October 6, 2002; $Id: afl.html,v 1.1.1.1 2003/02/25 19:35:04 wcw Exp $ http://yendi.cc.cmu.edu/work/eflv2/afl.html
Andrew For Life (AFL) undertakes the project to extend the computing infrastructure to Carnegie Mellon community members. Example community members are alumni, prospective students, parents, research partners, etc. We believe that fostering and maintaining the relationship with individual and providing the framework within which they can continue to participate in the Carnegie Mellon community will be mutually beneficial and rewarding.
There are several dependencies with other documents:
In particular to extent the relationship with students beginning from the time they apply and then throughout their lives. Life begins, after all, when you apply to Carnegie Mellon. There are others though, beyond students that are members of the Carnegie Mellon community: research partners, community development partners, trustees, members of advisory boards, those donating to the University, executive students, part-time or temporary employees, summer students etc.
Initially the project provides specific services to applying
students and graduating alumni while retaining services to existing
staff and students In addition the project provides the framework for
offering different subsets of Andrew services to different member
groups by providing for an authorization framework maintained via the
Campus Directory Service. See Appendix C for a list of perspective
services appendix B for a list of potential member groups. The project
also provides for ways to adjust policy concerning services provided
to groups by a Andrew for life requires some policy changes, additional
funding, new software offerings, changes to existing services and significant
changes to Computing Services software infrastructure. Applying students require limited access to Andrew services. The
first is a unique user-id that allows them to authenticate in a secure
way. Today we think of this as the Andrew-id and typically assign them
to arriving students. The user-id gives applying students access to
two other core service, web content and email. The web content may
provide deeply personalized information like admission status and
financial support status but also might provide access to more general
information like campus phone numbers, dorm locations etc. Incoming
students will also need email addresses, today the convention provides
and email address of the form andrew-id@andrew.cmu.edu Offering email entails offering some kind of client support, the
simplest to support is a webmail interface since it requires no
configuration support and no software distribution. A policy decision
may be to limit access to only webmail for off-campus members. Another
support stance is to require new students to enroll in auto-password
resetting. This service will enable students to reset their passwords
to a known value (SSN?) by answering some secret questions. The
importance of this offering really extends after a student leaves CMU
since password resets are a frequent support issue. All the other Andrew services are at least at the moment
unavailable until a student is accepted and commits to the admission.
Customization within today's policy is when a student arrives on
campus they have the opportunity to customize an email address once to
the form cmu-name@cmu.edu. With customization via Andrew for
life what happens to the cmu.edu namespace? See section 12.8 When a student graduates, their relationship with CMU changes. All
the services generally necessary to live on campus are reduced. An
alumni is again generally reduced to having a user-id, an email
address and having access to alumni specific web content We expect to support more frequent user-id and email address
changes. Today our policy and underlying technology make it difficult
for clients to change identities or email addresses. The demand for
changes is modest because of our relatively short relationship with
students and many staff members, that is a few years. Still things
happen, people change their names legally or get user-ids
automatically generated that are somehow offensive. Andrew for life
changes these rules. More user-ids will be in use and the user-id will
be in use longer. This will make one or more user-id or email address
changes likely. We also want to offer a higher degree of
personalization. All this requires us to allow for more frequent
changes, email address changes and for potentially the transferring of
user-ids from one person to another. This is difficult with majority of our services that have been
constructed with the notion that once you get a user-id it never. The
accounts systems DAMS, the underlying operating systems and
most applications are built with this assumption. We also generally
make the assumption that possessing a valid Andrew user-id gives the
owner access to all Andrew services. We can make user-id changes less common, in particular by providing
new students with an ability to choose an identity and good guidelines
(and enforcement) for picking them. I can imagine that
bighairydudewith2tatoos be a very compelling identity at
18. A flexible notion is to separate identity from user-id and email
address. The identity is very similar to the US social security
number. It is a unique identifier attached to every unique person. The
current Campus Directory has such a notion. A 128 bit GUID is assigned
to every person and user-ids, email addresses etc are associated with
that identity. Things like authorization lists and mailboxes can be
built using an underlying and unchangeable identity, while the
directory service provide the ability to provide mapping. You can't offer services without offering support for those
services and you must have policy to deal with extra-ordinary use of
those services, either abusive use or over use or un-intended
commercial use. Additionally there are issues enforcement of policy
and its consequences. Imagine a wealthy alumni running an illegal or
for profit service and threatening legal action when their user-id is
disabled. Who answers the phone when alumni call for help and what
expectations are reasonable. Can alumni pay for support and where does
the money go? Having good demographic information about all Andrew users is
necessary for limiting liability through abusive use, policy
enforcement and determining level of service. The existing base of Andrew users is somewhat predictable in size
and utilization of underlying computer and networking resources.
