email identity standard proposal february 2014 committee on technology & architecture...
TRANSCRIPT
![Page 1: Email Identity Standard Proposal February 2014 Committee on Technology & Architecture Subcommittee on Identity and Access Management](https://reader036.vdocuments.us/reader036/viewer/2022081514/56649d9d5503460f94a869c0/html5/thumbnails/1.jpg)
Email Identity Standard Proposal
February 2014
Committee on Technology & Architecture
Subcommittee on Identity and Access Management
![Page 2: Email Identity Standard Proposal February 2014 Committee on Technology & Architecture Subcommittee on Identity and Access Management](https://reader036.vdocuments.us/reader036/viewer/2022081514/56649d9d5503460f94a869c0/html5/thumbnails/2.jpg)
2
Situation
• The @UCSF Exchange service provides email to 30,500 users across the UCSF enterprise
• Many separate email systems have been consolidated into @UCSF, including the Medical Center and School of Medicine
• @UCSF Exchange currently receives email for 140 distinct domains
• Some units adopted ‘@ucsf.edu’ primary addresses when joining, but 73 email domains still have new accounts provisioned with their original domain.
• Rules for assigning a new individual to the appropriate domain are inconsistent, and process is completely manual
![Page 3: Email Identity Standard Proposal February 2014 Committee on Technology & Architecture Subcommittee on Identity and Access Management](https://reader036.vdocuments.us/reader036/viewer/2022081514/56649d9d5503460f94a869c0/html5/thumbnails/3.jpg)
3
Consequences of Current Situation
• Delays the manual creation of new accounts
• Barrier to implementing automated processes for account provisioning
• Rollout of new services and integration with cloud service providers are more complicated and often delayed
• Movement of individuals between units results in change of email address. This is increasingly problematic as cloud service adoption at UCSF grows
![Page 4: Email Identity Standard Proposal February 2014 Committee on Technology & Architecture Subcommittee on Identity and Access Management](https://reader036.vdocuments.us/reader036/viewer/2022081514/56649d9d5503460f94a869c0/html5/thumbnails/4.jpg)
4
Target• A uniform primary @ucsf.edu address for all
members of the UCSF community
• Continuous delivery of email sent to all historical addresses in perpetuity
Benefits• Simpler experience for UCSF community
• Uniform, recognizable brand to patients, donors, colleagues, and recruits
• Fewer changes - move within organization does not change email address
• Simpler account provisioning logic - faster turnaround and facilitates automation
• Single email namespace more closely matches cloud service integration requirements
![Page 5: Email Identity Standard Proposal February 2014 Committee on Technology & Architecture Subcommittee on Identity and Access Management](https://reader036.vdocuments.us/reader036/viewer/2022081514/56649d9d5503460f94a869c0/html5/thumbnails/5.jpg)
5
What is a Primary Address?
• Is the main email address published within our directory service (Active Directory)
• Is the address that is displayed in the global address list (GAL)
• Is the ‘From:’ address on outgoing email
• Is frequently used by cloud service providers as the most obvious identifier for account belonging to UCSF personnel
![Page 6: Email Identity Standard Proposal February 2014 Committee on Technology & Architecture Subcommittee on Identity and Access Management](https://reader036.vdocuments.us/reader036/viewer/2022081514/56649d9d5503460f94a869c0/html5/thumbnails/6.jpg)
6
What is a Secondary Address?
