ED-ID is a directory designed to allow applications easy programmatic access to data needed for authorization, application personalization, customization, and programmatic business decision evaluation.
ED-ID exists mainly to give privileged accounts access to person information that can otherwise not be publicly viewed. These privileged accounts, called ED-ID Services, are primarily used to look up person data and authorize people on this data. See the ED-ID Schema for the complete listing of person data.
Getting a New ED-ID Service
NOTE: Getting an ED-ID service is an involved (and often non-linear) process, please read ALL of the instructions before beginning, some steps must be done in sequence others can be done in parallel or out of sequence. For first time applicants we highly recommend using the ED-ID Service Process Checklist to keep track of the process and reviewing the workflow diagram to get a better feel for what is happening.
- Fill out the ED-ID Service Request Form and the ED-ID Service Questionnaire and email them to firstname.lastname@example.org . In your email request to attend one of the monthly ED service meetings (10:00-11:00 in AISB 208 on the first Wednesday of every month - During the COVID-19 pandemic, please open a Service Now ticket and request an ED-ID service meeting via Zoom).
- After sending the request, the IT Security Office will perform an initial security scan of your server environment. They will contact you and indicate if there are any problems that need to be corrected.
- Attend the ED-ID service request meeting. Bring a copy of your ED-ID Service Request Form that has been signed by an authorized Department Head.
- While you are working on getting approval for the service you can begin obtaining your certificate for your service: Go to KB0010331 and follow the instructions for getting a middleware certificate.
- Once your certificate is granted and the service approved it will be set up with default viewable attributes.
- Develop a skeleton application with the default attributes. Contact IT security office to have this application scanned.
- Once the skeleton application passes the scan the service will be signed off on and you will be granted any requested attributes that were withheld.
ED-ID Technical Documentation
Renewing an ED-ID service
Your service itself does not expire, but the certificate associated with it does. To get a new certificate Please go to KB0010331 and follow the instructions for getting a middleware certificate.
- You will not be renewing the old certificate. You will instead request a new certificate that will be associated with your service
- While generating the new keypair, the CN must be set to the exact current service name (also known as the UUSID). When you fill out the Middleware Client Certificate Service Catalog Request Form it is critical that you use the exact current service name in the "Existing Service Name" field on this form.
- Both your old and new certificate will be associated with your service. However, once the old certificate expires, you should send a note to email@example.com telling us to disassociate it with your service.
If you still have questions about this process, please send an email to firstname.lastname@example.org.
Adding Viewable Attributes to an Existing Service
New attributes will have to be approved by IMCS and the data stewards before they can be granted.
You will need to fill out the ED-ID Service Request form (check the box indicating that you are adding attributes to an existing service) and the ED-ID Questionnaire form. Send both forms to email@example.com . Depending on which attributes are requested you may need to attend an ED-ID service meeting before the new attributes can be approved.