Decreases in the cost of computing have made support the growing needs
of a relatively stable base affordable within the existing funding
model. The addition of an external and ever increasing client base
will likely require a different funding source. See section 12. Our notion of an Andrew account providing everything to everybody
needs to change given economics and the expansion in clients discussed
above. Not every group has the same set of entitlements due to
financial, legal or supportability considerations. See section C for a
partial list of entitlements. What entitlements an individual gets really depends on the roles
they fill with Carnegie Mellon. Some roles are official in nature and
can be derived from HRIS and SIS feeds, for example a fulltime and
enrolled student in Pittsburgh. Other roles, like network
administrator or project manager are maintained outside of our regular
sources of data. For example today we attempt to license software on a site-wide
basis, buying to for all 15000 or so active accounts. We can’t extent
this outside of this number without occurring real additional
costs. Also very little software is actually used this way and we
maybe able to save money by licensing to smaller portions of our
community. There will also be increasing difficulties with Geographic
dispersion, remote students and remote employees, different legal
issues, currency, national security concerns. An entitlement of “Can
download SAS” might be granted to fulltime students, CIT faculty and
SCS faculty. Roles of network or computer administrators would allow
individuals to register computers or download software on behave of others.
Their role allow them to grant entitlements to others. All this dictates some changes to our user accounts
system, DAMS and campus directory. The various entitlements available to
Andrew users that are of will need to be specified and organized into common
subsets and associated with the set of roles we denote. All new users are given an Assigned User-Id (AUID) and an
identity. We will pick an algorithm for name creation that many folks
may be able to live with without change, e.g. Poepping423 or
Dopiraktg34. The exact format of the AUID does not matter as long as
it is it will be reasonably unique until the end of time. Users are then given the opportunity to overlay their AUID to a
Personalized User Id (PUID). The PUID is any character string that
the user wishes to choose that is not already in use by a previous
AUID or an in use PUID. The Assignment of a PUID is essentially a name
change and will trigger a lot of activity in underlying systems. The
AUID is preserved in the namespace. All users, students, staff,
faculty and friends will be follow the same process but the recycling
and PUIDs for staff maybe occur quicker The user will be able to keep the PUID until such a time nthat the
user no longer participates in the Carnegie Mellon community. The
PUID is then retired and eventually made available for reuse. The user will be allowed to reactivate the AUID if he returns at a
later date but will then be treated as if that AUID had just been
created: meaning that all email and all aspects of their Carnegie
Mellon University entitlements will be based on their role at that
time. If the former PUID is available, then the user may select
it. All underlying systems will need to be constructed to
support the creation, modification and deletion of AUID/PUIDs and email
addresses. Most likely this will occur as a side effect of changes being made
in the campus directory and each underlaying application and system will be
notified via an asynchronous event delivered to an application/specific event
handler The user is not required to change the AUID. If they are fine with
it, that's fine with us. If the user selects a "bad" PUID, the user may change the
ID but there will be a penalty fee charged to discourage this activity
and some policy which makes frivolous changes difficult. The fee may
increase for each additional change. The exact fee schedule has not
been determined but the point of it is to discourage frivolous
changes. Note that the ability to change have PUIDs and change them adds
much complexity to the email for life endeavor but personalization is
the whole point. The PUID is used as a unique identifier in many
underlying systems. The exact determination of when a user stops participating has not
yet been determined. It is likely to be keyed off of the last time a
