About TED

The uTexas Enterprise Directory (TED) is a private enterprise directory service provided by Information Technology Services (ITS) for use by campus departments to:

• Retrieve information of enterprise interest from the UT Austin identity registry;
• Authenticate UT EID holders when logging into departmental systems; and
• Authorize access to systems or applications based on information stored within TED.

TED contains confidential information and is not equivalent to the public "white pages" directory (located at http://directory.utexas.edu/).

System Use and Responsibilities

TED is a repository of information consolidated for the internal use of university departments. It is not the system of record for any student or employee information and, from time to time, may not reflect the current, official status of a student or employee.

You agree that non-public information (i.e., information not available through public sources such as the white pages directory) that you access through TED will be used only to authenticate or control access to your application and for the specific purposes described in your request for TED access. You also agree that non-public data obtained using your service account will not be presented to users by your application, nor will you divulge it to others, unless specified in your request for TED access. If your system displays data to users that has been restricted from release by the subject of the data, the system must indicate to the user that the data is release-restricted.

You agree to use this service in a manner consistent with this policy and with other university rules governing acceptable use of information technology. You also agree to comply with all applicable state and federal laws. The Family Educational Rights and Privacy Act of 1974 (FERPA) restricts access to student records. These legal restrictions apply to all users of TED. All account holders are responsible for maintaining the confidentiality of records made available through TED.

Failure to comply with this policy may result in a discontinuation of service or disciplinary actions. Failure to comply with applicable law could result in civil actions or criminal charges.

TED Accounts

TED service accounts are issued to applications and systems. The department sponsor of service accounts assumes responsibility for those service accounts.

A service account must be used only by the application for which it is originally authorized. The shared secret and other credentials associated with the service account must not be shared with anyone or any other systems (though it may be stored in a secure escrow service such as Stache). Service account sponsors are responsible for all actions taken with their service account and credentials, including unauthorized access that results from negligence in maintaining credential secrecy.

Service accounts are authorized to use TED on a per-application/per-usage basis. Service account holders must not provide TED access to other applications or for purposes other than those included in the original request for access. A separate request for access must be submitted to add additional applications or uses to a service account authorization.

Security Requirements

All TED account activity is subject to logging and security monitoring.

Servers, applications and other resources with access to TED must be protected from unauthorized physical and electronic access.

Use of TED must be responsible, efficient and non-disruptive. Excessive consumption of TED resources may result in suspension of access privileges.

All applications that access TED must have a service account. Systems that access TED information through a service account must contain an authorization mechanism that limits access to TED information to those users who are authorized to view the information. System administrators must produce authorization records upon request.

Any attempt to circumvent TED authentication and authorization mechanisms is strictly prohibited.

You agree that user passwords, service shared secrets, and other non-public information will be transmitted only via SSL or equivalent technology. This includes communications between your application and TED servers, and also any communications involved in making use of the data you retrieve from TED.

Service account sponsors agree that they will only use their access to TED for the purposes stated in the request for access; that they will maintain the security of passwords, shared secrets and other account credentials; and that they will immediately report any breach of security to the Information Security Office (abuse@utexas.edu) and the TED administrators (iadteam@utlists.utexas.edu).

Policy Acknowledgement Renewal

Acknowledgement of this policy must be renewed on an annual basis. Service account sponsors must renew their agreement with this policy to maintain access to TED.

Further Information

For more information about TED, consult the TED web site.

For more information about UT Austin's information technology policies, consult the Policies section of the Web site for the Chief Information Officer.