Understanding and Deploying LDAP Directory Services (2nd Edition)

Understanding and Deploying LDAP Directory Services > 6. Data Design > Creating a Data Policy Statement

Creating a Data Policy Statement

Before you begin the somewhat arduous task of identifying and characterizing each of the data elements you plan to store in your directory service, it is important to develop some general guidelines about directory data. These guidelines should be collected in a written data policy statement. The purpose of such a statement is to help everyone who is affected by your directory service to understand in general terms how data will be handled. Because this group includes you, your directory deployment team, data source owners , application authors, and end users, you should widely publish your data policy statement throughout your organization.

Your data policy statement should cover the following topics:

• Guidelines for determining what data will and will not be stored in your directory service   For example, your general guideline could be that any data element that is likely to be shared by more than one application will be stored in your directory. You might decide that large values (greater than 10KB) would never be stored in your directory.

• Guidelines for access to directory data.   This is especially important if you plan to store any sensitive information in your directory service. You should also include general guidelines on the kind of authentication and encryption required when accessing directory data.

• Guidelines for modification of directory data.   This might include information about whether you expect end users to be allowed to update their own entries, the ability of applications to modify entries, and other "data ownership" issues. You should also include general guidelines on the kind of authentication and encryption required when making changes to directory data.

• Legal considerations.   There may be certain kinds of information that you simply cannot store in your directory service or give people access to because of privacy laws, employment contracts, or other legal consider-ations. It is best to involve your organization's legal staff when formulating this aspect of your policy.

• Guidelines for maintaining data that is stored in more than one location.   Typically, you will have some data elements that are stored in your directory service as well as in one or more data sources that are not part of your main service. A general policy should cover topics such as how to handle data flow between the sources and which source will be authoritative .

• Guidelines for handling exceptions to your general policies.   Because no policy can cover all possible situations, you should define a simple process for handling exceptions.

Your data policy statement should be a fairly stable document. However, you will inevitably need to evolve your policy as your organization changes, as you learn more about managing your directory service, and when external factors such as privacy laws change.

Because your data policy statement will cover a lot of ground, it is essential that you involve other groups within your organization in the process of creating and reviewing the policy. In many cases the actual data policy will in fact be defined mainly by people outside your directory team. For example, the owners of important data sources and your legal department will undoubtedly have a lot to say about how you should handle data.

Here are some specific groups to enlist when defining your directory data policy:

• Your directory design and deployment team

• People who maintain other important data sources within your organization, (for example, the human resources department)

• Authors and deployers of important directory-enabled applications

• Your legal department

• Upper management, including your chief information officer (CIO) or even the office of your chief executive officer (CEO)

Now that you have a good start on creating a data policy statement, it is time to examine the specific data elements you will store in your directory. Looking at specific examples of data elements will also help you firm up your data policy.

Index terms contained in this section

access

          data

authors

          consulting on data policy statements

consulting

         authors

                    data policy statements, creating

         design and deployment teams

                    data policy statements, creating

         legal departments

                    data policy statements, creating

         upper management

                    data policy statements, creating

data

         design

                    data policy statements 2nd 3rd 4th

data policy statements

          creating 2nd 3rd 4th

                    access

                    authors

                    design and deployment teams

                    general policy exeptions

                    legal departments

                    legal issues

                    modifications

                    multiple location maintenance

                    storage

                    upper management

deployment

         teams

                    data policy statements, creating

design

         data

                    data policy statements 2nd 3rd 4th

legal departments

          consulting on data policy statements

maintaining

         data storage

                    multiple locations

management

          consulting on data policy statements

modifying data

          data

storage

          data

2002, O'Reilly & Associates, Inc.