Main Nav

Message from alacer.cogitatus@gmail.com

Good Evening List, I was wondering how many Higher Ed Schools have a photo directory (students and faculty and staff) and how you implemented it. There is some debate at my institution over querying a MSSQL Database to pull the image, or using powershell to populate Active Directory and doing the lookup that way. I wanted to get input and see what others are doing. Thanks! K

Comments

While we don't show photos within our web-directory pages, we do have photo rosters within our Sakai-based LMS and within a few other applications. Today, these photos are fetched from the official photos we store within the jpegPhoto attribute in our unix/fds/389 ldap cluster. This works just great when we have one source for photos (our ID-card center). The problems that have surfaced are 1) the need for a few different photos (Official vs Self-provided & Small (few kb) vs Large (>>few kb)) and 2) the different preferences of applications (official-only, prefer-official, prefer-self-provided). We're planning on a) keeping these photos and their attributes primarily in SQL, b) creating views/procedures that implement the different application preferences, c) populating one of those views (probably official-only or prefer-official) into our LDAP, and d) making a web-service the primary access mechanism Bert Bee-Lindgren, Identity Management & Middleware IT/EIS :: Georgia Tech :: 811 Marietta, Across from Richard Tanner (Cube 230 on Fridays) W: 877-237-8251 :: SMS: 402-237-8251 :: AIM: BertBeeLindgren https://mail.gatech.edu/home/bl17?fmt=freebusy (my availability)
Message from les.lacroix@carleton.edu

We store the ID card photos in our enterprise LDAP directory, which is separate from Active Directory. We have no provision for sourcing LDAP photos from other sources. The photos in LDAP are used directly by the campus white pages search, class photo rosters from the student information system (Colleague), and on the "person" screens in the ERP. I don't believe we are automatically importing photos into Moodle. The "search" box in the campus website, on the other hand, is part of our content management system (CMS). In addition to page content, it also does a white pages search. When there is a match, it also displays a miniature version of the white pages results side-by-side with the page results. Further, it displays other "public" photos of the person that are stored in the content management system. I am pretty sure that those other photos are just blobs in the CMS database. -Les __________________________________ Les LaCroix | Strategic Technologist and EIS Team Lead Carleton College | 1 N. College St. | MS 3-ITS | Northfield, MN 55057 507.222.5455
I think the main considerations are if you have an authoritative, consistent source for the photos and if there are privacy concerns related to what is allowed to access the images. We do not store photos centrally though we have some systems that collect and store photos independently. I'm envious of those who have described having access to ID badge photos. I think the use cases for well vetted, authoritative photos are different than use cases that allow self asserted images. I have stored images in and displayed images from the jpegphoto attribute using Java. I would likely choose to store photos in the directory if I had a reliable source of photos to work with. But our Person Registry is implemented using a directory, if your Person Registry is implemented in a database I think it would make more sense to store user photos in your Person Registry alongside the rest of that user's attributes.
We've got an "ID Card" restful web service with photos from anyone who has a "Husky card" available in it. Access is restricted, and the policy governing access is the same as for our Student web service. I've had an outstanding request to add photos to our enterprise AD for about 4-5 years now. There are several Microsoft applications--notably Outlook--which will leverage the photo if it's there. We haven't prioritized untangling the problem of getting permission to stick those photos in AD. The problems for AD are: by default any AD authenticated user could view any one else's photo, and by default any user can add/change their own photo. These aren't insurmountable problems, but they are tricky, and the demand from our AD customers hasn't justified putting in that effort (yet). Since a user can add their own photo to AD, we've also thought about making it easy for folks to self-publish their own photo. >
My initial reaction would be to not allow self publishing of photos. The result would be varying levels of quality, pose, size, professionalism, and would call into question if the photo is actually of the person identified. If the photo is well vetted then it can be used as an identity check for in-person verification. Consistent pose and professionalism would, I think, be desired for an online photo directory.
On 7/30/2012 11:26 AM, Brian Arkills wrote: > We've got an "ID Card" restful web service with photos from anyone > who has a "Husky card" available in it. Access is restricted, and the > policy governing access is the same as for our Student web service. This is similar to what we do, although our service predates the concepts of "web service" and "REST" ;) > I've had an outstanding request to add photos to our enterprise AD > for about 4-5 years now. There are several Microsoft We're in the process of figuring out how to add these to our latest incarnation of our enterprise LDAP directory. For us, the bigger issue is performance - suddenly increasing the average size of a good chunk of our entries from ~5K to ~500K presents some challenges. Possibly looking at some "virtual directory" magic to enable us to store them in a separate physical directory but look like a single entry to apps. -- %% Christopher A. Bongaarts %% cab@umn.edu %% %% OIT - Identity Management %% http://umn.edu/~cab %% %% University of Minnesota %% +1 (612) 625-1809 %%
On 7/30/2012 11:57 AM, Jones, Mark B wrote: > My initial reaction would be to not allow self publishing of photos. > The result would be varying levels of quality, pose, size, > professionalism, and would call into question if the photo is > actually of the person identified. > > If the photo is well vetted then it can be used as an identity check > for in-person verification. Consistent pose and professionalism > would, I think, be desired for an online photo directory. For several years our ID card office has offered an "express" program where an incoming student mails in a photo so their card can be produced in advance. This helps avoid huge lines during orientation. Students are informed ahead of time what the photo standards are, and ID card office staff verify they comply before producing the cards (if the photo does not comply, the student is informed via email so they can resubmit). The ID card office staff take care of any cropping/resizing during the scanning process, so the pictures are at least somewhat consistent with each other. When the student comes to pick up the card, they just need to present the usual vetting ID (drivers license, etc.) and the photo on the already-produced card can be checked against the ID and the person before handing over the card to them. -- %% Christopher A. Bongaarts %% cab@umn.edu %% %% OIT - Identity Management %% http://umn.edu/~cab %% %% University of Minnesota %% +1 (612) 625-1809 %%
> Mark Jones wrote: > My initial reaction would be to not allow self publishing of photos. I'd agree that the official photos are "needed" and self-provided ones are just nice to have, but we find that they are both valuable enough to support. However, we could never support both if each approved application couldn't make their own official vs unofficial choice. For instance, if an official pictures is not available for some reason, our Police department and security desks would prefer to not display a photo at all than to risk a self-provided one actually being someone else. However, a faculty-research site would prefer to display "good" photos than official mug shots. As to the risk of unprofessional or inconsistent pictures... we tackle this in three trust-and-verify steps: a) Put authorization in place as to who can upload a picture b) Have a short policy about format, professionalism, etc as well as a "we have the final say" clause c) Let Information Security, Managers and The Dean of Students talk with offenders and/or deauthorize them. This approach is similar to the risk management surrounding self-selected email addresses, network access, copyright violations, guest sponsorship and probably a dozen other forms of behavior. So far, so good.... Knocking on wood, Bert Bee-Lindgren, Identity Management & Middleware IT/EIS :: Georgia Tech :: 811 Marietta, Across from Richard Tanner (Cube 230 on Fridays) W: 877-237-8251 :: SMS: 402-237-8251 :: AIM: BertBeeLindgren https://mail.gatech.edu/home/bl17?fmt=freebusy (my availability)
Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.