Software Requirements
Problem Statements
- The Enterprise Directory system does not have a unified management console. This system consists of:
- ED-Lite,
- ED-Auth,
- ED-ID,
- the Registry, and
- other systems
Definitions
- UID
- the unique identifier for a record in the Registry
- authID
- the identifying string assigned to a Person record in the Registry, which is either
- GuestID for a Guest Person, or
- UUPID for all other Person Types
- the identifying string assigned to a Person record in the Registry, which is either
- UUGID
- the identifying string assigned to a Group record in the Registry
- UUSID
- the identifying string assigned to a Service record in the Registry
- UUMID
- the identifying string assigned to an Email account in the Registry
Functional Requirements
Note: All management functions are initiated by performing a query and selecting one record to manage.
Note: Unless otherwise stated, a management function for updating a field should support deleting the value because the field is not required.
Entitlements
Query Requirements
All queries retrieve from the Registry.
- Ability to query using any combination of the following fields in a single search:
- Entitlement UID
- Entitlement Data (allow wildcards)
- Entitled Person
- Sponsoring Person
- Owning Service
- Ability to display a list of the search result(s) containing the following fields for each match:
- Entitlement Data
- Entitled Person
- Sponsoring Person
- Ability to select a single result from the search results list and display a summary screen containing the following fields:
- Entitlement UID
- Entitlement Data
- Entitled Person
- Service Viewer(s)
- Person Member
- Creation Date
Creation Requirements
- Ability to create a new Entitlement with the following data:
- Entitlement Data
- Owning Service
- Entitled Person
- Sponsoring Person
Management Requirements
- Entitlement Information
- Ability to change the expiration date
- Required once an expiration date is added.
- Ability to change the Service Viewer(s)
- Support multiple service viewers.
- Entitlement Delete
- Ability to delete the Entitlement
- Bypass the normal expiration schedule.
- Entitlement Replication
- Ability to force an enqueue of the Entitlement record for replication
- Ability to set the priority for the replication
Groups
Query Requirements
All queries retrieve from the Registry.
- Ability to query using any combination of the following fields in a single search:
- UUGID
- Contact Person
- Administrator
- Person Member
- Ability to display a list of the search result(s) containing the following fields for each match:
- UUGID
- Contact Person(s)
- Administrator(s)
- Ability to select a single result from the search results list and display a summary screen containing the following fields:
- UUGID
- Display Name
- E-mail Address
- Contact Person(s)
- Administrator(s)
- Person Member(s)
- Group Member(s)
- Service Viewer(s)
- Suppress Display Preference
- Creation Date
- Expiration Date
Creation Requirements
- Ability to create a new Group with the following data:
- UUGID
- Contact Person authID
- Allow single contact person during create processing.
- Additional contact persons can be added via group management.
- Administrator authID
- Allow single administrator during create processing.
- Additional administrators can be added via group management.
Management Requirements
- Group Information
- Ability to set the suppress display preference
- Ability to set the suppress members preference
- Ability to set the expiration date
- Ability to set the display name
- Ability to set the e-mail address
- Related Person(s)
- Ability to change the contact person(s)
- At least one contact person must exist.
- Support multiple contact persons.
- Allow any Person with an authID.
- Ability to change the Person administrator(s)
- At least one administrator must exist.
- Support multiple administrators.
- Allow any Person with an authID.
- Ability to change the Person Manager(s)
- Support multiple managers.
- Allow any Person with an authID.
- Ability to change the Person Member(s)
- Support multiple members.
- Allow any Person with an authID.
- Related Group(s)
- Ability to change the Group Member(s)
- Support multiple members.
- Related Service(s)
- Ability to change the Service viewer(s)
- Support multiple viewers.
- Ability to change the Service administrator(s)
- Support multiple administrators.
- Ability to change the Service Manager(s)
- Support multiple managers.
- Group Delete
- Ability to delete the Group
- Bypass the normal expiration schedule.
- Group Replication
- Ability to force an enqueue of the Group record for replication
- Ability to set the priority for the replication
Name Arbitration
Query Requirements
All queries retrieve from the Registry.
- Ability to query using any combination of the following fields in a single search:
- Name (allow wildcards)
- Namespace
- Ability to display a list of the search result(s) containing the following fields for each match:
- DN
- Data source
- Ability to select a single Permanent Reservation result from the search results list and display a summary screen containing the following fields:
- Reservation Type
- Namespace
- Name
- DN
- Reservation state
- Comments
- Creation Date
- Ability to select a single Temporary Reservation result from the search results list and display a summary screen containing the following fields:
- Reservation Type
- Namespace
- Name
- DN
- Reservation handle
- Creation Date
- Expiration Date
Creation Requirements
- Ability to create a new Permanent Reservation with the following data:
- Name
- Namespace
- Reservation State
- Comments
- Ability to create a new Temporary Reservation with the following data:
- Name
- Namespace
- Reservation Duration
Management Requirements
- Name Information
- Permanent Reservation
- Ability to change the reservation state
- Ability to change the comments
- Temporary Reservation
- Ability to change the expiration date
- Support date entry that includes minutes.
- Reservation Delete
- Ability to delete the Name Reservation
- Bypass the normal expiration schedule.
People
Query Requirements
All queries retrieve from the Registry.
- Ability to query using any combination of the following fields in a single search:
- authID (allow wildcards)
- VT E-mail address (allow wildcards)
- primary address
- alias
- forward
- display
- Virginia Tech ID
- Banner PIDM
- Responsible Person UID
- Person UID
- First name (allow wildcards)
- Last name (allow wildcards)
- Ability to display a list of the search result(s) containing the following fields for each match:
- Person UID
- authID
- Name
- VT Affiliations
- Ability to select a single result from the search results list and display a summary screen containing the following fields:
- Identify Information
- Name(s)
- authID
- Person UID
- Birth Date
- VT Affiliations
- authID Information
- Account State
- Account Transition
- Account Suppression
- Account Creation Date
- Account Expiration Date
- Account Shelve Date
- Password Expiration Date
- Information on latest user actions
- Password Change Date
- Authentication From
- Successful Authentication Date
- Failed Authentication Date
- Number of failed authentication attempts
- Home Information
- Address
- Phone Number
- Entitlement Membership
- Group Membership
- For non-Guest Person Types
- VT E-mail Account Information
- Preferred Address
- Address
- Display Address
- Aliases
- Forwards
- Local Delivery Preference
- Creation Date
- Last Modification Date
- Expiration Notification Date
- Expiration Date
- Identity Information
- Virginia Tech ID
- Banner PIDM
- Employee Information
- Working Title
- Department
- Office Information
- Address
- Phone Number
- Mail Stop
- Student Information
- Last Enrollment Information
- Major
- College
- Campus
- Next Enrollment Term
- Local Information
- Address
- Phone Number
- Mail Stop
- Sponsored Person
- VT E-mail Account Information
- For Guest Person Types
- Responsible Person UID (Inviter)
- Identify Information
Creation Requirements
- Ability to create a new Sponsored Person with the following data:
- First Name
- Middle Name
- Last Name
- Date of Birth
- Responsible Person UUPID
- VT Affiliations
- New UUPID optional
- Ability to create a new Guest Person with the following data:
- E-mail address (3rd party)
- E-mail content for guest invitation
- Responsible Person UUPID
Management Requirements
Note: Unless otherwise stated, a management function is supported for all Person Types.
- Overall
- Updates to Person record data must be logged, including at least:
- UID of person invoking the management function
- UID of the Person record being managed
- Type of update
- Updates to Person record data must be logged, including at least:
- UUPID
- Ability to assign a UUPID
- Does not apply to Guest person.
- Person record must not have a UUPID already.
- UUPID choices must include
- a set of generated choices, which have been reserved using the Name Arbiter, and
- user-entered choice.
- Selected UUPID must be reserved using the Name Arbiter before creation.
- A temporary password, which need not obey the PID password requirements, must be assigned at Account creation time.
- Ability to rename a UUPID
- Does not apply to Guest Person.
- VT primary email account must not exist for the selected Person record.
- authID
- Ability to change the shelve date.
- Account state must be Active or Locked.
