IAM

From WikiEducator
Jump to: navigation, search

Identity and Access Management (IAM)Project Page

This page is for the development and sharing of ideas concerning IAM for the NZ Ministry of Educations MLE Project.

User Scenarios

Icon objectives.jpg
Objective
The purpose of these scenarios is to assist in developing accurate IAM user requirements that can then be used to create specifications. Requirements developed from these scenarios


Scenario # 1




Icon casestudy.gif
Case Study
School A
  • is not in a cluster
  • has the LMS Moodle hosted onsite
  • has a SMS onsite


Learner requirements

  • Single Sign On to Moodle, Schoolzone email, plus other applications?? (browser session-based)
  • Is able to change own password


School Administrator requirements

  • Control Panel that allows, user disablement, changing of user passwords, allow/disallow user to change passwords, enable/disable applications available for SSO
  • Provisioning of user accounts in Moodle and other SSO applications using data from SMS
  • Able to add and remove applications to SSO 'group'
  • User details (where applicable) are obtained automatically from SMS
  • User list is synchronous with user list in SMS
  • Staff accounts are handled in same way as pupils
  • Roles are available that allow granularity of permissions in different SSO applications
  • Able to add users who are not in the SMS



Scenario # 2




Icon casestudy.gif
Case Study
School B

As school 'A' but:

  • is in a cluster of 11 schools
  • has the LMS Moodle hosted offsite (must allow for hosting to be by organisations other than vendors). The Moodle instance is shared between all 11 cluster schools
  • has a SMS onsite


Learner requirements

  • Same as school 'A'


School Administrator requirements

  • Same as school 'A' plus:
  • Require attributes of school B users to be editable only by school B admin (apart from users being able to edit their own password)



Scenario # 3




Icon casestudy.gif
Case Study
School C
  • is not in a cluster
  • has the LMS Knowledgenet/myclasses/spike@school/Ultranet/Moodle hosted by a vendor
  • has a SMS onsite


Learner requirements Same as school 'A' i.e.:

  • Single Sign On to Moodle, Schoolzone email, plus other applications?? (browser session-based)
  • Is able to change own password


School Administrator requirements

  • Control Panel that allows, user disablement, changing of user passwords, allow/disallow user to change passwords, enable/disable applications available for SSO
  • Provisioning of user accounts in Moodle and other SSO applications using data from SMS
  • Able to add and remove applications to SSO 'group'
  • User details (where applicable) are obtained automatically from SMS
  • User list is synchronous with user list in SMS
  • Staff accounts are handled in same way as pupils
  • Roles are available that allow granularity of permissions in different SSO applications
  • Able to add users who are not in the SMS


Scenario # 4




Icon casestudy.gif
Case Study
School D

As school 'A' but:

  • Does not have an LMS onsite or offsite
  • has a SMS onsite


Learner requirements

  • Single Sign On to Schoolzone email, plus other applications?? (browser session-based)
  • Is able to change own password


School Administrator requirements

  • Same as school 'A' minus reference to Moodle/LMS




Scenario # 5




Icon casestudy.gif
Case Study
School E
  • is not in a cluster
  • has its own choice of LMS (Blackboard/Angel/FirstClass/...)
  • has a SMS onsite
  • uses Google Apps for student email
  • uses Google Apps for Student ePortfolios


Learner requirements Same as school 'A' i.e.:

  • Single Sign On to SMS, LMS, (browser session-based) with Windows Domain credentials used where available for browser SSO
  • Is able to change own password
  • Consistency of SSO behaviour across multiple web browsers and devices (inc iPhones, PDAs etc)


School Administrator requirements

  • Control Panel that allows, user disablement, changing of user passwords, allow/disallow user to change passwords, enable/disable applications available for SSO
  • Control Panel that shows user last login to each application
  • Provisioning of user accounts in LMS and other SSO applications using data from SMS
  • Able to add and remove applications to SSO 'group'
  • User details (where applicable) are obtained automatically from SMS
  • User list is synchronous with user list in SMS
  • Roles are available that allow granularity of permissions in different SSO applications