Educause Security Discussion mailing list archives

Re: DNS "A Name" Records for Third Party Providers

From: "Pace, Guy" <gpace () CIS CTC EDU>
Date: Mon, 12 Jan 2009 08:03:59 -0800

Handy and convenient, yes. Deceptive practice, though. If I were applying to your institution and was redirected 
without my knowledge to a third party to enter my private information, I'd find that very disturbing.

If you are dealing with students, this can become more murky, what with FERPA and various state data protection 
requirements. Also, are the students participating in this service know that this is hosted by a third party and have 
an opportunity to agree to the re-direct? Are they already students, or are these prospects? Adults or still legally 
children? Do you have a data sharing agreement with the third-party? Does the third party host the application and 
store the data on systems in the US or off-shore?

Guy L. Pace, CISSP
Security Administrator
Information Technology Division
WA State Board for Community and Technical Colleges (SBCTC)
3101 Northup Way, Suite 100
Bellevue, WA 98004
425-803-9724
gpace () cis ctc edu
-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg T. 
Grimes
Sent: Monday, January 12, 2009 7:55 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] DNS "A Name" Records for Third Party Providers

We have www.jobs.msstate.edu that points to the company HR uses for job
applications.  We have not had any problems with the company.  It's nice
to have that URL instead of msstate.peopleadmin.com showing up when people
apply for a position.

On Mon, 12 Jan 2009, Matthew Dalton wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All,

We recently had a request for an "A name" record by a third party
provider that is looking for a "seamless" user experience.  We're a
little hesitant to give an ohio.edu name to an external party, and
wanted to find out about other user's experience.  Any caveats, lessons
learned, or experiences that we should watch out for?  Thanks!

- --
Matthew Dalton
Director of Information Security
Office of Information Technology
HDL Center 173G
Phone: 740-597-1914
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAklrZagACgkQVKUofGqW+tysWACgvJqmVX0/hVmTHHPS3BqcRoCW
QskAmgPJj7UV6nPRifeeRQh6hId/xR1H
=0lI6
-----END PGP SIGNATURE-----


--
Greg T. Grimes
Network Analyst
ITS -- Network Services
Mississippi State University

Current thread:

DNS "A Name" Records for Third Party Providers Matthew Dalton (Jan 12)
- <Possible follow-ups>
- Re: DNS "A Name" Records for Third Party Providers Greg T. Grimes (Jan 12)
- Re: DNS "A Name" Records for Third Party Providers Pace, Guy (Jan 12)
- Re: DNS "A Name" Records for Third Party Providers Ian McDonald (Jan 12)
- Re: DNS "A Name" Records for Third Party Providers Willis Marti (Jan 12)
- Re: DNS "A Name" Records for Third Party Providers HALL, NATHANIEL D. (Jan 12)
- Re: DNS "A Name" Records for Third Party Providers Barbara Torney (Jan 12)
- Re: DNS "A Name" Records for Third Party Providers Barbara Torney (Jan 12)