Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: External LDAP Authentication through the firewall

From: Matthew Gracie <graciem () CANISIUS EDU>
Date: Fri, 8 Jan 2010 09:30:55 -0500
Di Fabio, Andrea wrote:

I'd like to get some feedback on the pros and cons of allowing a vendor to
directly query the internal LDAP for user authentication.  I do understand
that there tools out there like shibboleth, but at this point we have gotten a
specific request to allow AD authentication through our firewall for an
InterLibrary Loan Software.  Save the: it should have been a well thought out
process/project comments ;-)  Sometimes we can control what other IT units do.

The MS LDAP is our main and central authentication and GP.  I am inclined to
deny the request, but I would like to bounce it against you experts and
possibly get some points for or against it that I can use when responding to
the Library IT person and possibly to upper management.

Thank you!


One thing to think about is the other information that might be
contained in that directory -- allowing access to full user records
could easily run afoul of FERPA or other privacy regulations.

--
Matt Gracie                         (716) 888-8378
Information Security Administrator  graciem () canisius edu
Canisius College ITS                Buffalo, NY
http://www2.canisius.edu/~graciem/graciem_public_key.gpg
Previous By Date Next
Previous By Thread Next

Current thread: