Educause Security Discussion mailing list archives
Re: Enabling a job applicant to resume a submission later
From: "Flynn, Gary - flynngn" <flynngn () JMU EDU>
Date: Wed, 15 Dec 2010 21:59:07 +0000
I hesitate to suggest this on a security list but if you assume the unknown person is responsible for their own credentials on an external service and your terms and conditions state that once they start an application that it will be available to the external service using the initially provided credentials, something like OpenID might be usable assuming you're willing to integrate it with your app. Google has a pretty extensive looking page explaining what needs to be done to use gmail accounts for federated authentication using OpenID technology: http://code.google.com/apis/accounts/docs/OpenID.html At some point afterwards, though, you'd have to verify their identity before taking any actions that assume anything in the application is actually tied to the claimed identity. Wouldn't want to be calling job references for someone who didn't actually submit an application From: Clifford Collins <collinsc () FRANKLIN EDU> Reply-To: Clifford Collins <collinsc () franklin edu> Date: Wed, 15 Dec 2010 16:08:37 -0500 To: <SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Enabling a job applicant to resume a submission later
Folks, I've been approached by one of IT's analysts about a potential project our HR department is contemplating that would enhance our current, home-spun, online job application service. HR wishes to allow a job applicant to resume filling out an application over the course of multiple sessions and over many days. We are still a year or more away from implementing an IdM solution that would enable us to give them a unique login. Also, I would not assume they would use the same workstation each time. The analyst has his own idea for a solution but I am interested in first finding out what you list members might think of for a solution. Do any of you have or can you suggest an interim solution? What are the privacy and/or security considerations? Thanks for your help! Clifford A. Collins Information Security Officer Franklin University 201 South Grant Avenue Columbus, Ohio 43215 "Security is a process, not a product"
-- Gary Flynn Security Engineer James Madison University
Attachment:
smime.p7s
Description:
Current thread:
- Enabling a job applicant to resume a submission later Clifford Collins (Dec 15)
- Re: Enabling a job applicant to resume a submission later Julian Y. Koh (Dec 15)
- Re: Enabling a job applicant to resume a submission later Flynn, Gary - flynngn (Dec 15)
- Re: Enabling a job applicant to resume a submission later John Ladwig (Dec 15)
- Re: Enabling a job applicant to resume a submission later Allison F Dolan (Dec 15)
- Re: Enabling a job applicant to resume a submission later John Ladwig (Dec 15)
- Re: Enabling a job applicant to resume a submission later Jeffrey Schiller (Dec 15)
- Re: Enabling a job applicant to resume a submission later Russell Fulton (Dec 20)
- <Possible follow-ups>
- Re: Enabling a job applicant to resume a submission later John Ladwig (Dec 15)
- Re: Enabling a job applicant to resume a submission later Clifford Collins (Dec 16)