IAM in Service Catalog
This document describes support of UW course groups in the UW groups service, including naming, data integration, data quality, lifecycle, and access control. Course groups are intended to support effective and efficient day-to-day operations of current UW programs designed for students by providing timely, accurate groups representing course membership. Course groups are based on data integration between the student data base (SDB) and the groups service, such that a UW Group ID exists for each course section in SDB, identified by its section, number, curriculum code, year, and quarter, for courses offered during the current quarter and three previous quarters. The groups are updated by continually by enrollment messaging and nightly by reconciliation.
The following table illustrates a couple of course groups:
COMPUTER PRGRMNG I
Instructors for and students enrolled in CSE142A during winter quarter 2010
Instructors for and students enrolled in INFO100a during spring quarter 2010
UW course groups are identified by UW Group IDs that conform to the UW Group Naming Plan. The academic course stem is reserved for these purposes.
For each course section there is a corresponding UW Group ID with the following syntax:
Here 'yyyy' is the 4-digit year and 'qqq' is one of [groups:'win', 'spr', 'sum', 'aut']. The other attributes correspond with the curriculum code, course number, and course section ID, respectively.
Although the Groups Web Service and UWWI Active Directory implement course ids, the Groups Directory LDAP Service (GDS) does not. Instead it uses the individual components, year, quarter, curriculum, number and section, to identify course groups .
The following table summarizes the most relevant aspects of data integration between the SDB and the groups service, related to identifiers, display names, descriptions, memberships, contacts, and access controls.
Data Integration Notes
Group IDs for course groups include time schedule data from SDB (see the UW Time Schedule for reference data).
Group Display Name
Display names for course groups are based on the course title, e.g.
Course group descriptions are incomplete. (See GRP-397)
Group Membership List
Course group memberships include all students and instructors of record. Student memberships are updated live, via event messaging from SDB. Instructor memberships are reconciled nightly. They accurately represent current operational data rather than historical data. Members are identified by UW NetID.
Group Access Controls
Course groups have a membership viewer control that enforces the defined access control policy (see below). Only authorized clients are allowed to view these memberships.
Group Contact Person
Course groups have no owner specified.
Course groups cannot be enabled for use in UW Exchange. This business rule is in place to ensure the privacy restriction on the group memberships, which the current design of the UW Exchange service cannot enforce by itself.
This section summarizes the data quality standards for course groups represented in the groups service.
Data Validation Rules: Validation rules are applied only to ensure that course data conforms to the constraints of the groups data model. Therefore, the accuracy of course groups, including names and memberships, is primarily determined by the quality and validity of the source data provisioned from SDB.
Timeliness of Updates: Under normal operating conditions updates to student enrollment in SDB will propagate to the groups service in five to ten minutes. Instructor changes take effect during the nightly reconciliation.
Defined Error Rates: Overall, the groups service relies on SDB, as the system of record, to define the frequency of errors in course data. However, some discrepancies are expected between SDB and course groups for previous quarters, since updates to previous quarter data are not propagated to the groups service. The groups service maintains previous quarter data based on the membership at the end of the quarter.
Integrity Monitoring: The integrity of course data is ensured during secure transport between SDB and the groups service. Physical, system, and administrative controls are used on the groups service to maintain integrity.
Reliability: Course groups are provisioned from SDB using a process monitored to ensure reliability and availability of the groups. The reliability of course groups, once provisioned, is that of the groups service itself: 24 hours a day, 7 days a week, with rare exceptions.
The following lifecycle policy provides advanced notification of course group availability to help customers make informed information technology decisions, anticipate deprovisioning, identify other business needs, and provide feedback.
Lifecycle Policy: The lifecycle policy for course groups retains group data for three quarters. That is, at any given point in time, the groups service will include course groups for the current quarter, three previous quarters, and any future quarters are in the SDB . Course groups that are four or more quarters old are deleted.
A daily monitoring process detects a change in the current quarter, as defined by SDB, and purges the newly expired, year old, quarter's groups.
The Registrar classifies course group membership lists as confidential and FERPA protected. Access is therefore limited to authorized users in support of official business and academic functions. Students are authorized to view course group membership lists for the courses in which they have enrolled. Registration of non-person client use is required and is subject to approval from the Office of Student Academic Data Management.
To request access to UW course group memberships, download, fill out, and submit the "UW Directories - Student Data" form required by Academic Data Management. On the form, check "Groups Directory Service / Courses" for access to UW course group memberships via the Groups Web Service browser interface, the Groups Web Service REST API, or via secure, authenticated LDAP to the Groups Directory Service; also check "UW Windows Infrastructure" if you need access to UW course group memberships via UWWI Active Directory. Fill out the rest of the form and then submit it to Academic Data Management (reptreq@u). Upon approval, Academic Data Management will authorize UW-IT to enable appropriate access.