Educause Security Discussion mailing list archives
Re: Web Kiosks
From: "Bruhn, Mark S." <mbruhn () INDIANA EDU>
Date: Fri, 8 Aug 2003 12:00:20 -0500
We are implementing a scheme of "shallow credentials." This username and password are constructs in our LDAP directory, and are not in our Kerberos KDCs. We're implementing these for parents and other third parties (representatives from organizations sponsoring students, so they can pay bills using ACH, for example). They will be used, essentially, for anyone without standard IU network Ids accessing our Onestart portal, and a limited set of services therein. We are also using "patron" accounts in the Library. These are restricted to information resources managed by the Library. If someone from off-campus has need for a more unregulated ability to do research, they can obtain a longer-term unrestricted set of credentials from the circ desk, by showing a photo id card. For conferees and other guests, including visiting faculty, we are providing them access to wireless by creating an isolated set of accounts in our VPN server. The conference bureau or a department representive can (will be able to) access our Account Management Service to assign one of those accounts to an individual, along with an expiration date. There are other things we're working on, but those are the main areas. One thing that is key is that we don't ever collect any information about what any of these people do (except in the ACH area, because NACHA rules require it...). In almost all other cases, all we know is that a particular individual held credentials during a certain period. If at some point we receive a complaint associated with a device, we would attempt to connect an individual to that device and event, and go from there. M. -- Mark S. Bruhn, CISSP, CISM Chief IT Security and Policy Officer Interim Director, Research and Educational Networking Information Sharing and Analysis Center (ren-isac () iu edu) Office of the Vice President for Information Technology and CIO Indiana University 812-855-0326 Incidents involving IU IT resources: it-incident () iu edu Complaints/kudos about OVPIT/UITS services: itombuds () iu edu -----Original Message----- From: Marty Hoag [mailto:Marty.Hoag () NDSU NODAK EDU] Sent: Friday, August 08, 2003 11:38 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Web Kiosks Steve raised some of the issues we've been dealing with. We are a Land Grant institution and outreach is a prominent part of our avowed mission. If you want all access authenticated how do folks handle brief or occassional visitors? Do they issue time restricted temporary credentials? Do they have kiosks but require the kiosk (or cyber cafe or whatever) provider to provide the Internet access independent of the University network? In addition to Kiosks this issue comes up with wireless LANs, public ethernet ports, and multiuse computer labs. It would be interesting to hear some brief pointers on the way you handle this. Marty ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Web Kiosks, (continued)
- Re: Web Kiosks Bruhn, Mark S. (Aug 08)
- Re: Web Kiosks Dan Updegrove (Aug 08)
- Re: Web Kiosks Bruhn, Mark S. (Aug 08)
- Re: Web Kiosks Steve Worona (Aug 08)
- Re: Web Kiosks Jere Retzer (Aug 08)
- Re: Web Kiosks Bruhn, Mark S. (Aug 08)
- Re: Web Kiosks Bruhn, Mark S. (Aug 08)
- Re: Web Kiosks art (Aug 08)
- Re: Web Kiosks Dick Jacobson (Aug 08)
- Re: Web Kiosks Marty Hoag (Aug 08)
- Re: Web Kiosks Bruhn, Mark S. (Aug 08)
- Re: Web Kiosks Bruhn, Mark S. (Aug 11)
- Re: Web Kiosks David L. Wasley (Aug 11)
- Re: Web Kiosks Schmidt, Eric W (Aug 11)