IAM in Service Catalog
This document describes support for curriculum groups in the UW groups service including naming, data integration, data quality, lifecycle and access control.
Curriculum groups represent all the students and instructors of record for all the courses within a particular curriculum for a particular year and quarter.
These institutional groups are based on data integration between the student data base (SDB) and the groups service. They are updated nightly, Sunday through Friday.
Curriculum groups are created by request. To request curriculum groups for your department, email email@example.com.
The following table illustrates several curriculum groups from the hierarchy representing the ART curriculum:
ART Course Students and Instructors
Students and instructors of record for all courses in the ART curriculum for the current quarter
ART Course Students and Instructors, previous or next quarter
Students and instructors of record for all courses in the ART curriculum for the previous or next quarter
ART Course Students
Students for all courses in the ART curriculum for the current quarter
ART Course Students, previous or next quarter
Students for all courses in the ART curriculum for the previous or next quarter
ART Course Instructors
Instructors of record for all courses in the ART curriculum for the current quarter
ART Course Instructors, previous or next quarter
Instructors of record for all courses in the ART curriculum for the previous or next quarter
ART Course Students and Instructors Summer 2012
Students and instructors of record for all courses in the ART curriculum for Summer 2012
ART Course Students Autumn 2012
Students for all courses in the ART curriculum for Autumn 2012
ART Course Instructors Autumn 2012
Instructors for all courses in the ART curriculum for Autumn 2012
Curriculum groups are identified by UW Group IDs that conform to the UW Group Naming Plan.
The following stem is reserved for them:
Each curriculum with groups has the following groups:
Additional groups identify membership by year and quarter:
Here <yyyy> is the 4-digit year and <qqq> is either "win", "spr", "sum" or "aut" corresponding with the term.
The following table summarizes the most relevant aspects of data integration between the SDB and the groups service, related to identifiers, display names, descriptions, memberships, contacts and access controls.
Data Integration Notes
Group IDs for curriculum groups include curriculum codes from SDB.
Group Display Name
Curriculum groups include curriculum codes, year, and quarter in the group display name, e.g.:
Curriculum group descriptions not only describe the groups but also communicate appropriate use guidelines:
Group Membership List
Curriculum group memberships are reconciled nightly, Sunday through Friday, to accurately represent current operational data rather than historical data. Members are identified by UW NetID in the groups identified by year and quarter. These groups are nested as members of the other groups to avoid duplicating the same source memberships in multiple groups.
Note: Students without a UW NetID are not included in the membership lists.
Group Access Controls
Curriculum groups have a membership viewer control that enforces the defined access control policy (see below). Only members of the uw_employee group and u_groups_curriculum_read-access group are authorized to view these memberships.
Group Contact Person
Curriculum groups have no owner specified.
Curriculum groups cannot be enabled for use in UW Exchange. This business rule is in place to ensure the privacy restriction on the group memberships, which the current design of the UW Exchange service cannot enforce by itself.
This section summarizes data quality standards for curriculum groups represented in the groups service.
Data Validation Rules: Validation rules are applied only to ensure that data integrated from SDB conforms to the constraints of the groups data model. Therefore, the validity of the values for curriculum group IDs, names and memberships is primarily determined by the validity of the source data provisioned from SDB and the validation rules applied upstream of the groups service.
Timeliness of Updates: Under normal operating conditions, once data is updated in SDB, updates will propagate to the groups service every Sunday night through Friday night.
Defined Error Rates: Overall, the groups service relies on SDB, as the system of record, to define the frequency of errors in curriculum data. However, some discrepancies are expected between SDB and curriculum groups for previous quarters, since not all updates to previous quarter data are propagated to the groups service. The groups service maintains previous quarter data based on the last time it was included in the source data feed.
Integrity Monitoring: The integrity of curriculum data is ensured during secure transport between SDB and the groups service. Physical, system and administrative controls are used on the groups service to maintain integrity.
Reliability: Curriculum groups are provisioned from SDB using a process monitored to ensure reliability and availability of the groups. When abnormalities such as potentially corrupt or incomplete data feeds are detected during the provisioning process, updates are not applied until the abnormalities are reviewed. The reliability of curriculum groups, once provisioned, is that of the groups service itself: 24 hours a day, 7 days a week, with rare exceptions.
The following lifecycle policy provides advanced notification of curriculum group availability to help customers make informed information technology decisions, anticipate deprovisioning, identify other business needs and provide feedback.
Lifecycle Policy: The lifecycle policy for curriculum groups retains group data for three quarters. That is, at any given point in time, the groups service will include curriculum groups for the current quarter and three previous quarters, plus any future quarters (when available). Curriculum groups that are four or more quarters old will be deleted.
The method for determining the current quarter is to transition from one quarter to the next on the Thursday before the first day of each new quarter, with no transition between summer A and B terms. This schedule also determines when the older groups will be deleted.
Classification: The Registrar classifies curriculum group data as FERPA protected. This restricted classification forms the basis of the following access control policy and appropriate use guidelines. It is also the basis of the required membership viewer control and group description text (both above).
Access Control Policy: Having considered the privacy, security and compliance concerns and acknowledging the business needs and widespread operational efficiencies enabled via curriculum groups, the Registrar has established an access control policy that grants permission to view curriculum group memberships to all UW employees (i.e. current faculty, staff and student employees) as well as processes acting on behalf of UW employees. Non-employee access (including students, affiliates and other third parties) may be authorized by the Office of the Registrar on a case-by-case basis, based on establishing a business need and/or an appropriate data sharing agreement.
Appropriate Use Guidelines: Use of curriculum groups is subject to the following appropriate use guidelines. Permission to view curriculum group memberships is granted on the condition that authorized clients use the memberships for appropriate business purposes in support of programs designed for students. Authorized clients are responsible for enforcing the defined access control policy (above) and may not share curriculum group memberships with non-employees without first obtaining authorization to do so. Copying and posting the membership of a curriculum group in a public location, or sending the membership via email, is unadvised and may violate the access control policy. Curriculum groups may be used in limited ways to contact students in support of programs designed for students. All users are expected to know and follow the rules related to ethical and appropriate use of UW computing and networking resources. These rules include guidelines on email use that apply to the use of curriculum groups with email.