The Enterprise Directory and Identity Management Infrastructure (EDIMI) Project (also known as the Enterprise Directory Project) is one of the UTIPP projects aimed to address the following campus needs:

1. UCLA needs to improve user identity data collection consistency, to reduce administrative cost, and to lower security risks in its portfolio of web applications.

Significant portions of the campus’s electronic systems today manage user information independently. This often creates redundant work, poor user experience and incorrect data. Application administrators spend unnecessary time and resource tracking down user data in order to determine user access. The data gathered is often out of date and incomplete. There needs to be a better mechanism to manage user identity, profile, and authorization information across functional boundaries and through time. UCLA needs to track and manage a person’s electronic interaction with the campus, regardless of the context, in a coherent, consistent, persistent, and secure manner. In other words, any person who interacts with UCLA any way should have a unique lifetime electronic identity. There should be a consistent, persistent, and secure user identity directory service to hold and manage this unique electronic identity. Furthermore, there should be a standard-based, easy-to-implement common web application authentication and authorization framework to complement this directory service.

2. UCLA needs to provide broader and more consistent user authentication and authorization systems to improve access to electronic resources at UCLA.

Campus web applications need a consistent mechanism to authenticate users and to manage access for those who have a legitimate need to access the applications but are traditionally not considered core part of the campus community. Such user (visiting scholar, vendor, parents, etc) is typically not eligible to receive a UCLA UID and other identifier/accounts normally assigned to only core UCLA community members. These accounts/identifiers are developed for specific systems and are subject to application-specific eligibility rules. Furthermore, the user account management practices and policies among these accounts are often inconsistent and confusing to the users. There is a need for a system-agnostic, highly scalable, and generalized user account management system based on the Enterprise Directory Service.

3. UCLA needs to support emerging legal and computing requirements. The areas include privacy, secured messaging, digital signature, and federated identity.

Privacy legislations (HIPAA, FERPA, California Senate Bill 1386, etc.) and emerging technologies (GRID computing, Shibboleth) demand a coherent, standard-based, architecturally sound and technologically flexible electronic identity management infrastructure. UCLA needs to get there soon.