When I was CIO of Utah directory issues seemed to take up a lot of our time and effort. When I became CIO, the state had been using the domain name state.ut.us. The domain name was not particularly easy to remember and when you tacked on one or two subdomains to identify a department or agency, the affect was almost comical. For example, my email address was email@example.com. The Governor remarked that he could almost feel people start to dance to the rhythm when he told them his email address.
In addition to the official domain name, agencies in state government had gotten into the habit of registering domain names in the .org TLD for every publicly facing Web site they started and Utah managed over 100 domain names outside the official one. This was a huge problem in building brand awareness around the State's Web site and meant that it was impossible to know when you were on an official State Web site and when you were not.
Shortly after I came on board, I discovered that we owned the domain name utah.gov. Much shorter, much easier to remember, and more authoritative. By fiat and with the Governor's support, I declared that Utah was moving to utah.gov. Now, this is not a strategy I'd recommend as a way to endear yourself to people, but it did accomplish the goal: within a month, we were using utah.gov as a domain name for our primary Web server and contemplating how to migrate the rest of the organization.
There were two primary issues.
- Utah.gov represented a namespace that had been delegated to the State of Utah and within which we could manage things like server names and email addresses.
- The state had never had an enterprise strategy for naming and each department and agency ran its own directory service for email and passwords--some ran many with each division controlling their own directories.
The first problem called for the creation of a registration process and the appointment of a registrar though whom organizations within the State could reserve subdomains within utah.gov. In essence the job of the registrar was to create namespaces within utah.gov and ensure that the names were unique, meaningful and correctly recorded.
The second problem was more difficult. The first step was to create a voluntary program though which people who wanted a utah.gov email address would reserve a name. A simple program forwarded email sent to that name to their real mailbox. That step was only temporary while we went through the difficult process of creating a naming procedure for assigning unique names (which would become email addresses) to each employee. We finally settled on first initial/last name scheme with a series fall back schemes for duplicates. The policy specifically prohibited names not associated with a person's real name to prevent people having email addresses like firstname.lastname@example.org (unless that happened to be their real name, of course).
We also set up a metadirectory so that the directories in the agencies could cooperate to formed a single large logical directory. This wasn't as easy as it should have been since many of the directories in use hadn't been updated for years and didn't support metadirectory linking. Creating such a logical directory from already existing directories means that the names in those directories had to be normalized according to the naming scheme we'd come up with first.
The use of multiple distributed directories had advantages in performance and local control, but caused some difficulties with integration with other enterprise systems like the HR systems. The ultimate goal is to provision entries in the directory and even access control rights based on the employee's status within the HR system. The technical problems faced here pale by comparison to the political challenges. To begin with, you're asking many people to change their email address-some of them many years old. This has personal and organizational costs. Second, there are some people who are more equal than the rest and cannot be asked to change their email address. They get first pick if there's a conflict. One executive director even insisted on having every possible permutation of her name and initials assigned to her to prevent anyone from accidentally sending mail intended for her to someone else with a similar name.
Ultimately we were successful, establishing a single namespace within utah.gov for all email and logins. We even converted the State's many Web servers to a name within the utah.gov domain name. The effort took almost two years to complete, but once done, enhanced our ability to brand the State's Web services and gave people email addresses they could give to people without having to break out the bongo drums.