Integrated People-Oriented Development Scheme —To improve IT efficiency by centralizing the management of user authorization for tertiary education institution

Abstract

The Department of Computer Science (CS Dept) is one of most IT-intensive departments in City University of Hong Kong (CityU) which prompts the innovative technology for teaching, learning and researches. With its rapid growth over the past 20 years, CS owns many in-house well developed administrative systems that are all maintained by CS Laboratory (CS Lab). At present, these legacy systems have raised lots of problems relating to the user account management of CS Dept. In addition, it leads the impact on existing limited labor resources if this situation remains unchanged. Therefore, it raises the management concerns and wants to resolve the present unproductive workflow by simplifying the administrative role-based assignments across different application systems in CS Dept. A system integration development proposal called “Integrated People-Oriented Development Scheme”, which code name is IPODS, is to centralize all user access control management and authorization under Role-Based Access Control (RABC) framework. In order to meet the high service level requirements in CS Dept, IPODS is designed to align with the modularized structure of Service-Oriented Architecture (SOA). In addition, IPODS applies the open standard protocol by eXtensible Access Control Markup Language (XACML) to deal with data access control management and encounter with data exchangeability at the same time. In comparison with alternative project proposals, IPODS is evaluated to achieve higher ratings on the five IT business objectives of CS Dept, such as Cost of Ownerships, Dependence, Demand Growth, User Impacts and Usage Frequency, in overall. Since the implementation phase of IPODS project doesn’t match the timeline of MBA project, it is limited to evaluate the project result by simulation. The simulation result indicates that it gains 5 times efficiency on the role-based assignment process. Besides, it is predicted that CS Dept will have a streamlined, robust and auditable access control management system to achieve better system integration flexibility and higher user service level standards. These intangible qualities can be measured by IT effectiveness metrics on the different dimensions, such as efficiency, performance, productivity, and user satisfaction. In conclusion, IPODS brings out an implication on the business application design about the importance of platform openness and system modularity to achieve higher reusability and service pledge in business organization. Furthermore, it has high potentials to generate several opportunities, such as Separation of Duties, Role Optimization, Automatic Account Replication and XML Account Portfolio, for continuous improvement. Therefore, IPODS is worth for implementation so as to maximize the benefits of IT support management in CS Dept.