user authenticated. We expect this the duration to be years
though. There will need to be a
quarantine period on the PUID. During this period, any email sent to the PUID
will bounce with a notice that the ID is no longer in use. When changing the AUID to the
PUID and any subsequent PUID changes, the id will likely be unavailable for a
certain period of time -- probably less than 24 hours – as the rename takes
place. Some alumni will still choose to
forward their email to another location. Just like existing users have the option
of forwarding their email, so would Alumni users. The only
"annoyance" for the Alumni user is that they would likely have to
authenticate (or do whatever is necessary to show that they are continuing to
participate). The following is a list of plans that were discussed but
rejected. Existing Andrew IDs: 60,000 Alumni without Andrew IDs: 30,000 (per Martha Baron) Existing Andrew IDs calculated by the fact that we've
created about 65,000 Andrew IDs at this point. We round down by 5,000 for
random faculty/staff that won't get their ID reactivated. Let's assume the average age of a graduating senior is 21. Let's
say that average life expectancy is 85. So it will take 64 years
before the increase of user stabilize. Let's assume the average number of students graduating (including
graduate students) is (at most) 2000. This project doesn’t account for
a huge increase in distance students So, 64 years times 2000 students or 128,000. Add that to the
current base of 90,000 from above then we get 218,000. So let's round
up and say 250,000. So worst case just counting students, we have about 250000/15000
16.6x more active users than before. In general, we can probably assume that Moore's law will allow a
consistent hardware funding level to keep the steady state. However,
the economics predicted by Moore's law clearly does not extend to
staff time. As mentioned above, at this point in time, authentication and
authorization are very closely tied with each other. Specifically, if
you can identify yourself as a valid 'Andrew' user then almost all
services allow you to have access. This and the inc.1.1 Students, user-ids, email addresses
2.0 Changing user-ids and email addresses
3.0 Service and Policy
4.0 Continuing funding, capacity planning
5.0 More on authorization, entitlements and roles
6.0 How it will all work - getting a user ID, changing it,
retiring it etc. 20,000 ft. View
6.1 More Details
7.0 Requirements Analysis
7.1 Why this plan is good
7.2 Why this plan is bad
7.3 Alternative Plans
7.3.1 Separate alumni domain
This is the current model used by alumni relations, that is the domain
alumni.carnegiemellon.edu. Students don’t get to keep their current
id, but have to sign up again. We could still do this but provide a
smoother transition from graduating senior to their alumni for life
id. At the time that the current email solution was chosen, Alumni
Relations declined to pay or engage Computing Services on how to make
this transition smoother.
7.3.2 Just don't delete ids
We could just not delete ids. However, this creates an undue burden on
Computing Services. Instead of reclaiming the resources that used by at least
1000 users, we need to continue to support these users. This also leads to the
problem in 3.2 where current students get "ugly" ids while people who
haven't used the system in 5 years have the "good" ids.
8.0 Projections regarding
8.1 Highest use case scenario
9.0 Work items -- 47 months of effort
Abuse? What kind of stick do we have? Account blacklisting? Who eats the cost of abuse? Billable to Alumni relations?
The AUID should be reasonably unique until the end of time. However, the hope is that many users will not chose to create a PUID so we should make the AUID as useable as possible.
To be friendly, the first part can consist of a person's first name plus their last initial, their initials, or some other form of their name. It would probably be a good idea to limit the first part to be 6 characters or less.
The uniqueness requirement can be addressed by tacking on numbers to the end of the first part. Eliminating the digits '0', '1', and '8' would be good to avoid confusion with 'o', 'l', and 'b'. Having 4 digits should allow 2,401 combinations for each first part.
It should be trivial to add another digit in the event that 2,401 are insufficient. As such, one should *not* assume that the maximum AUID length is 10 characters.
