A physical access management solution
I work for an academic unit at University of BC
In 2004-2005, CS and electrical engineering received government funds for expansion of buildings. Allowed for improvement of physical access issues.
Deliver electronics programs etc. Every term w have a giant turnover of students who had access to computer systems or space in computer labs.
CS had a punch code given to students in a particular course. But problem: punch code got widely shared
Applied funding to older buildings for access code
Shopping for secure access program to get automation into this.
Didn't find on, so we wrote our own.
ACSM access control mgmt system
Mostly access mgmt with a little IdM
After that it's a role based access control system
Implicit and explicit aspects
Implicit – you are enrolled in this class so you have this access
Explicit – role assignment for employees faculty and staff
Has an element of delegation. Each dept can control who gets on their floor over which they have authority
Biggest challenge was that the product that was chosen was in 1990s, window based application. Better version uses mssql.
So wrote glue to push data into the mssql database
Tried to write in a vendor agnostic way
Q: roles that are implicit, do you have a process for people who don't have a relationship w the university?
A: We only need to care about regular enrolled students. We do have some oddball students. IEEE local branchs ends some folks take courses. Those are handled manually
The hope is that this system will get folded into the central offering.