Directory Services
Table of contents
Connection to the centrally provided Directory Services
This service makes it possible to access data from the central directory services (account, password, group affiliation, further attributes) in the institutions.
- All structural units of the TU Dresden are authorized
- The request is submitted to the Service Desk
- Use one of the following forms:
Further Development of the IDM Systems
Process of Requirements Management
Additional requirements to the IDM system and change requests should be submitted in an IDM-Application Form via e-mail to. Comprehensive descriptions of the requirements should already be delivered in this e-mail. The section [Questions and Requirements] should be used as a gudeline. After receipt of the requirements, open questions and evaluations will be discussed by the IDM-Team. The final decision about the prioritisation and implementation of the incoming requirements are made by the ZIH administration.
- connection of an additional target system of the IDM
- change of existing interfaces of the IDM system
- management of additional data in the IDM system
- revisions of processes in the IDM system
- revisions of roles in the IDM system
- sending requirements via e-mail to by use of the IDM-application form
- document of requirements in the OTRS of TU Dresden
- short term consultation with the contact person listed in the IDM application form in order to clarify open questions.
- evaluation of the requirements by the IDM team
- extension of the requirement's documentation in the OTRS of TU Dresden
- decision for the implementation by the ZIH administration
- prioritisation and classification of the implementation to the schedule
- creation and ratification of a design document
- completion and ratification of the IDM application form
- a register of processing operations per target system
- IT-security concepts per target system
- process description inclusive the competences and responsibilities for the particular steps in the process
- process description for the application, assignment and withdrawal inclusive the responsibilities and competences per role
- administrative department for information security (data safety officer, IT-security officer)
- ZIH administration
- a direct connection of target systems will be established only in exceptional cases
- instead a connection will be established via one of the authentication systems
- Windows systems via the central Active Directory
- Web applications via Shibboleth IDP
- Linux Systems via the central LDAP directory service
Questions about requirements
In order to find an optimal solution for the implementation of the requirements, extensive information is needed. The here listed questions should serve as a guideline for the description requirements.
- Description of the target system:
- Which purpose does the target system serve?
- In which way does the implementation of the requirements in the IDM system support this purpose?
- How is the user data managed in the target system?
- Is user data imported from other systems and in this case: which interfaces are used?
- Interfaces of the target system:
- Which interfaces does the target system provide for the connection to the IDM-system (examples: LDAP, data, data base, Shibboleth)?
- Which interface does the target system prefer for the connection to the IDM-system?
- Data protection and IT-security:
- Does a process directory entry exist for the target system?
- Does an IT security concept exist for the target system?
- Who is responsible for the target system after the connection?
- Which IP address does the target system use in order to connect with the IDM system?
- Is a manager account necessary which owns reading rights to the data?
- In which period should the connection happen?
- Containment of the affected group of users:
- Will data of staff members, students and/or guests be used?
- Can the affected group of users be further limited according to the structure unit (institute, subject area, ...)?
- Can the affected group of students be further limited according to the fields of study?
- Can the affected group of users be further limited according to common attribute values?
- Containment of necessary information:
- Which attributes are necessary for which unser group?
- May resulting data of the attributes already be sufficient (for instance legal age rather than birthday)?
- Descriptions of target system specifications:
- Which target system specific processes need to be implemented?
- How are the responsibilities managed for the particular process steps?
- Which target system specific roles are necessary?
- How are the responsibilities managed for application, assignment and withdrawal of roles?