Bert Bee-Lindgren [Technical Lead, In-the-weeds]Greg Phillips [EIS Director]
The Georgia Tech Enterprise Directory (GTED) an LDAP directory to house information about Georgia Tech's computer accounts and the people who use them. GTED is the primary data-storage component of its parent Campus-IAM project.
Unlike many other directories on campus, GTED is built to underpin the people- and account-information needs of IT systems; not to serve end-users' need to lookup phone numbers or email addresses. To summarize the details available here, GTED is a tool for IT systems to understand, provision, and authorize both departmental and central computer accounts. GTED also offers the abilities for departments to override, modify or enhance the data known about their people and accounts.
Project 1: The first phase of GTED's service is in production. This includes the attributes and objects described in GTED Schema Description, but generally includes information about all people and computer accounts known to Banner, PeopleSoft and Mage. The system has been used by early adopters since January, 2007 and is now available for use by departmental applications and IT systems.
Project 2: We are currently scoping and prioritizing a series of extensions and improvements to GTED as well as within the IAM service family.
While the official process is started with the GTED Service Signup Form (link forthcoming), it asks for several details about the data your systems require.
Therefore, we recommend the following approach:
Once the request form is received, the requester, the GTED team and the data stewards work together to understand, document, and (hopefully) approve access. Once data-stewardship approvals are made, GTED credentials and data access will be granted. Please note that data-access requesting and approval is between the requester and the data stewards; the GTED team's role is to facilitate: map IT needs into business data by clarifying any questions about from where GTED data is derived.
GTED Goals and Differences between GTED and other (GT) Directories
While Georgia Tech has many LDAP directories and other data sources already, GTED has many useful aspects not previously found together at Georgia Tech:
||Changes to data within Banner, PeopleSoft and Mage are available from GTED within minutes.
||GTEDconforms to IETF and EduCause schema standards (inetOrgPerson andeduPerson) so off-the-shelf applications can use the data within thedirectory without modification.
|Normalized data and people
||GTEDpulls information about individuals together into a person-registry.People with multiple roles across campus are stored as individuals, notas multiple individuals.
|Guests||Guests created and sponsored within Passport are reflected within GTED.
Besideslacking GTIDs, having sponsors and lacking student or employmentrecords, these individuals are not otherwise structured differentlythan any other campus member. Therefore, if desired, services tied intoGTED can easily authorize and serve guests.
||Eachdepartment has a branch within GTED where the objects are populated andmaintained by the GTED service, but where applications with thedepartment can modify them: overriding or defining data elements.
||New,department-specific attributes can be stored within centrally managedGTED servers. This is expected to greatly reduce the need fordepartment-specific databases or directories, eliminating significantmaintenance costs, security risks and user frustration.
||Asmentioned above, GTED is rapidly updated with changes to centrallyknown data (from Banner, PeopleSoft, Mage, etc). However, departmentscan disable updating of (and create local definitions of) most of anindividual's attributes.
||GTEDis deployed on multiple servers and power feeds. Its availability willincrease as servers are deployed to different corners of campus as wellas to remote campuses.
|Current and historical course information
||Allof an individual's course registrations, dorm residences and instructorassignments are available for use with application authorization rules.Also, Active and Upcoming courses are separately available for usewithin authorizations that are consistent across semesters.
Note: there are several data elements which are not stored historically.
||GTED contains information about all the jobs an individual may have with different GT departments.
|Complete Account information
||Allof an individual's accounts are present within GTED and are documentedaccordingly. This includes primary and 'departmental' GT accounts aswell as accounts issued by departments imported into or synchronizedwith GTED.
||Over theyears, GT departments have issued conflicting usernames to theirconstituents: The 'jdoe' account in ISyE might be owned by a differentperson than 'jdoe' in CoC. GTED's organization into departmentalbranches allows all these accounts to coexist. The use of GTED does notrequire any changes to usernames.
|Federation||Asan eduPerson-compliant directory, it is most likely that GTED'sreflection of GT Accounts will be the first to be supported by any GTShibboleth infrastructure. It is not known when Shibboleth (or otherFederation technologies) will be deployed.
||Whileindividuals at GT have (at most) two published email addresses, GTEDwill store all email addresses stored for individuals within itsconnected data sources.
Please use Footprints to report GTED service failures or access problems:
OIT Operations can investigate and contact a service engineer 24x7: 404-894-4669.
Joining and posting to the firstname.lastname@example.org mailing list is probably the best place for "How do I do xyz?" or similar questions.
||scheduled downtime frequency
binding and reading data
||First Sat of month
|GTED Data maintenance
Please see the related items listed below for more details.