• An alternate email address published within our directory service
• An account can have more than one secondary address
• Email is accepted and processed normally for all secondary addresses in addition to the primary
• Every account that doesn’t use @ucsf.edu as the primary has at least one @ucsf.edu address as a secondary
• Over 1200 accounts have multiple @ucsf.edu secondary addresses
![Page 7: Email Identity Standard Proposal February 2014 Committee on Technology & Architecture Subcommittee on Identity and Access Management](https://reader036.vdocuments.us/reader036/viewer/2022081514/56649d9d5503460f94a869c0/html5/thumbnails/7.jpg)
7
Proposal• New individuals joining the UCSF community
will receive a [email protected] primary address– Alternate domain addresses will no longer be
provisioned as a secondary for new accounts
• Existing UCSF individuals not using @ucsf.edu as a primary:– Secondary address populated with their current
email address
– Primary address set to [email protected] format
– UCSF Listserv memberships updated with new primary address
– Directory systems (CLS, SIS, etc) updated
– UCSF Box, and other cloud service accounts updated
![Page 8: Email Identity Standard Proposal February 2014 Committee on Technology & Architecture Subcommittee on Identity and Access Management](https://reader036.vdocuments.us/reader036/viewer/2022081514/56649d9d5503460f94a869c0/html5/thumbnails/8.jpg)
8
User Impact
• Email sent to prior address or new address will be delivered to a single mailbox – No Impact
• Loss of identity and ‘branding’ associated with domain suffixes on outgoing mail – Impact Variable
• Individuals may want to update business cards and other print collateral – Impact Low to Moderate
• Individuals external to UCSF may notice their address books have populated multiple entries for UCSF correspondents – Impact Low
• Individuals reassigned addresses like [email protected], [email protected], etc. as their primary address due to name collisions may be dissatisfied with the outcome – Impact Variable
![Page 9: Email Identity Standard Proposal February 2014 Committee on Technology & Architecture Subcommittee on Identity and Access Management](https://reader036.vdocuments.us/reader036/viewer/2022081514/56649d9d5503460f94a869c0/html5/thumbnails/9.jpg)
9
User Impact
• Custom inbox rules built manually from email addresses rather than the global address list will need updating – Impact Low
• Users may forget that they used their previous address for registrations on external websites – Impact Variable
• Business processes that query Active Directory for addresses matching @department.ucsf.edu (sub-optimal choice, but may exist) will no longer work – Impact Unknown
• Ability to send to external Listservs that restrict input to validated addresses will be interrupted until Listserv account is updated with new address – Impact Moderate
![Page 10: Email Identity Standard Proposal February 2014 Committee on Technology & Architecture Subcommittee on Identity and Access Management](https://reader036.vdocuments.us/reader036/viewer/2022081514/56649d9d5503460f94a869c0/html5/thumbnails/10.jpg)
10
Alternate Email Servers
• There is no requirement that members of the UCSF community use the enterprise Exchange server
• A small number of units continue to operate independent email servers
• Suggestion for provisioning / cloud integration for this population:– Create [email protected] account as with other new
hires
– Existence of account will facilitate integrations that need an @ucsf.edu address, even if email function not utilized
– Inform account owner that only their @ucsf.edu address should be used for authenticating to campus-wide and integrated services
![Page 11: Email Identity Standard Proposal February 2014 Committee on Technology & Architecture Subcommittee on Identity and Access Management](https://reader036.vdocuments.us/reader036/viewer/2022081514/56649d9d5503460f94a869c0/html5/thumbnails/11.jpg)
11
Domain Accountsucsfmedicalcenter.org 9381
anesthesia.ucsf.edu 529
peds.ucsf.edu 481
obgyn.ucsf.edu 447
medsfgh.ucsf.edu 416
medicine.ucsf.edu 388
orthosurg.ucsf.edu 282
. .
dentistry.ucsf.edu 79
. .
