Alumni Association Network Services

1. Overview

This document is to summarize some of the email exchange that has occured between Computing Services and Alumni Relations. I hope it will facilitate the upcoming meeting between our groups.

I have noticed that currently http://www.cmu.edu/alumni implements a set of these services but I have included them in this discussion as the process of automating Email Forwarding for Life requires some support infrastructure which can be extended to other services.

However, if Alumni Relations is willing to designate an individually to be responsible for obtaining, maintaining, and updating the information as necessary, then much of this infrastructure is not required.

2. Services

The services to be provided include the following items.

Email Forwarding - This has also referred to Email For Life. This service will provide an email address associated with CMU, such as jsmith@alumni.cmu.edu. This address; however, is just an alias and would forward any incoming mail to a specified address. The user would not be using CMU resources to actually read or store email.
Directory Services - This will enable an alum to be able to find information about other alumni either by searching or by browsing.
Email Mailing Lists - This will permit individuals to communicate with a specified grouping of alumni in an easy fashion.
Web Content - This will allow Alumni Relations to provide content on the web. In particular, the assumption is that there will be publically available content as well as pages that should be restricted to alumni only.
Chat Rooms - This will provide a mechanism for alumni to communicate in a more interactive "real-time" manner.

Implementation notes:
It would be useful to understand the priority of these items and know if there are other services not enumerated that need to be considered.

3. Issues

Authentication - A user must be identifiable as a valid user when they come in over the network. This means we need to deal with validation of the user and then the creation of a userid and password (or equivalent).
Validation is the really tricky part. Assuming that it is not acceptable to require the alum in question to show up in person, how do we prove the users are who they claim to be?
Data Maintenance - The data on the machine needs to be kept up to date with external sources. It may be desirable for the user to update his information and that update propagate back to the central databases.
Invalid data may be automatically updated. For example, if the destination email forwarding address is unavailable for a specified length of time, the forwarding ceases and the directory information is updated.
Death - Upon notification of death, services should be terminated in a reasonable manner (both technically and politically).
Policies - Acceptable use policies need to be set. For example, acceptable use of the data provided; behavior in the chat rooms or mailing lists; use of the email identity; etc. Similarly, a privacy statement to the user is probably desirable.
Systems Maintenance - Operating system, web, email, and other software needs to be kept up to date to ensure proper functionality and a stable service. Monitoring also needs to be done to detect problems as they arise.
User Maintenance - There may be the occasional need for users to interact with staff at CMU. Specific examples may include forgotten passwords, assistance using the services, etc.

4. Possible Implementation

4.1. Initial User Contact

The following methods could be used to provide an "entry code" for the alum:

A paper mail mailing can be made to the known addresses of alum with the entry code.
During Homecoming/Carnival, alum can visit a staffed location, present ID and receive the entry code.
Alum can send a notarized letter to the alumni office asserting that the address or email provided is valid and an entry code will be sent.

This may also be an opportunity to receive updates regarding people who normally would not update this information.

Implementation notes:
The third item is bordering on the paranoid side of things. However, what is the risk of allowing someone to impersonate another alum?

I suspect the entry code will be something of the form of numbers and digits. Ideally short enough to be easy to remember/communicate but long enough to be unique. This also depends on whether or not the entry code is meant to be temporary or reusable.

There was a mention that the last 4 digits of a SSN can be used. We actually keep the SSN of alum?

We should be able to import the existing user base from the current Alumni Association Online Directory.

We can also facilitate graduating students registering for this before they leave campus. If this is desirable, then when can a student actually register? After paying tuition for the first semester?

4.2. User Creation

With the entry code, the user goes to the web site http://www.cmu.edu/alumni and clicks on "Create New User".

This screen can allow the user to:

Create their own userid where the name is on a first-come, first-serve basis.
Provide an email forwarding address.
Update their personal/contact information.
Join any mailing lists or request not to be included in any.
Specify what information is to be made available to other alumni and what is not. For example, in the directory listing, does only their Name and graduation info show or are they will to list their address and/or phone number.

Implementation notes:
I presume we can import the current users without too much difficulty.

Depending on the sensitivity of the data served, email can be sent to the forwarding address with a reminder of the userid and password to access this system.

Once a user chooses a userid@alumni.cmu.edu, it would be best if the user could not change it. If a user can change this ID, that means we either allow the system to become inconsistent (foo@alumni.cmu.edu used to go to John Foo) or we deny John Foo access to foo@alumni.cmu.edu even though it doesn't go anywhere because Bob Foo had it at one time.

A similar question is how long after death do we preserve the ID? A year? Two? Forever?

The data available to be entered and/or viewed by others needs be determined. Possible data items are: name; email address; (physical) mail address; phone number(s); current occupation; major; and graduation year.

Similarly, what about data from alum who have not registered with the system? What data is available by default?

4.3. User Access

Accessing unrestricted areas of the server will be available to any user. However, to access the restricted areas of the web server, the user will need to enter in the userid and password. After successfully authenticating, the user will be able to:

Enter and participate in the chat room.
Modify his personal information.
Modify his email forwarding.
Search/browse other alumni for email/mail addresses, etc.
Search/browse the mailing lists.

Implementation notes:
I have not investigated chat room software at all. Something web based is better than something like IRC as if it doesn't go through the web, more work is required to do the authentication.

It is probably best to keep the directory services aspect simple for now by having the data as just HTML pages rather than necessarily throwing in a database back-end. The primary reason is that this makes implementation quicker. The secondary reason is that our future plans with LDAP (see section 6.1) may address this issue then.

4.4. System Overhead

Is an administrative interface for Alumni Relations necessary? For example, would a web interface be desirable for administrative changes to user information?

There are other matters with regards to logging and regular log file analysis and reporting. This information is used to diagnose problems as well as to track usage for capacity planning. Details can be provided at a later time.

5. Responsibilities

Computing Services will install the machine (Sun Sparc 20); install the web server (apache); install the mail server (sendmail); and install the mailing list software (majordomo). The system will be monitored and managed similar to other Computing Services systems. The system will be backed up on a nightly basis. Backups will be kept for the standard amount of time for server machines (currently 14 days).

Alumni relations will provide and maintain the actual data, such as core data to seed and maintain the database (names, addresses, etc.). Also, Alumni Relations will be the contact for all user interaction. For example, contact phone numbers or email addresses will go to Alumni Relations.

The responsibility for the installation of other software (chat room) and the development of the infrastructure to fully enable this system still needs to be decided. However, the installation needs to follow the existing infrastructure to ensure system maintenance can occur so Computing Services will offer (at least) supervisory support.

6. Future Plans

6.1. LDAP

Many clients are supporting LDAP as a mechanism for looking up user information, such as address books. Computing Services is in the process of setting up a campus-wide LDAP service.

After this service is deployed, we may be able to provide a similar service for Alumni Relations using the existing server.

6.2. Personal Certificates

Personal certificates is a comparatively new authentication technology. The benefit of this technology is that once the user provides the 'entry code', a personal certificate gets stored in the user's browser. When the user visits the web page, the server can authenticate the user using the personal certificate and so the user does not have to remember or enter IDs/passwords.

Last modified: Mon Jun 28 06:18:56 EDT 1999