- Allow add and update.
- Deletion of existing shelve date is not supported.
- Ability to change the state of the Account based on the rules in the account state management document.
- Account state is required.
- Ability to delete the Account
- Account must be in a state supporting deletion.
- Password (Allow password management for all Person Types with an authID assigned)
- Ability to reset the password
- Account state must be Active.
- Password is required.
- Ability to unlock the password.
- Account state must be Locked.
- Person Information (Does not apply to VT Person Type)
- Ability to change the name information
- First name, middle name, and last name
- Last name is required once name information is added.
- Ability to change the date of birth
- Required once a date of birth is added.
- Ability to change the VT Affiliations
- Ability to change the Responsible Person
- Address
- Ability to manage all types of addresses
- Ability to change, for all address types
- Street 1
- Street 2
- Street 3
- PO Box
- Mail Stop
- City
- State / Province
- Postal Code
- Country
- Primary phone number
- E-mail (Does not apply to Guest Person Type)
- Ability to create a new e-mail account of type
- Virginia Tech
- Carilion
- Allow at most one per Person.
- Person must have an assigned UUPID in Active state.
- E-mail address local part must be the UUPID.
- Administrative
- Allow multiple per Person.
- Person authId not required for auxiliary.
- Ability to create a new e-mail account of type
- Forward-Only
- Allow multiple per Person.
- Person authId not required.
- Ability to change, for all e-mail account types
- Aliases
- E-mail account must be in active or expired state.
- Supported modifications include
- add / delete aliases
- set maximum number of aliases
- Forwards
- E-mail account must be in active or expired state.
- Supported modifications include
- add / delete forwards
- set maximum number of forwards
- Local Delivery Preference
- Preferred e-mail address
- Display e-mail address
- Ability to change the state of all e-mail account types
- For Account state of Active or Locked
- expire e-mail account
- delete e-mail account
- purge e-mail account
- For Account state of Active
- renew non-active e-mail account
- Person Delete
- Ability to delete/archive the Person
- Bypass the normal account transitions and deletion schedule.
- Person Replication
- Ability to force an enqueue of the Person record for replication
- Ability to set the priority for the replication
Services
Query Requirements
All queries retrieve from the Registry.
- Ability to query using any combination of the following fields in a single search:
- UUSID (allow wildcards)
- Contact Person
- Administrator
- Viewable Attribute
- Ability to display a list of the search result(s) containing the following fields for each match:
- UUSID
- Contact Person(s)
- Administrator(s)
- Ability to select a single result from the search results list and display a summary screen containing the following fields:
- UUSID
- Account State
- Creation Date
- Expiration Date
- Service Type
- Contact Person(s)
- Administrator(s)
- Viewable Person Attribute(s)
Creation Requirements
- Ability to create a new Service with the following data:
- Service Certificate
- Valid certificate is required.
- UUSID of the Service is determined by the subject CN of the certificate.
- Expiration Date of the Service is determined from the expiration date of the certificate.
- Contact Person authID
- Allow single contact person during create processing.
- Additional contact persons can be added via service management.
- Administrator authID
- Allow multiple administrators during create processing.
- Service Type
- Viewable Person Attributes
Management Requirements
- Service Information
- Ability to set the service account state
- Ability to set the service type
- Contacts and Administrators
- Ability to change the contact person(s)
- At least one contact person must exist.
- Support multiple contact persons.
- Allow any Person with an authID.
- Ability to change the Administrator(s)
- At least one administrator must exist.
- Support multiple administrators.
- Allow any Person with an authID.
- Ability to change the contact person(s)
- Viewable Person Attributes
- Ability to add and remove attribute(s)
- Service can have no attributes.
- Service Certificate
- Ability to add and remove certificate(s).
- At least one certificate must exist.
- Support multiple certificates, which must have the same subject CN.
- Service Delete
- Ability to delete the Service
- Bypass the normal expiration schedule.
- Service Replication
- Ability to force an enqueue of the Service record for replication
- Ability to set the priority for the replication
Access Control Requirements
- Ability to control access to each piece of functionality in these requirements.
Nonfunctional Requirements
- Must be written as a clustered web application.