Click here to receive your FREE subscription to Campus Technology

Home > Privacy Drives Directory Work at Northwestern

Focus

Privacy Drives Directory Work at Northwestern

9/20/2007

By Dian Schaffhauser
Even though FERPA, the Family Educational Rights and Privacy Act, was signed into law in 1974, campuses continue struggling with how to control the distribution of information on students in ways that comply with the federal regulations. At Northwestern University in Evanston, IL, with about 14,000 students, that challenge has included how to get its multiple directories coordinated in a way that would prevent a "mistaken" network administrator from inadvertently releasing student data that should have remained private. At the end of this month Northwestern's Director of IS Architecture, Tom Board, hopes to see the completion of a two-year project that will finally address that concern.

In the mid-'90s the campus developed an LDAP-based identity management program that takes information from two "authoritative" sources, the HR and student record systems, and uses that to create, maintain, and retire identities used by the e-mail, VPN, and most other administrative systems of the university.

Forests and the Trees
When Microsoft first introduced Active Directory in Windows 2000, said Board, individual schools within Northwestern, as well as divisions such as Student Affairs and the Office of Alumni Relations and Development, set up their own forests ... "for productivity purposes." Eventually, the count reached 18. But none of those forest owners wanted to tackle the job of deciding who should or shouldn't reside in the individual directories.

"I would have loved to have gotten away with having only a central AD forest and none of these other forest instances," said Board. "But the businesses of each portion of the university are sufficiently different and the problems and capabilities they're trying to solve or highlight different enough that separate forests end up being the best solution."

So Board's group developed a central AD forest that mirrored the information in the LDAP directory for those instances when somebody needed to know everyone in the institution. The team also wrote software that used a Windows NT API to manage the addition and removal of users into and out of the forests. "The identity system talked to LDAP, the central AD forest, and the 18 AD forests as separate targets," said Board.

Two problems surfaced. First, the NT 4.0 API was eventually deprecated by Microsoft, which meant its future was doubtful. Second, the home-grown code that used the API was limited in its capabilities. "It was never capable of transferring more than a name and password and some fairly fragile group information," Board said. That meant the individual schools and divisions (and even potential enterprise-wide applications like Exchange and SharePoint) couldn't access other vital information about the student.

Building a New Solution
To address the limitations, the school put out an RFI to find third-party solutions that could replace the NT API.

Recommended Reading
  • Business Intelligence Tool Means Healthy Data at UVA

    University IT groups will recognize the challenge of combining disparate data from more than one department in order to create meaningful reports for various users. At the University of Virginia Department of Medicine, which is overseen by UVA's School of Medicine, data was coming from two very different accounting systems, which meant problems for faculty members whenever they needed to run reports.

  • Exec Describes Microsoft's 'Social Networking' Vision

    A Microsoft executive involved with the company's Windows Live efforts outlined some of the company's ideas about cloud-based computing and social networking technologies Tuesday. The talk was presented by Brian Hall, general manager of the Windows Live Business Group, at the 2008 Merrill Lynch Technology Conference May 6.

  • Graduate School, USDA Standardizes on Adobe Acrobat Connect Pro for E-learning

    The Graduate School, USDA has standardized on Acrobat Connect Pro, a Web conferencing and e-learning platform from Adobe Systems. The school is a self-sustaining government entity created 87 years ago by the United States Department of Agriculture to provide adult continuing education.

  • Texas A&M System Signs Distribution Deal for Virtual Clinical Learning Lab

    Texas A&M University has signed a license agreement with BreakAway Ltd., a developer of game-based technology, for the worldwide rights to Pulse!! The Virtual Clinical Learning Lab. Pulse is a federally funded project in development at the Corpus Christi campus that allows medical professionals to practice decision-making protocol and experiential skills on PCs in a virtual hospital setting. The agreement grants BreakAway the rights to develop, market and distribute Pulse.

  • Tegrity Records 325,000 Hours of Lectures

    Ed tech developer Tegrity reported this week that usage of its Campus 2.0 classroom capture system hit record levels last year, including, among other things, capturing 325,000 hours of faculty lectures on Tegrity servers in a 12-month period.

  • JavaOne Keynote: Neil Young Likes Java

    Rock legend Neil Young joined Sun Microsystems' Executive Vice President of Software Rich Green on stage during the opening keynote of the 13th annual JavaOne conference, underway this week in San Francisco.

Related Articles

send e-mail link to articleEmail this article

print this articlePrintable Format