Many Harvard Community users fit easily into a simple categorization for their user type: undergraduate student, faculty member, alumna. But there are many who don’t — and to make access to Harvard resources easier for both those users and their people administrators, the Identity and Access Management (IAM) team at Harvard University Information Technology (HUIT) is working to better classify role types for an important group of University affiliates.
Currently, there are five broad categories of affiliation for individuals who are given a Harvard identity. These include affiliations as student, faculty and staff, library borrower, alumni and “person of interest,” commonly known as “POI” — a classification that includes anyone who does not fit into the other four categories. One reason for the use of these categories is Harvard’s alignment with the Internet2 edu_person data schema, a Lightweight Directory Access Protocol (LDAP) schema designed to standardize widely-used person and organizational attributes in higher education in an effort to enable federated authentication and resource sharing within the higher-ed community.
Among the five identity classifications in use at Harvard, the POI classification has the widest room for variation — which also means the potential for misunderstanding or misuse. To mitigate this risk, the IAM program is working to more clearly define just who a given POI is by specifying an expansion to the current list of POI types; this will include types such as “visitor,” “collaborator,” and “advisor,” to name just a few. The result will be a more comprehensive categorization system that better describes the reasons users are granted Harvard POI affiliations — which, in turn, enables better control over the resources to which these individuals have access.
In the interest of security, the new POI types — known as “sponsored affiliations” — will require a non-temporary employee in the user’s School or organization to sponsor that user’s affiliation and access to their organization’s resources, as well as periodically renew sponsorship to prevent stale records from remaining active.
Over the next several months, the IAM team will be modifying identity registry database schema as well as the MIDAS identity data management application in order to create and manage these new POI types. This work also lays a foundation for future migration of POI records from external databases into the HUIT identity registry — a key to the program’s ongoing initiative to build a centralized Harvard identity registry and support “one identity for life.”
For more information about the IAM program’s work in improving account setup and security for sponsored Harvard affiliates, please visit the IAM website or contact Gretchen Grozier, IAM community program manager.
>> See all news from the Identity & Access Management program