Login ID Password Setting Process/Large scale, Remote places

Issuing accounts (IDs, passwords) for using PCs or networks in a company.

Summary

 * Account issuing/reissuing process in an organization running directory services (LDAP, ActiveDirectory, etc)


 * Depends on seasons, a number of (a hundred of/ a thousand of) setting is necessary.


 * Such as the cases in remote brunches, remote places, face-to-face authentications at the information system head office is often unrealistic.

Possible Risks

 * “Issuing by spoofing” of a malicious third party (involving identity theft)
 * “Wiretapping” by an internal person (involving identity theft)

People In Charge of the Process (Participants)

 * User: any-person@company.com
 * service-desk (located): service-desk@company.com
 * information system section: information-system@company.com

Process Owner

 * Person in charge of the information system account

Diagram
There are two types of notification e-mail messages, that is, “new ID issue completed” or “Pw reset completed”. In each e-mail massage, the following contents would be included:
 * Necessary items to bring (the account, a piece of ID)
 * Contact with (Service Desk)
 * Date and time for receiving

digraph TMPG { graph [size="10,10", rankdir=LR]; node [shape=box, style=rounded]; edge [labelfloat=true];

subgraph clusterp { style=dotted; labeljust=l; label="any-person@company.com (Non-login)"; pS [label="", shape=circle, width="0.3"]; p1 [label="p1:\nSelf-application"]; pm [label="pm:Notification\nE-mail", shape=ellipse, style=dotted];

pS -> p1 [weight=10]; p1 -> pm [style=invis,weight=10,minlen=2]; }

subgraph clusterP { labeljust=l; label="any-person@company.com (e.g., taker of non-regular employees)"; PS [label="", shape=circle, width="0.3"]; P1 [label="P1:\nProxy-application"]; Pm [label="Pm:Notification\nE-mail", shape=ellipse, style=dotted];

PS -> P1 [weight=10]; P1 -> Pm [style=invis,weight=10,minlen=2]; }

subgraph clusterS { labeljust=l; label="service-desk@company.com"; SS [label="", shape=circle, width="0.3"]; SE [label="", shape=circle, width="0.3", style=bold]; S1 [label="S1:\nProxy-application"]; Sm [label="Sm:Notification\nE-mail", shape=ellipse, style=dotted]; S2 [label="S2:\nface-to-face authentication\nHanding after\n(occasionally a training course)"];

SS -> S1 [weight=10]; S1 -> Sm [style=invis,weight=10,minlen=2]; Sm -> S2 [style=invis,weight=10]; S2 -> SE [weight=10]; }

subgraph clusterI { labeljust=l; label="information-system@company.com (double-check/internal-check)"; I1 [label="I1:Application\nContents confirmation"]; IE [label="", shape=circle, width="0.3", style=bold]; I2 [label="I2:by mail/phone, etc.\nNotification\n"]; IE2 [label="", shape=circle, width="0.3", style=bold];

I1 -> IE [arrowtail=odiamond, label="Application rejected(notification)", weight=10]; IE -> I2 [style=invis]; I2 -> IE2; }

subgraph clusteri { labeljust=l; label="information-system@company.com"; i1 [label="i1:\nIssuing an account\n(temporary Pw)"]; }

p1 -> I1; P1 -> I1; S1 -> I1 [weight=10]; I1 -> i1 [arrowtail=rcrowlvee, weight=20]; i1 -> S2 [arrowtail=rcrowlvee]; i1 -> I2 [arrowtail=odiamond, label="Remote place", weight=20];

i1 -> Sm [arrowhead=onormal, style=dotted]; i1 -> Pm [arrowhead=onormal, style=dotted]; i1 -> pm [arrowhead=onormal, style=dotted]; pm -> S2 [arrowhead=onormal, style=dotted];

pS->S1 [style=invis, weight=2]; SS->p1 [style=invis, weight=2]; I1->Sm [style=invis, weight=10]; S1->I1 [style=invis, weight=10]; Sm->I2 [style=invis, weight=10];

}