Service Alerts (4 New)

EID System

Overview

The EID System is actually three separate services:

  • Identity Management Service – Provides for the creation and management of identity accounts (commonly called EID accounts) for the entire university community.
  • Authentication Service – Provides an EID credential (e.g., password) verification service and supports login session management for web-based campus services.
  • Directory Service – Provides "lookup" services for EID identifiers, affiliations, and other information of interest across campus.

How does the EID System work?

Information flows through the EID System from our source systems to our consuming systems, as illustrated in the diagram below.

  • Source Systems – These are the systems on campus that provide authoritative information about the various populations contained in the EID system.
  • Identity Management – The TIM (uTexas Identity Manager) system:
    • Receives information from the source systems
    • Creates, updates, and combines identity accounts
    • Sends identity-related information to our directory service systems
  • Directory Services – These systems provide "look-up" services, both private and public, to consuming systems.
    • TED (uTexas Enterprise Directory) – A restricted-access directory service that provides a consolidated set of identity, affiliation, and related information about all identities in the EID System.
    • TOM (TED on the Mainframe) – A NATURAL/ADABAS-based service that provides access to EID information for mainframe systems.
    • WHIPS (White Pages) – A public-access directory service that provides information about our current students, faculty, and staff.
  • Authentication Management – The TAM (uTexas Access Manager) system:
    • Verifies EID user credentials (meaning that it answers the question, "Is this the correct password for a given EID?").
    • Manages logon sessions for web applications on campus (such as UT Direct).
  • Consuming Systems – These are the systems that consume EID information or make use of EID authentication services.
EID System Overview - System Components

EID Concepts

Identifiers

Every EID account has two key identifiers, UT EID and UIN:

  • The UT EID (UT Electronic Identity) is a 2- to 8-character public user name intended for use by humans.
  • The UIN (University Issue Number) is a 16-character hexadecimal number intended for use by machines.
  • Note: An EID account may have "prior" UT EIDs or UINs associated with it if the UT EID has been changed or if two EID accounts belonging to the same person have been combined.

EID Types

There are seven EID types:

  • Person EIDs – represent humans (can logon)
  • Business EIDs – represent organizations that do business with the university (cannot logon)
  • Department EIDs – represent official university departments (cannot logon)
  • Service EIDs – represent machines or applications that can act as security principals (can logon)
  • Resource EIDs – represent assets owned by a department (can logon) (available in the fall of 2007)
  • Group EIDs – represent groups of other identities (cannot logon)
  • ID-only EIDs – represent minimal identity records that have only a UT EID and UIN associated with them (cannot logon)

Developers can read more about the EID types and the Natural lookup modules in this TechLounge article (Developer authorization and EID login required).

Person EID Attributes

Person EIDs have several attributes of campus-wide interest:

  • Affiliations – EID affiliations describe the relationship a person has with the university. A person can have none, one, or many affiliations. Examples include: current student, former employee, library patron.
  • Class – Each Person EID belongs to one EID class based on the EID's affiliations.
    • Member – Current students, faculty, staff, and official visitors are in the Member class.
    • Affiliate – Future and former students, faculty, and staff, as well as extension studies participants, donors, and library patrons fall into the Affiliate class.
    • Guest – Prospective students, prospective faculty, job applicants, and anyone without a current affiliation fall into the Guest class.
  • Entitlements – EID entitlements represent a set of rights to resources. An EID holder may have many entitlements.