From: |
Eric Goodman <ericg@ucsc.edu> |
|---|---|
To: |
David Walker <David.Walker@ucop.edu> |
Subject: |
Potential Agenda Item for UCTrust meeting |
Date: |
Mon, 24 Mar 2008 14:29:24 -0700 |
Hi David,
Sorry for all the last minute-ness... been somewhat swamped with our
first "SIR" cycle since our new IDM system went live.
Something we've been looking at (and I've raised at UC Trust meetings
before) is what criteria we will use locally at UCSC to determine
when it is (or is not) okay to include new applications in our
Authentication service. As we've discussed in the past, there's two
aspects to this:
(1) What level of security is UC Trust intending to offer? E.g., is
the UC Trust authentication service intended to be sufficient for
access to systems with HIPAA data? Are there applications to which we
would say "we're not good enough for your authentication needs"?
(2) What (if any) additional risk of breach is encumbered by each
participating application by the addition of a new application into
the SSO mix? E.g., adding an application whose users are known to
share passwords would probably undermine the security of other UC
Trust applications that strongly expect their users to maintain
confidentiality of their passwords.
So with all that as background, do we have guiding principles that
tell us what "sorts" of applications should be considered appropriate
for UC Trust inclusion and what shouldn't? E.g., a coworker told me
this AM that TAS is interested in exploring using UC Trust to
authenticate students. Is that an appropriate use of UC Trust? How
would we/they make that determination?
I'm not so much interested just because of UC Trust, it's more that
this (how to determine what "can and can't play") is still an issue
that is slowing UCSC in deciding how to move forward with UC Trust,
Shib and other SSO ventures here at UCSC. So I'm looking for
frameworks I can steal.
--- Eric