Click here to receive your FREE subscription to Campus Technology

Home > Privacy Drives Directory Work at Northwestern

Focus

Privacy Drives Directory Work at Northwestern

9/20/2007

By Dian Schaffhauser
Even though FERPA, the Family Educational Rights and Privacy Act, was signed into law in 1974, campuses continue struggling with how to control the distribution of information on students in ways that comply with the federal regulations. At Northwestern University in Evanston, IL, with about 14,000 students, that challenge has included how to get its multiple directories coordinated in a way that would prevent a "mistaken" network administrator from inadvertently releasing student data that should have remained private. At the end of this month Northwestern's Director of IS Architecture, Tom Board, hopes to see the completion of a two-year project that will finally address that concern.

In the mid-'90s the campus developed an LDAP-based identity management program that takes information from two "authoritative" sources, the HR and student record systems, and uses that to create, maintain, and retire identities used by the e-mail, VPN, and most other administrative systems of the university.

Forests and the Trees
When Microsoft first introduced Active Directory in Windows 2000, said Board, individual schools within Northwestern, as well as divisions such as Student Affairs and the Office of Alumni Relations and Development, set up their own forests ... "for productivity purposes." Eventually, the count reached 18. But none of those forest owners wanted to tackle the job of deciding who should or shouldn't reside in the individual directories.

"I would have loved to have gotten away with having only a central AD forest and none of these other forest instances," said Board. "But the businesses of each portion of the university are sufficiently different and the problems and capabilities they're trying to solve or highlight different enough that separate forests end up being the best solution."

So Board's group developed a central AD forest that mirrored the information in the LDAP directory for those instances when somebody needed to know everyone in the institution. The team also wrote software that used a Windows NT API to manage the addition and removal of users into and out of the forests. "The identity system talked to LDAP, the central AD forest, and the 18 AD forests as separate targets," said Board.

Two problems surfaced. First, the NT 4.0 API was eventually deprecated by Microsoft, which meant its future was doubtful. Second, the home-grown code that used the API was limited in its capabilities. "It was never capable of transferring more than a name and password and some fairly fragile group information," Board said. That meant the individual schools and divisions (and even potential enterprise-wide applications like Exchange and SharePoint) couldn't access other vital information about the student.

Building a New Solution
To address the limitations, the school put out an RFI to find third-party solutions that could replace the NT API.

Recommended Reading
  • Moodle Gets SCORM Improvements, Security Fixes

    New versions of Moodle have been released, bringing the most recent stable build to 1.9.3. The latest round of updates includes a number of bug fixes and security enhancements, as well as improvements to the SCORM module.

  • Free 'Morro' Antivirus To Replace Microsoft OneCare

    Microsoft is rolling out a free antivirus software program for consumers that will compete with products made by Symantec and McAfee. Code-named "Morro," the AV app is expected to be available by the end of 2009.

  • Microsoft Demos New SQL Server Features at PASS

    Microsoft Wednesday previewed the ability to centrally manage applications and resources in the planned upgrade of SQL Server, code-named "Kilimanjaro."

  • Microsoft Unveils Exchange and SharePoint as Services

    Microsoft exec Stephen Elop on Monday announced two hosted solutions from Microsoft--Exchange Online and SharePoint Online--which are now available to organizations of all sizes in the United States. The software, paid for by annual subscriptions, is hosted on Microsoft's servers and supported by Microsoft's channel partners.

  • 6 Ways Not To Become Rote Using Instructional Technology

    There are, in my experience, six strategies to consider with any use of technology that will guard against rote use of technology and facilitate critical analysis of teaching and learning effectiveness. In this article, I'll share with you the checklist I work with and encourage others to work with in learning about and using new technology.

  • Bringing Student Web "Stuff" to Campus Enterprise Systems

    How can an institution incorporate Web 2.0 learning opportunities for students, and evidence of learning from those opportunities, into existing campus technologies and processes? PlugJam is providing part of the answer.

Related Articles

send e-mail link to articleEmail this article

print this articlePrintable Format