Glenda,
The CalNet AWS system and server is an authentication system that can
be used to authenticate / identify positivly Campus Community members
in general and only.
More than you want to know probably but...
Once you are CalNet authenticated your application server receives,
among other things, the CalNet UID which distinctly IDs the person
authenticated. What you do with that is up to you but at that point
you know the person is a member of the campus community. From there
what needs to happen is distinct to the individual business
environment / application that made the call. Unfortunately from
there it gets quite technical but basically some kind of local
verification and or authorization mechanism kicks to check whether
the authorization and session are valid and whether or not the person
is authorized to access the application or web site. After all that
that there needs to be page to page session management in place so
that the session is not be hacked.
So when you ask if an authenticated and possibly authorized person
can 'see' all programs generally the answer is no unless they are
authorized to do so. If they are secured using a distinctly coupled
authentication / authorization scheme this is true to what ever
degree you choose. However is possible to construct a global / unit
wide authentication system with an application access key chain being
issued on authentication. At point as you move from one application
to another with in your business environment you do not need to
re-authenticate. Only the session and keys will need to be checked
for validity as you more from program to program.
This is a pretty gross simplification but generally correct.
As the new campus IST has generally formed up now there is a great
resource coming into use, your IT folks might hook up with those in
the know at the campus level. I think that they are going to become
more and more useful as an aggregator of applications and systems
development information as they get their feet on the ground. You
might want them look at this page and make contact as appropriate:
http://ist.berkeley.edu/getting-started/
John
At 01:30 PM 9/21/2006, Glenda Rubin wrote:
>Hi,
>
>I need some advice from the much more technically savvy than I.
>
>I'm working on a project with IT staff to develop a relational
>database that will result in a database-driven Cal in the Community
>website < http://calinthecommunity.berkeley.edu> CIC is an online
>resource guide to campus public service programs and resources for the public.
>
>I have fairly recent data culled from a survey that will be imported
>into the database.
>
>I want public service programs to be able to input their own data,
>e.g., new programs and updates. Content would be published to the
>website only after my approval. The data being collected is not confidential.
>
>I know I want CalNet password protection in order for someone to
>input data. My understanding is that I have two choices here:
>
>1) A CalNet ID becomes associated with a particular program
>2) Your CalNet ID would enable you to see all programs
>
>Is it a no-brainer that the security level should be choice
>#1? Even if it's not confidential data, is #2 just too risky? My
>concern about #1 is turnover of people who would input data,
>especially among the student-organized public service programs. I
>don't know the differences in complexity to program these two
>choices or what it would mean for me, as administrator/approver to
>operate under choice #1. BTW - the database has about 200 records.
>
>Thanks in advance for your thoughts.
>
>Glenda
>
>THE OFFICE OF COMMUNITY RELATIONS HAS MOVED. PLEASE NOTE NEW
>MAILING ADDRESS AND FAX NUMBER
>
>Glenda Rubin
>Manager, Community Relations
>Government and Community Relations
>University of California, Berkeley
>336 Sproul Hall
>Berkeley, CA 94720-4208
>Tel: 510-642-7860
>Fax: 510-643-0281
>http://communityrelations.berkeley.edu
-----------------------------------------------------------------------
The following was automatically added to this message by the list server:
Webnet information is available at http://webnet.berkeley.edu. Email sent to this list is archived at http://ls.berkeley.edu/mail/webnet/ . This archive is open to the general public and browsable by search engine spiders, email-address harvesting robots, your bosses, etc.
Received on Thu Sep 21 14:47:28 2006
This archive was generated by hypermail 2.1.8 : Thu Sep 21 2006 - 14:47:29 PDT