and Privacy Act.  What is FERPA?  What Information May Be Released?  Request Non-Release of Directory Information  What.
Recent Developments in Directories: Performance Monitoring with “Look” Brendan Bellina, University of Notre Dame Spring 2003 Internet2 Member Meeting.
Sharing Information (FERPA) FY07 REMS Initial Grantee Meeting December 5, 2007, San Diego, CA U.S. Department of Education, Office of Safe and Drug-Free.
CONFIDENTIALITY. Three Confidentiality Laws 1.FERPA-Family Education Rights and Privacy Act (State Policy 4350: Procedures for the Collection, Maintenance.
TASFAA 2016 Legacy of Leadership. TASFAA 2016 Legacy of Leadership Family Educational Rights and Privacy Act (FERPA) An Overview Molly Thompson Associate.
1 Family Education Rights & Privacy Act (FERPA) Training University of Kentucky Registrar’s Office.
FERPA TRAINING Federal Educational Rights and Privacy Act.
FERPA Family Educational Rights and Privacy Act of 1974 (also known as the Buckley Amendment)
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT (FERPA) What Faculty and Staff Should Know.
Middleware: Directories Metadirectories Related Work Brendan Bellina, University of Notre Dame.
University of Southern California Identity and Access Management (IAM)
FERPA (Oops, can I say that?)
FERPA Family Educational Rights and Privacy Act of 1974
FERPA (Oops, can I say that?)
University of Southern California Identity and Access Management (IAM)
Welcome to the FERPA training for Faculty and Staff.
October 20, 2004 CAMP: Delivering, Sourcing, and Securing Services Throughout the Student Identity Life Cycle Stage 1: Establishing a Relationship.
October 20, 2004 CAMP: Delivering, Sourcing, and Securing Services Throughout the Student Identity Life Cycle Stage 1: Establishing a Relationship.
FERPA For New Faculty Lawrence F. Glick Sr. Associate General Counsel
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

Self-Service Privacy Using LDAP at The University of Notre Dame CUMREC 2003 Brendan Bellina Office of Information Technologies University of Notre Dame du Lac Copyright © Brendan Bellina, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

May 13, 2003Copyright © 2003, University of Notre Dame du Lac2 Confidentiality in U.S. Higher Education

May 13, 2003Copyright © 2003, University of Notre Dame du Lac3 Family Educational Rights and Privacy Act (FERPA) Institution definition of “Directory Information” –Full name –Address –Telephone number –Day and place of birth –College, major, or level –Participation in officially recognized activities and sports –Weight and height of members of athletic teams –Dates of attendance –Full or part-time status –Degrees and awards received –Most recent previous educational agency or institution attended by the student –Other similar information such as a photograph

May 13, 2003Copyright © 2003, University of Notre Dame du Lac4 Family Educational Rights and Privacy Act (FERPA) Excerpt from the Notre Dame FERPA webpage: Directory information may be disclosed by this institution for any purpose, without the prior consent of a student, unless the student has forbidden its disclosure in writing. Students wishing to prevent disclosure of the designated directory information must file written notification to this effect with the Registrar's Office. In the event that such written notification is not filed, the University assumes that the student does not object to the release of the directory information.

May 13, 2003Copyright © 2003, University of Notre Dame du Lac5 Family Educational Rights and Privacy Act (FERPA) In the year following the implementation of the directory privacy functionality described here, a self-service privacy mechanism was implemented in the Student Information System. Limited to student campus/home address and phone, and spouse name Available only during SIS availability (7x18) Immediate effect for SIS applications; delayed effect for web-based applications relying upon directory services Restricts data passed to directory services, resulting in the inability of even authorized directory-enabled applications from accessing the information via the directory.

May 13, 2003Copyright © 2003, University of Notre Dame du Lac6 Initiating FERPA Protection: The Student Request FERPA protection at registration or… Submit formal request for FERPA protection to the Office of the Registrar providing name and/or NetID Wait for request to be processed.

May 13, 2003Copyright © 2003, University of Notre Dame du Lac7 Initiating FERPA Protection: The Office of the Registrar Update Student Information System record to indicate that the student has requested FERPA protection Contact the Office of Information Technologies to have electronic directories & services updated

May 13, 2003Copyright © 2003, University of Notre Dame du Lac8 Limitations Complex and slow– multiple steps and points of failure and delay Available only during office hours M-F 8-5 Cumbersome – requires student visit Dependent on availability of system administrators for multiple systems (core middleware, , listserv) Limited granularity – phone, address, spouse name, or all

May 13, 2003Copyright © 2003, University of Notre Dame du Lac9 Unwanted Side Effects Disables growing list of functions reliant upon directory entry information, including forwarding, auto-reply, WebCT, Active Directory services, the eProcurement system, Learning Management System, Online Registration, Online Voting… System Administrator reliance - Requires configuration modifications and coding for each request ( , listserv, AFS) Separates user account from systems of record, preventing automated revocation and information updates

May 13, 2003Copyright © 2003, University of Notre Dame du Lac10 Goals Self-service web application Multi-level opt-out Automate processes Reduce administrator involvement Eliminate need for coding and configuration changes 7x24x365 availability Immediate effect – no latency Attribute level granularity Eliminate need for office visit No restrictions on services caused by privacy

May 13, 2003Copyright © 2003, University of Notre Dame du Lac11 Steps Taken to Date Implementation of high availability Enterprise Directory Service Elimination of X.500 directories and Eudora cross-reference database to further reduce administrator involvement Web pages to allow user to edit entry content and update privacy options in the Enterprise Directory Service real-time, 7x24x365.

