NU Identity Management is a process of authenticating users and potential users of NU information resources and it is the critical first step in providing access. Prior to determining if someone or even another computer system should be permitted to access sensitive or critical data, it is paramount that the authenticity of the requester be established first. Accordingly, a systematic procedure must be developed, U-wide or on a campus-by-campus basis, that determines how to authenticate computer users.
Once a determination is made that the requester is really who s/he says s/he is, campuses should then develop their own business rules that govern accessibility. Campuses should also decide if the authentication process at one campus will be accepted and respected within their own, if the authentication process is warranted at each “border”, or if a re-authentication process is warranted for specific computer applications, or for specific transactions with an application.
While standardizing on authentication requirements and procedures is not mandatory, the NU system can become a much more tightly integrated environment in which students, faculty and staff can access information and data from the source—regardless of where that source is within the system—if each NU campus can authenticate any NU student, faculty or staff member and properly establish those entities’ access privileges.
The overall process of authenticating users and potential users of NU information resources may begin with and include the sharing and storing of campus-specific and U-wide student, employee and guest data in a central repository or master directory. And, because some of this data may be campus-specific, it is paramount that any campus, college or department that wants to use data stored in this central repository first ensures that accessing and using the data is permitted. To this end, all data, except those common elements that may also be public directory information, should be considered private and only released for use by the functional data owner
1.1 Functional Data Owner(s)
Aside from the NU Board of Regents who ultimately owns every piece of University data, a functional data owner is the person who is considered to be the final authority and decision maker with respect to a University function’s data and records. This authority and decision-making extends to any data and information that is resident in a management information system, database, storage system or electronic file that is used by this University function as well as any data, forms, files, information and records that are in paper format.
Every database management system, computer application, LDAP directory (Lightweight Directory Access Protocol), and management information system shall have one or more functional data owner identified in the event that questions concerning access and availability arise.
For those enterprise-wide directories and applications that serve a multitude of University functions and do not have a cross-functional team that acts as functional data owner (i.e. SAP’s Financial Systems Task Force), the UNCSN Information Security Officer shall act as functional data owner and have the responsibility of identifying, communicating with and building consensus with all parties, directors, Deans, Department Heads, etc. whenever a decision regarding the data is needed.
A data or application steward is a person (or a team of people) who is responsible for the technical management of the data, files, databases, computers, and computer storage within which the data and information used by University of Nebraska personnel (and ultimately owned by the NU Board of Regents) are stored and the computer networks across which this data and information traverses.
Historically, a data steward is not a user of the data but is, generally, responsible for ensuring that the data is organized as efficiently as possible and accessible to all authorized users.
A user of data, information systems, programs or databases is a person (or a team of people) who is, generally, tasked with making decisions and performing subsequent activities based upon the data, information system, program or database.
Historically, a user is not expected to know or understand how the data is organized or even where the data resides but rather is usually considered to be the most knowledgeable person on campus when it comes to the content, use, and integrity of the data itself.
1.4 Managers (of Users)
A manager is a person who supervises users or manages a business process which requires user input and/or usage of University data, files, or databases.
While some managers are periodic users of data, many managers are not users of data at all. Most managers, however, are responsible for assessing users’ technical abilities, training needs, and educational requirements in addition to being responsible for the physical security of the users’ work area.
A manager may or may not be the functional data owner.
1.5 Information Service Providers
An information service provider is a department, team or outsourced organization that is responsible for maintaining the user’s data, computer systems, programs, databases and/or computer network.
In addition to each campus’ central information technology services departments, any campus department or College that manages information resources on behalf of University faculty, staff or students should be considered to be an Information Service Provider.