uTexas Enterprise Directory (TED)
uTexas Enterprise Directory (TED) Acceptable Use Policy
Last Revised: v1.1 March 2, 2005
Last Edited: February 29, 2012
See the change log for a list of significant changes made to this document.
The uTexas Enterprise Directory (TED) is a private enterprise directory service provided by Information Technology Services (ITS) for use by campus employees and departments to:
- Retrieve information of enterprise interest from the UT Austin identity registry;
- Authenticate UT EID holders when logging into departmental systems; and
- Authorize access to systems or applications based on information stored within TED.
TED contains confidential information and is not equivalent to the public "white pages" directory (located at http://directory.utexas.edu/).
System Use and Responsibilities
TED is a repository of information consolidated for the internal use of university departments. It is not the system of record for any student or employee information and from time to time may not reflect the current, official status of a student or employee.
You agree that non-public information (i.e., information not available through public sources such as the white pages directory) that you access through TED will be used only to authenticate or control access to your application and/or for the specific purposes described in your request for TED access. You also agree that non-public data obtained using your user or service account will not be presented to users by your application, nor will you divulge it to others, unless specified in your request for TED access. If your system displays data to users that has been restricted from release by the subject of the data, the system must indicate to the user that the data is release-restricted.
You agree to use this service in a manner consistent with this policy and with other university rules governing acceptable use of information technology. You also agree to comply with all applicable state and federal laws. The Family Educational Rights and Privacy Act of 1974 (FERPA) restricts access to student records. These legal restrictions apply to all users of TED. All account holders are responsible for maintaining the confidentiality of records made available through TED.
Failure to comply with this policy may result in a discontinuation of service or disciplinary actions. Failure to comply with applicable law could result in civil actions or criminal charges.
Two types of accounts are authorized for access to TED: user accounts and service accounts. User accounts are issued to individual people, while service accounts are issued to applications and systems. This policy applies to both types of accounts, with the department sponsor of service accounts assuming responsibility for those service accounts.
A user account must be used only by the person to whom it is assigned. The password and other credentials associated with a user account must not be shared with anyone. Each user account holder is responsible for all actions accomplished with his/her account and password, including unauthorized access that results from negligence in maintaining password secrecy.
A service account must be used only by the application for which it is originally authorized. The shared secret and other credentials associated with the service account must not be shared with anyone or any other systems. Service account sponsors are responsible for all actions accomplished with their service account and credentials, including unauthorized access that results from negligence in maintaining credential secrecy.
Service accounts are authorized to use TED on a per-application/per-usage basis. Service account holders must not provide TED access to other applications or for purposes other than those included in the original request for access. A separate request for access must be submitted to add additional applications or uses to a service account authorization.
All TED account activity is subject to logging and security monitoring.
Servers, applications and other resources with access to TED must be protected from unauthorized physical and electronic access.
Use of TED must be responsible, efficient and non-disruptive. Excessive consumption of TED resources may result in suspension of access privileges.
User accounts must not be used to provide access to TED information by multi-user systems. All applications that access TED must have a service account. Systems that access TED information through a service account must contain an authorization mechanism that limits access to TED information to those users who are authorized to view the information. System administrators must produce authorization records upon request.
Any attempt to circumvent TED authentication and authorization mechanisms is strictly prohibited.
You agree that user passwords, service shared secrets, and other non-public information will be transmitted only via SSL or equivalent technology. This includes communications between your application and TED servers, and also any communications involved in making use of the data you retrieve from TED.
User account holders and service account sponsors agree that they will only use their access to TED for the purposes stated in the request for access; that they will maintain the security of passwords, shared secrets and other account credentials; and that they will immediately report any breach of security to the Information Security Office (firstname.lastname@example.org) and the TED administrators (email@example.com).
Policy Acknowledgement Renewal
Acknowledgement of this policy must be renewed on an annual basis. User account holders and service account sponsors must renew their agreement with this policy to maintain access to TED.
For more information about TED, consult the TED web site.
For more information about UT Austin's information technology policies, consult the Policies section of the Web site for the Chief Information Officer.