Educause Security Discussion mailing list archives
Re: DNS "A Name" Records for Third Party Providers
From: "Pace, Guy" <gpace () CIS CTC EDU>
Date: Mon, 12 Jan 2009 08:03:59 -0800
Handy and convenient, yes. Deceptive practice, though. If I were applying to your institution and was redirected without my knowledge to a third party to enter my private information, I'd find that very disturbing. If you are dealing with students, this can become more murky, what with FERPA and various state data protection requirements. Also, are the students participating in this service know that this is hosted by a third party and have an opportunity to agree to the re-direct? Are they already students, or are these prospects? Adults or still legally children? Do you have a data sharing agreement with the third-party? Does the third party host the application and store the data on systems in the US or off-shore? Guy L. Pace, CISSP Security Administrator Information Technology Division WA State Board for Community and Technical Colleges (SBCTC) 3101 Northup Way, Suite 100 Bellevue, WA 98004 425-803-9724 gpace () cis ctc edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg T. Grimes Sent: Monday, January 12, 2009 7:55 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] DNS "A Name" Records for Third Party Providers We have www.jobs.msstate.edu that points to the company HR uses for job applications. We have not had any problems with the company. It's nice to have that URL instead of msstate.peopleadmin.com showing up when people apply for a position. On Mon, 12 Jan 2009, Matthew Dalton wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All, We recently had a request for an "A name" record by a third party provider that is looking for a "seamless" user experience. We're a little hesitant to give an ohio.edu name to an external party, and wanted to find out about other user's experience. Any caveats, lessons learned, or experiences that we should watch out for? Thanks! - -- Matthew Dalton Director of Information Security Office of Information Technology HDL Center 173G Phone: 740-597-1914 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAklrZagACgkQVKUofGqW+tysWACgvJqmVX0/hVmTHHPS3BqcRoCW QskAmgPJj7UV6nPRifeeRQh6hId/xR1H =0lI6 -----END PGP SIGNATURE-----
-- Greg T. Grimes Network Analyst ITS -- Network Services Mississippi State University
Current thread:
- DNS "A Name" Records for Third Party Providers Matthew Dalton (Jan 12)
- <Possible follow-ups>
- Re: DNS "A Name" Records for Third Party Providers Greg T. Grimes (Jan 12)
- Re: DNS "A Name" Records for Third Party Providers Pace, Guy (Jan 12)
- Re: DNS "A Name" Records for Third Party Providers Ian McDonald (Jan 12)
- Re: DNS "A Name" Records for Third Party Providers Willis Marti (Jan 12)
- Re: DNS "A Name" Records for Third Party Providers HALL, NATHANIEL D. (Jan 12)
- Re: DNS "A Name" Records for Third Party Providers Barbara Torney (Jan 12)
- Re: DNS "A Name" Records for Third Party Providers Barbara Torney (Jan 12)