Students
Staff and Faculty
Alumni
Proto-Freshmen (applied not accepted)
Pre-Freshmen (accepted not-arrived)
Trustees
Guests
Group owned accounts (Departmental Accounts)
Students, Staff, Faculty on leave
Sponsored accounts (paid research accounts)
Friends of Computing Services
Friends of Carnegie Mellon
Part-time students, faculty, staff
Courtesy appointments
Friends of Technology transfer, etc.
Folks that have pre-Kerberos machines and AD only accounts
Pre-college (summer students)
Students at remote campuses
Distance Learning students
. A kerberos principal name, the heart of our authentication system
. Andrew Unix file space
. Andrew Windows file space (planned for DSP customers)
. AFS Project volumes
. Web publishing collections
. Sponsored computer accounts
. Can sponsor a club accounts
. Mulberry Address Books
. Cyrus mail storage
. Andrew Calendars
. Personal web collections on www.andrew.cmu.edu
. Personal Groups, owned administrative groups
. White Pages data
. VPN access
. Dialup access into Main campus modem pool
. Request Guest accounts
. Register computers (wired and wireless) in Netreg
. Create bboards and majordomo lists
. Create Remedy incidents and maintain history
. Retain Portal preferences
. The right to download Site licensed software
. An account of with Active Directory that supports legacy clients (W95)
. Can register for classes online
. Can create a blackboard course
. Get help desk support
. Authbridge access
. Print to cluster printers
Undergraduates
Graduates
Masters
Professional Masters
PhD
By College affiliation
By Major department
Disabled students
Non-Pittsburgh students
Silicon Valley
Greece
Brazil
India
Mexico
Distance Ed students
Executive Education
Ad hoc student groups
Undergraduates
Graduates
Masters
Professional Masters
PhD
By College of interest
By Focus Segments (there are many more than are listed here)
Ethnic Minorities
Women
In Science
Legacy
Prospective disabled students
All current employees
Non-Pittsburgh employees
DC
Colorado
New York
Silicon Valley
Greece
Brazil
India
Mexico
Disabled employees
Benefit-eligible employees
TES employees
Former employees
Family of employees
Ad hoc employee groups
All current faculty
Tenured / Non-tenured
Emeriti
By College
By Department
Post docs and fellows
Visiting scholars
Special Faculty
Adjuncts
Ad hoc faculty groups
All staff
By department
Professional staff
Administrative staff
Staff at off-campus locations
Ad hoc staff groups
All Alumni
By College (inc. Margaret Morrison)
By Major Department
By region
By reunion year
Executive Education
E-mail for life users
Board members (boards are either university-based or college-based)
Chapter leaders
Volunteers
Academy for Lifelong Learning members
CMACers (alumni interviewers)
SIG members (not necessarily related to major)
Ad hoc alumni groups
Of current students
Undergraduate
Graduate
Of prospective students
Of former students
Current donors
Prospective donors
Non-Alumni
Individual
Corporate
Prospective donors
Library Patrons
Walk-ins (virtual and in-person)
Library Consortia
Alumni
Academy for Lifelong Learning (ALL) members
Spouses and family members of faculty, staff and students
Visiting Affiliates
Special Programs (for example Pre-College, PA Governor's Summer School)
High School Counselors
Summer Program participants
Employers
By Industry Focus Segments
Corporate Recruiters
Hiring agencies
External faculty
Domestic
Foreign
Corporations & Foundations
Government agencies
Media (Publicity Outlets)
National
Trade
Local
Broker Services
Broadcast
On-line
Interested parties
Researchers
Think Tanks
Other universities
Pittsburgh Community Neighbors
Friends of Carnegie Mellon
By College
Advisory board members
Opinion leaders
Former faculty
Computing Services partners
Corporate partners
Higher-ed partners
General Higher Ed Clients
Purchasers of computing equipment and software
Special Geographic Segments
New York
LA
Silicon Valley
Baltimore/DC
Philadelphia
Boston
Everyone else