Policy on the Duration of PennNames

I. Title

A. Name: Policy on the Duration of PennNames

B. Number: 2005mmdd-pennnames-duration

C. Author: M. Muth (ISC Networking)

D. Status: [ ] proposed [ ] under review [X] approved [ ] rejected [ ] obsolete

E. Date proposed: 2004-12-15

F. Date revised: N/A

G. Date approved: 2005-11-28

H. Effective date: 2005-12-06

Information Systems and Computing has custodial responsibility and accountability for the University of Pennsylvania's PennNames service which is integral to the operation of the Penn-wide user namespace.

This policy specifies the duration of PennNames, and the circumstances under which ownership may be transferred.

The purpose of this policy is to specify the terms under which PennNames are associated with a particular member of the Penn community over time and across organizations. This policy also specifies a process under which organizational sponsorship and user association may be transferred.

If PennNames are not handled in compliance with this policy, unauthorized access to systems, applications, and/or data may occur and access to University-wide services may fail or be impaired, potentially resulting in inconvenience to end-users.

NamespaceThe set of all usernames that could be assigned to users of PennNames-compliant systems or services, in which those usernames are unique.PennNameA PennName is a username which is unique to each individual at Penn. It may be used on multiple systems at Penn for that individual's accounts. Association between an individual and the individual's PennName is maintained using the PennNames service (see References, below). A PennName may also be a reserved name which is not explicitly tied to a particular individual. These are often used for mailing lists, aliases, or accounts not tied to a particular person ("role" accounts).PennNamesPennNames is a service to support migration to and maintenance of a common University namespace. It consists of a database, a set of system administrator tools, and basic policies.PennName sponsorThis is a school, center or service that uses PennNames to register its use of a PennName for a service or system. A particular PennName may have multiple sponsors if an individual has (or had) access to multiple systems or services at Penn (see References, below), or if multiple systems have role accounts or mailing lists by the same name.Penn IDA unique eight-digit number issued to Penn and UPHS affiliates. University offices frequently require a Penn ID as a unique ID, similar to an employee ID number. PennCard holders will find their Penn ID printed on their PennCard -- it is the middle 8-digit sequence of numbers. A Penn ID is generated when an individual is added to Penn Community, either manually or via feeds from SRS and Payroll systems.

This policy covers change and transfer of PennNames.

  1. The PennName will be associated with an individual indefinitely, regardless of the following events:
    1. the username's removal from the sponsor's system(s); or
    2. the individual's separation from Penn, whether through graduation, retirement, resignation, termination or death

    unless the PennName is transferred, as described below.

  2. Individuals may change their PennName under the following conditions:
    1. legal name change;
    2. PennName deemed offensive;
    3. typographical, technical, or administrative error discovered within 1 business week of creation, as long as the PennName only has been used in ways that can easily be undone (e.g. accounts can be renamed, but publication of an email address cannot be reversed);
    4. harrassment; or
    5. transfer of their PennName (see Statement of Policy number 3).

    In such cases, the former PennName is not available for reuse, except in the case of transfer, per Statement of Policy number 3.

  3. If an individual or group wishes to be assigned a PennName already in use or take a PennName out of circulation, the following process may be used:
    1. The requester may contact his or her computing director.
    2. The requester's computing director may negotiate with the other sponsor(s), and, where feasible, the current holder of the PennName, to reach a resolution. The current holder may participate in the negotiation, but does not have veto power. The University, as issuer and owner of the PennName, is the governing authority during this process.
    3. For the purpose of transfer negotiations, the Information Security Officer will act as the computing director responsible for PennKey sponsorships.
    4. If all are in agreement, the PennName may be transferred from the current holder to the requester or taken out of circulation.
    5. ISC must notify the current holder about the transfer, if the transfer results in the deletion or renaming of the current holder's authentication or authorization credentials for a sponsor's system or service. The last known contact information will be used to attempt to notify the holder of the transfer.
  4. If a PennName is changed or transferred, the transferring and sponsoring organizations must be responsible for removing any system, application, and/or data access authorized on the basis of that PennName.
  5. PennName changes will be reported to sponsors by ISC, so appropriate authorization changes can be made.
  6. PennNames created prior to July, 2004 that do not have Penn IDs associated with them by January 1, 2006 will be made available for re-use.
  1. Local support providers (LSPs) should encourage users to select their PennName carefully, since opportunities for change are extremely limited. In most cases, the PennName a user selects will become the username for their Penn email account. LSPs should have users create their PennKey before their school account, to encourage a standard method for PennName selection.
  2. Transfer of a PennName should not be undertaken lightly, given the resulting inconvenience to the former holder of the name.
  3. In certain cases transfer may be impossible, given the inability of certain systems to rename accounts.

A. Verification: Verification of this policy will occur when PennNames support staff process PennName change or transfer requests or during the course of troubleshooting.

B. Notification: Notification of compliance issues will be made to PennNames sponsors, associated LSPs and computing directors.

C. Remedy: New PennName change and transfer requests must fall within policy. Existing conflicts created prior to this policy should be resolved as soon as possible. A server or service with many names out of compliance may be deemed non-PennNames compliant and therefore experience loss of or limited access to University-wide services.

D. Financial Implications: The PennName sponsors and ISC bear the staff time costs associated with PennName changes and transfers.

E. Responsibility: Responsibility for complying with this policy lies with PennName sponsors and ISC.

F. Time Frame: This policy is a formal statement of working policy that has been in place since 1997 (see References, below). The first step in a PennName change (addition of sponsorship for a new PennName) that falls within policy can be done within 2 business days; completion of the change (removal of old sponsorships) is subject to the time frame determined by each sponsor. Transfer of a PennName that is already in use can take substantially longer, and is subject to the time frame determined by each sponsor.

G. Enforcement: Failure to comply with policy and with the appeals process will lead to denial of a PennName change or transfer request.

H. Appeals: Appeals should be escalated within the affected organizations, for resolution by the respective IT Directors. If the conflict cannot be resolved, the IT Directors should present their cases in writing to the IT Policy Committee (ITPC). The ITPC will recommend a resolution. If either of the parties reject the ITPC's recommendation, they should take the issue up with the heads of their respective schools or centers. The Vice President of Information Systems & Computing should be consulted if further resolution is required.