IAM in Service Catalog
The UW Person Directory Service provides standard, read-only LDAP access to a person's online UW identification, affiliations, and contact information.
The Person Directory contains person data obtained from institutional sources such as the Person Registry, Workday, SDB and Advance databases. Basic identification and affiliation data is available for all UW members and affiliates. Additional data is available for UW employees, students, and alumni. Data is searchable by official UW identifiers. Access requires registration and is restricted to authorized applications. New applications are strongly encouraged to use PWS instead of the Person Directory Service.
The Person Directory is described in the following table:
UW Person Directory Service
389 (standard LDAP port)
All binds require authentication.
All data is updated at least nightly
5 minute idle timeout
Results constrained to 500 matches
Search by common UW identifiers, e.g.
• Person Attribute summary (below)
Any LDAP client that supports one the required authentication methods can be used to retrieve data from the Person Directory.
As an institutional resource the Person Directory is subject to UW policies regarding information access, use, and protection. Access to the Person Directory is provided to UW applications in support of business and academic functions, not directly to end-users. Registration of client applications is required. A request for access must include information about the client application to ensure that access policies are appropriately applied. This includes:
In addition, other information (such as client software type) is requested so our support team can better assist directory customers.
For client authentication the Person Directory requires SSL client certificates issued by the UW Services CA. Access is controlled based on the DNS name in the client certificate. The DNS name in this certificate is included in the registration request.
It is preferable to use a DNS name that represents the application itself. In particular if a client application is running on a replicated cluster, registration should be done once using the DNS name of the application rather than separately for each cluster host system (the certificate and private key can be copied to each of the cluster members). See Managing DNS Names For Infrastructure Services Access.
Attribute sets are defined based on data source and sensitivity. Refer to the Person Directory Attribute Reference for a short description of individual attributes.
Attribute classes (Attribute names)
We welcome questions and discussion concerning the Person Directory and the nature of its data. Discussion helps clarify the ways the directory can be used and also helps define directions for future development. Please contact us at email@example.com.