Through the Identity and Access Management (IAM) program, departments can create secure web applications with current identity-related data in a single sign-on environment (most commonly by using Shibboleth). This allows departments to authenticate and authorize users and personalize web applications without managing a local password process. Also it enhances the protection of personal information by reducing the need for maintaining identity-related information in departmental databases. Instead the Identity and Access Management program stores official identity-related information in a central, highly secure and controlled system called the Global Directory Service.
Many attributes or types of personal information are currently available through the Global Directory Service.
Making an Attribute Access Request
The Attribute Access Request (AAR) process outlined below is the method through which departments request the data needed to support their web applications. The process assures appropriate use and protection of the personal information maintained in USC’s Global Directory Service.
- The department contacts IAMemail@example.com to request a meeting with representatives of ITS and the USC IAM Steering Committee (IAMSC).
- The department completes the Application Data Requirements (ADR) form.
- In the course of the meeting, the Attribute Access Request (AAR) form is completed.
- The AAR is reviewed by the appropriate data stewards, who may ask for additional information about the request.
- Review of the AAR is then scheduled for the next IAMSC meeting. A representative of the requesting department is expected to attend, to present the request and respond to questions by the committee. The Committee may approve the request at that meeting, or ask for additional information. The IAMSC meets every three weeks.
- The IAMSC decision is recorded and the approved AAR is forwarded to the IAM team in ITS for implementation. The technical set up of the request takes between two and five business days.
Making a Minor Attribute Modification
Existing configurations may be modified to transition between hostnames, upgrade technology, or obtain other minor tweaks which do not need an update to the requirements documentation. To request a minor modification, please submit a Routine Change form.