May 13, 2003Copyright © 2003, University of Notre Dame du Lac12 Steps Taken to Date FERPA protected individuals “mastered” in the Enterprise Directory Service Provide LDAP-enabled applications with service id’s authorized to access private entries Windows Active Directory domain policy to redirect Active Directory searches to the EDS

May 13, 2003Copyright © 2003, University of Notre Dame du Lac13 Screen Samples

May 13, 2003Copyright © 2003, University of Notre Dame du Lac14 EDS Authentication Screen

May 13, 2003Copyright © 2003, University of Notre Dame du Lac15 Directory Entry Display

May 13, 2003Copyright © 2003, University of Notre Dame du Lac16 Directory Entry Edit

May 13, 2003Copyright © 2003, University of Notre Dame du Lac17 Privacy Options

May 13, 2003Copyright © 2003, University of Notre Dame du Lac18 Display Preferences

May 13, 2003Copyright © 2003, University of Notre Dame du Lac19 Opt-out Options Entry level and Attribute Level –Private – The entry/attribute is visible only to the owner and to authorized applications. This is a selectable option for active student and departmental accounts. –ND-Only – The entry/attribute is visible to authenticated searches and to authorized applications. This is a selectable option for all active accounts. –FERPA Restrict – entry-level setting identical to “Private” except can only be set and reversed by formal request.

May 13, 2003Copyright © 2003, University of Notre Dame du Lac20 Usage Statistics FERPA protection / hidden account: 4 Self-service entry-level privacy: 46 Self-service entry-level ND-only: 33 Self-service attribute-level privacy: 250

May 13, 2003Copyright © 2003, University of Notre Dame du Lac21 How It Works

May 13, 2003Copyright © 2003, University of Notre Dame du Lac22 Directory Attributes: dn Directory dn (distinguished name) is comprised of: –ndGuid – a uniquely defined string of characters randomly assigned in format ndaa#aa# (ndPVid) prefixed with “nd.edu” –X.500 Directory base (avoids conflict with our Active Directory domain)

May 13, 2003Copyright © 2003, University of Notre Dame du Lac23 Directory Attributes: dn Intentionally avoided basing on name, NetID, department, or affiliation in order to: –(1) reduce chance of dn changes when changes occur –(2) allow anonymity without requiring entire entry to be restricted. Needed an unchanging, non-reissuable, meaningless id independent of vendor and transaction system influence.

May 13, 2003Copyright © 2003, University of Notre Dame du Lac24 Directory Attributes: ndEntryStatus Multi-valued attribute used to control access to the entry from applications. Allowable values: –active –restrictEDS – indicates entry restricted to only owner and authorized applications –restrictndonly – indicates entry restricted to authenticated searches only –restrictFERPA – indicates privacy cannot be altered by self-service; always coupled with restrictEDS

May 13, 2003Copyright © 2003, University of Notre Dame du Lac25 Directory Attributes: ndVisibilityControl Multi-valued attribute used to record access level for specific attributes Allowable values: Attribute name, + –private – indicates attribute restricted to only owner and authorized applications –ndonly – indicates attribute restricted to authenticated searches only

May 13, 2003Copyright © 2003, University of Notre Dame du Lac26 Directory Attributes: ndDisplayPreferences Multi-valued attribute used to record user preferences for the directory entry display screen Allowable values: –maskpriorsurname – indicates that common name values based on prior surname should not be displayed –maskuid – indicates that uid (NetID) should not be displayed

May 13, 2003Copyright © 2003, University of Notre Dame du Lac27 Directory Attributes: aci Entry level aci’s used to control access to entry attributes as specified in ndVisibilityControl OU level aci’s used to prevent unauthorized access to restricted attributes such as ndUniversityid, ndPermid, ndRolesAssigned

May 13, 2003Copyright © 2003, University of Notre Dame du Lac28 Directory Attribute Access Types Always restricted –exp. ndUniversityid, ndPermid, ndRolesAssigned, internal attributes Never restricted –exp. dn, uid Restrictions based on user preference

May 13, 2003Copyright © 2003, University of Notre Dame du Lac29 Directory Attribute Access Groups Groups are used to allow applications to have access to entries and attributes. Use of groups reduces directory maintenance/administrative time Groups are not visible anonymously Group dn’s are also based on ndPVid’s

May 13, 2003Copyright © 2003, University of Notre Dame du Lac30 Steps Remaining Elimination of public access to ph/CSO Provide web-application to Registrar to control FERPA setting Increase edit capability for FERPA entries Automate data correction for FERPA entries Implement a tie between the EDS opt-out and FERPA settings and Registrar notification

Links ND Enterprise Directory Service, ND EDS Documentation, ND EDS Schema Documentation, ND EDS Search, eduPerson object class, Internet2 Middleware,

Contact Information Brendan Bellina Office of Information Technologies University of Notre Dame du Lac Website: Directory Entry: vCard:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.