I. Title

A. Name: Policy on the Duration of PennNames

B. Number: 2005mmdd-pennnames-duration

C. Author: M. Muth (ISC Networking)

D. Status:

[ ] proposed [ ] under review [X] approved [ ] rejected [ ] obsolete

E. Date proposed: 2004-12-15

F. Date revised: N/A

G. Date approved: 2005-11-28

H. Effective date: 2005-12-06


II. Authority and Responsibility

Information Systems and Computing has custodial responsibilty and accountability for the University of Pennsylvania's PennNames service which is integral to the operation of the Penn-wide user namespace.

III. Executive Summary

This policy specifies the duration of PennNames, and the circumstances under which ownership may be transferred.

IV. Purpose

The purpose of this policy is to specify the terms under which PennNames are associated with a particular member of the Penn community over time and across organizations. This policy also specifies a process under which organizational sponsorship and user association may be transferred.

V. Risk of Non-compliance

If PennNames are not handled in compliance with this policy, unauthorized access to systems, applications, and/or data may occur and access to University-wide services may fail or be impaired, potentially resulting in inconvenience to end users.

VI. Definitions

Namespace
The set of all usernames that could be assigned to users of PennNames-compliant systems or services, in which those usernames are unique.
PennName
A PennName is a username which is unique to each individual at Penn. It may be used on multiple systems at Penn for that individual's accounts. Association between an individual and the individual's PennName is maintained using the PennNames service (see References, below). A PennName may also be a reserved name which is not explicitly tied to a particular individual. These are often used for mailing lists, aliases, or accounts not tied to a particular person ("role" accounts).
PennNames
PennNames is a service to support migration to and maintenance of a common University namespace. It consists of a database, a set of system administrator tools, and basic policies.
PennName sponsor
This is a school, center or service that uses PennNames to register its use of a PennName for a service or system. A particular PennName may have multiple sponsors if an individual has (or had) access to multiple systems or services at Penn (see References, below), or if multiple systems have role accounts or mailing lists by the same name.
Penn ID
A unique eight-digit number issued to Penn and UPHS affiliates. University offices frequently require a Penn ID as a unique ID, similar to employee ID number. PennCard holders will find their Penn ID printed on their PennCard -- it is the middle 8-digit sequence of numbers. A Penn ID is generated when an individual is added to Penn Community, either manually or via feeds from SRS and Payroll systems.

VII. Scope

This policy covers change and transfer of PennNames.

VIII. Statement of policy

  1. The PennName will be associated with an individual indefinitely, regardless of the following events:
    1. the username's removal from the sponsor's system(s); or
    2. the individual's separation from Penn, whether through graduation, retirement, resignation, termination or death
    unless the PennName is transferred, as described below.
  2. Individuals may change their PennName under the following conditions:
    1. legal name change;
    2. PennName deemed offensive;
    3. typographical, technical, or administrative error discovered within 1 business week of creation, as long as the PennName only has been used in ways that can easily be undone (e.g. accounts can be renamed, but publication of an email address cannot be reversed);
    4. harrassment; or
    5. transfer of their PennName (see Statement of Policy number 3).
    In such cases, the former PennName is not available for reuse, except in the case of transfer, per Statement of Policy number 3.
  3. If an individual or group wishes to be assigned a PennName already in use or take a PennName out of circulation, the following process may be used:
    1. The requester may contact his or her computing director.
    2. The requester's computing director may negotiate with the other sponsor(s), and, where feasible, the current holder of the PennName, to reach a resolution. The current holder may participate in the negotiation, but does not have veto power. The University, as issuer and owner of the PennName, is the governing authority during this process.
    3. For the purpose of transfer negotiations, the Information Security Officer will act as the computing director responsible for PennKey sponsorships.
    4. If all are in agreement, the PennName may be transferred from the current holder to the requester or taken out of circulation.
    5. ISC must notify the current holder about the transfer, if the transfer results in the deletion or renaming of the current holder's authentication or authorization credentials for a sponsor's system or service. The last known contact information will be used to attempt to notify the holder of the transfer.
  4. If a PennName is changed or transferred, the transferring and sponsoring organizations must be responsible for removing any system, application, and/or data access authorized on the basis of that PennName.
  5. PennName changes will be reported to sponsors by ISC, so appropriate authorization changes can be made.
  6. PennNames created prior to July, 2004 that do not have Penn IDs associated with them by January 1, 2006 will be made available for re-use.

IX. Recommendations and Best Practices

  1. Local support providers (LSPs) should encourage users to select their PennName carefully, since opportunities for change are extremely limited. In most cases, the PennName a user selects will become the username for their Penn email account. LSPs should have users create their PennKey before their school account, to encourage a standard method for PennName selection.
  2. Transfer of a PennName should not be undertaken lightly, given the resulting inconvenience to the former holder of the name.
  3. In certain cases transfer may be impossible, given the inability of certain systems to rename accounts.

X. Compliance

XI. References