Remove:
5.2.1.3 Other Trusted Roles
Access to TAS functionality is provided via five different roles. Each individual TAS operator is assigned a single role. The TAS roles and their associated functions are defined below:
1. Role Manager
The Role Managers are appointed by the Office of the Vice President for Information Technology or designee. A role manager will validate requests for managing TAS operators prior to performing the following tasks:
• Add and assign operators to roles
• Reassign operators to roles
• Delete operators
• Initialize RSA key pairs for each TAS site
• Specify the required forms of identification (credentials) for subscriber registration
• Add and remove participating departments
2. TAS Installer
This role is responsible for setting up the initial system parameters. These parameters are initially entered by the Installer, but can be changed after the installation by the TAS Administrator. These parameters include:
• ED-ID attributes
• CA chain to be loaded onto tokens during the enrollment process
• TAS operators certificate validation CA
• Email notification to the new subscribers
• Terms and conditions for TAS
The installer has access to the following forms:
• Login
• Installer
• Main
3. TAS Administrator
This role is responsible for maintaining the system functionality through the TAS administrator console, after the initial installation. TAS administrator tasks include the following:
• Set up initial default administrative password and a default subscriber password for the tokens (This value is setup during the initialization of the token and stored in the TAS database.)
• Setup database connection parameters
• Select a department RSA key
• Apply software upgrades and patches
The Administrator has access to the following forms:
• Login
• Admin
• Installer
• Main
4. RAA (Registration Authority Administrator)
This role is responsible for authenticating and registering the subscribers into TAS. This role has access to the following functions forms:
- 21 -
• Login
• Main
• Register
• Token Password reset
• Revoke
• Recycle
• View subscribers
5. CAA (Certificate Authority Administrator)
This role is responsible for issuing certificates and tokens to subscribers who have registered with the RAA. This role has access to the following forms:
• Login
• Main
• Issue
• Token Password reset
• View subscribers
• Recycle
6. Password Reset Administrator This role is responsible for resetting subscriber token passwords and has access to the following forms:
• Login
• Main
• Token Password reset
• View subscribers
7. Certificate Revocation Administrator
This role is responsible for revoking subscriber certificates, and has access to the following forms:
• Login
• Main
• Revoke
|
Add: (changes are in red)
Access to TAS functionality is provided via several different roles. Each individual TAS operator is assigned one or more roles, they however cannot be assigned any of the following role combinations:
• CAA and RAA
• Role Manager and CAA
• Role Manager and RAA
1. Role Manager
The Role Managers are appointed by the Office of the Vice President for Information
Technology or designee. A role manager will validate requests for managing TAS
operators prior to performing the following tasks:
• Add and assign operators to roles
• Reassign operators to roles
• Delete operators
• Initialize RSA key pairs for each TAS site
• Specify the required forms of identification (credentials) for subscriber registration
• Add and remove participating departments
• Manage affiliations and groups
2. TAS Administrator
This person is responsible for configuring global system settings which include the following:
• ED-ID connection parameters
• Certificate Authority configuration
• CA chain to be loaded onto tokens during the enrollment process
• TAS operators certificate validation CA
• Various email notifications
• Usage agreement text
The Administrator has access to the following forms:
• Login
• Admin
• Main
3. RAA (Registration Authority Administrator)
This role is responsible for authenticating and registering the subscribers into TAS. This role has access to the following functions forms:
• Login
• Main
• Register
• Token Password reset
• Revoke
• Recycle
• View subscribers
4. CAA (Certificate Authority Administrator)
This role is responsible for issuing certificates and tokens to subscribers who have registered with the RAA. This role has access to the following forms:
• Login
• Main
• Issue
• Token Password reset
• View subscribers
• Recycle
5. Password Reset Administrator This role is responsible for resetting subscriber token passwords and has access to the following forms:
• Login
• Main
• Token Password reset
• View subscribers
6. Certificate Revocation Administrator
This role is responsible for revoking subscriber certificates, and has access to the following forms:
• Login
• Main
• Revoke
7. Inventory Manager:
TAS will only issue certificates to tokens that have been inventoried. This person is responsible for adding newly acquired tokens to the system’s inventory.
The Inventory Manager has access to the following forms:
• Login
• Inventory
• Main |
Jackson Robert Noll, last updated by Frank Galligan on Feb 07, 2011
4 minute read