ccrc.ucsf.edu 1
chanoff.ucsf.edu 1
ebinet.ucsf.edu 1
clinlab.ucsfmedctr.org 1
uap.ucsf.edu 1
Alternate Email Domain Statistics
![Page 12: Email Identity Standard Proposal February 2014 Committee on Technology & Architecture Subcommittee on Identity and Access Management](https://reader036.vdocuments.us/reader036/viewer/2022081514/56649d9d5503460f94a869c0/html5/thumbnails/12.jpg)
12
Visual Impact of Email Domain – Mac Mail
Example from Mac mail client of a message addressed to recipients in four unique email domains. The domain identity of the recipients is not visible in the user interface
![Page 13: Email Identity Standard Proposal February 2014 Committee on Technology & Architecture Subcommittee on Identity and Access Management](https://reader036.vdocuments.us/reader036/viewer/2022081514/56649d9d5503460f94a869c0/html5/thumbnails/13.jpg)
13
Visual Impact of Email Domain – Outlook on Windows
Same example using the Outlook email client on a Windows computer
![Page 14: Email Identity Standard Proposal February 2014 Committee on Technology & Architecture Subcommittee on Identity and Access Management](https://reader036.vdocuments.us/reader036/viewer/2022081514/56649d9d5503460f94a869c0/html5/thumbnails/14.jpg)
14
Visual Impact of Email Domain – Outlook Web Access on Windows
Same example with Outlook Web Access (OWA) in a Firefox browser window
![Page 15: Email Identity Standard Proposal February 2014 Committee on Technology & Architecture Subcommittee on Identity and Access Management](https://reader036.vdocuments.us/reader036/viewer/2022081514/56649d9d5503460f94a869c0/html5/thumbnails/15.jpg)
15
Visual Impact of Email Domain – IOS
Corresponding example on an iPhone
None of the clients surveyed displayed the recipient’s email domain under normal operation
![Page 16: Email Identity Standard Proposal February 2014 Committee on Technology & Architecture Subcommittee on Identity and Access Management](https://reader036.vdocuments.us/reader036/viewer/2022081514/56649d9d5503460f94a869c0/html5/thumbnails/16.jpg)
16
Recent Integration Challenges
• UCSF Box – Box expected a single primary domain
– Two UCSF staff members a month resolving complication, delaying the implementation
• Cisco Unified Communications (new phone solution)– Unable to build Uniform Resource Identifier (URI –
analogous to internal phone number) from primary email address because they require single domain
– Ad hoc heuristics are in development to pick ‘correct’ @ucsf.edu address from among multiple candidate secondary addresses
![Page 17: Email Identity Standard Proposal February 2014 Committee on Technology & Architecture Subcommittee on Identity and Access Management](https://reader036.vdocuments.us/reader036/viewer/2022081514/56649d9d5503460f94a869c0/html5/thumbnails/17.jpg)
17
Recent Integration Challenges
• DocuSign– Reached internal character limit processing list of
UCSF domains during authentication process
– Domains through ‘larc.ucsf.edu’ work, all domains after ‘legal.ucsf.edu’ fail
– Issue still unresolved as of 1/31
![Page 18: Email Identity Standard Proposal February 2014 Committee on Technology & Architecture Subcommittee on Identity and Access Management](https://reader036.vdocuments.us/reader036/viewer/2022081514/56649d9d5503460f94a869c0/html5/thumbnails/18.jpg)
18
UCSF Box Integration
Definition of ‘Your Company’ is almost comically complex
![Page 19: Email Identity Standard Proposal February 2014 Committee on Technology & Architecture Subcommittee on Identity and Access Management](https://reader036.vdocuments.us/reader036/viewer/2022081514/56649d9d5503460f94a869c0/html5/thumbnails/19.jpg)
19
Approval Process
9/26/13 – Endorsed by CTA Identity and Access Management Subcommittee
12/12/13 – Endorsed by Committee on Technology and Architecture
12/13/13 – Endorsed by Committee on Business Technology
2/6/14 – Endorsed by IT Governance Steering Committee
![Page 20: Email Identity Standard Proposal February 2014 Committee on Technology & Architecture Subcommittee on Identity and Access Management](https://reader036.vdocuments.us/reader036/viewer/2022081514/56649d9d5503460f94a869c0/html5/thumbnails/20.jpg)
20
Community Input to Date
Presented to School of Medicine Clinical Chairs
Email distribution to School of Medicine MSO list
Presented to IT-Forum
Vetted with School of Nursing Leadership
Vetted with School of Pharmacy Leadership
- Vetting with School of Dentistry in progress
- Vetting with Academic Senate in progress