Guest Access Requirements

I've attached the Draft Requirements here rather than have them in line because of formatting I want to retain. Original document attached

Draft


SmartSite Guest Access

Requirements


Problem Statement: Create a new tool or extend SmartSite to allow faculty and staff to add guests to their SmartSite project sites. Guests are persons outside the UCDavis community in that they do not have UCDavis computing accounts. This application should allow a site owner to begin the process by creating a SmartSite user account for the guest. The application may build on the existing add guest functionality already built within Sakai (in site info) or it may be a new tool we create.


  • REQ-1: To create a SmartSite account for guests, the site owner must provide
      1. The guest name, first and last,
      2. Guest email account,
      3. Date created by the site owner,
      4. UserID of the person creating the guest account.
  • REQ-2 The application should check the guest's email format as entered by the site owner to make sure it has a correct format. No need to look up the email and make sure it is a valid one.
  • REQ-3 The site owner should have a way to edit his entry in the create account function.
  • REQ-4 The create SmartSite account process must create an account in the Sakai Account table as part of the process for adding the guest to a site.
  • REQ-5 Undergraduate students cannot add guests to sites. Graduate students, staff and faculty are ok. Graduate students are usually TAs also.
    • From Brian:
      'You can distinguish undergraduates from
      graduates using Banner's SGVCLSS view. You can get teaching faculty by
      checking for distinct pidms in the SIRASGN table. Since staff don't
      have a role in Banner, I don't think you could identify them in any
      way. They would have to be grouped in the not student/faculty category.
      Mothra's usertype and the SGVCLSS view would give you all the data you
      need. That's assuming you have access to Mothra data.'


  • REQ-6 The guest account will expire in 1 year.
    • REQ-6-1 Notifications must be sent to the guest and the site owner prior to the expiration.
    • REQ-6-2 There must be a function to identify accounts that are near expiration.
    • REQ-6-3 There must be a function to delete accounts that have not been renewed in one year.
    • REQ-6-4 There must be a function to renew accounts.
  • REQ-7 There must be a function to delete accounts that were created by a site owner but never activated by the guest. If the guest does not activate his/her account in 2 days (question), this function would delete the guest account and notify the guest email on record and the site owner. The site owner would then begin the process again.
  • REQ-8 The guest should have a guest role which prevents him/her from adding other guests. There may be other restriction on the guest role.
  • REQ-9 Guests can only be added to project sites.

Work flow for adding guests:

Site owner creates new account -> new account process sends guest and site owner notification -> Guest completes new account process including giving himself/herself a password -> notification is sent to site owner and guest saying guest has completed the account information and can now be added to the owner's site -> the site owner adds the guest to his/her site -> Guest enters the site owners site.

First step: The site owner creates the guest account in an account creation tool (new tool for us or modification to the existing account creation tool). The application adds the required guest data (first and last name, email address, today's date, userid of person creating the guest account) and creates an account for the guest in the Sakai user table.

Second step: The application sends email notification to the guest and the site owner. The guest email notification has an embedded url for the guest to access the account creation tool and a one-time password. The guest has 24 hours to activate his/her account.

Third step To activate the guest account, the guest must go to the site url in the email notification. The url will not allow the person into SmartSite proper, only to the account creation tool. The guest must enter a password for SmartSite guest access to the site owner's site and any other guest information required.

Fourth step: Once the guest completes the account activation and password creation, the application will send notification to the site owner to add the guest to his/her site. Notification will also be sent to the guest using the email address provided by the site owner in the first step.

Fifth Step: Upon receiving the notification from the account application that the guest has activated his/her account, the site owner will add the guest to the project site as a guest. The guest role is restricted from adding new guests.

Security issues to be resolved.