Changes between Version 1 and Version 2 of ResourceAccountForm


Ignore:
Timestamp:
06/24/13 21:18:55 (11 years ago)
Author:
lttoth@…
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • ResourceAccountForm

    v1 v2  
    1 Resource Account / Credentials Request for                              [[BR]] 
    2 UA Enterprise Directory & UA Authentication Service 
     1= Resource Account / Credentials Request =  
     2== UA Enterprise Directory & UA Authentication Service == 
    33 
    44 
     
    1515 
    16163. Brief narrative of service provided 
    17     Audience (who will use?) 
    18     Anticipated demand in full production (peak logins or queries / hour) 
    19     Service platform (e.g., IIS, Apache, Roxen,…) 
     17    Audience (who will use?)[[BR]] 
     18    Anticipated demand in full production (peak logins or queries / hour)[[BR]] 
     19    Service platform (e.g., IIS, Apache, Roxen,…)[[BR]] 
    2020 
    21214. Authentication method(s) - please refer to "UA Authentication Methods" 
     
    4848Resource Account / Credentnials Security Statement[[BR]] 
    4949* For reasons of security and privacy, the UA central authentication service and web single sign-on services requires that users authenticate using trusted third party authentication rather than relaying credentials.  Exceptions must be justified by technical limitations of the service and must deploy appropriate audited controlled access to the service and server platform in the UA machine room.  [[BR]] 
    50 * Information about an authenticated user can be passed via CAS or SAML to your application upon a user’s successful authentication without needing to query EDIR or AD directly; in these cases no account credentials are necessary for your application to authenticate users or receive attributes about them.  However you will need to establish formal trust between your application and the UA IdP via PKI.  Contact !IAM@Alaska.edu .  
     50* Information about an authenticated user can be passed via CAS or SAML to your application upon a user’s successful authentication without needing to query EDIR or AD directly; in these cases no account credentials are necessary for your application to authenticate users or receive attributes about them.  However you will need to establish formal trust between your application and the UA IdP via PKI.  Contact !ua-iam-dept@alaska.edu .  
    5151* If your project does require EDIR resource credentials, those credentials are granted for the specific purpose of querying EDIR and not for the purpose of developing "log in" pages to relay UA credentials or otherwise creating duplicate or shadow services provided by IAM.   Development of application specific "log in" pages utilizing EDIR credentials inadequately protects users’ credentials and is strongly deprecated. 
    5252* You are responsible for protecting the EDIR resource credentials assigned to your project and the information collected by those credentials (or provided by CAS or SAML).  Resource credentials may not be shared with other departments or groups; it is strongly recommended that all applications rely on their own unique credentials, so that in the case of compromise, the disruption is minimized.  
     
    5454* If any of these requirements to protect users credentials and appropriately use data obtained from the directory are not met, IAM and Security may disable those credentials pending remediation of those defects. 
    5555* Should questions arise about the use of credentials by your service or application, you agree to work with OIT’s IAM and Security departments to verify the suitability of your service's processes (e.g., through testing, review of code, and/or a security audit) and correct, as necessary. 
    56 Please be assured that IAM strives to make central authentication and assertions of attributes useful, reliable and practical.  Contact !IAM@Alaska.edu with any concerns or problems with our services and we will work with you to resolve them.[[BR]] 
     56Please be assured that IAM strives to make central authentication and assertions of attributes useful, reliable and practical.  Contact !ua-iam-dept@alaska.edu with any concerns or problems with our services and we will work with you to resolve them.[[BR]] 
    5757Draft 2011-07-18