5. Resources
Below is a list of references included in this Roadmap.
A Framework for IT Policy Development (PDF) written by Rodney Petersen in EDUCAUSE Review, March/April 2004.
Association of College and University Policy Administrators (ACUPA) provides further examples of institutional policy.
Authentication of Information Technologies Resources Interim Policy provides readers with a policy example, courtesy of Cornell University.
Case Studies
Brandeis University Case Study (PDF) William Goedicke highlights the University's identifier practices in the context of authentication.
MIT's Guiding Principles (PDF)is an example provided by Paul Hill of MIT's.
New York University's Policy (PDF) includes Gary Chapman's description of New York University's approach to authentication and identity policy.
Penn State's Password Practices Case Study (PDF) includes Renee Shuey's overview of Penn State's password practices.
University of California Password Resets Case Study (PDF) provided by Karl Heins, the UC Director of Information Technology Audit Services, explains why mandatory password changes may not be effective.
University of California Riverside Case Study (PDF) offered by Andrew Tristan explains the authentication approach at UC-Riverside.
University of Chicago's Authentication Architecture Case Study (PDF) included by Tom Barton discusses their authentication architecture.
University of Wisconsin-Madison Case Study (PDF) provided by Steve Devoti and Mairéad Martin describes authentication at the University of Wisconsin-Madison. Of note is a recent password policy.
EDUCAUSE Federal Policy offers an overview of existing and pending legislation.
EDUCAUSE Identity Management Working Group provides a resources site and email list covering identity management policy, process, and technology.
EDUCAUSE/Internet2 Computer and Network Security Task Force offers security-related resources to higher education.
Enterprise Directory Implementation Roadmap provides information for higher-education institutions interested in deploying enterprise directories.
Enterprise Services Glossary from Johns Hopkins provides a general technology-related glossary.
FastLane is an interactive real-time system used to conduct NSF business over the Internet.
Federal E-Authentication Initiative is working toward a common infrastructure for electronically authenticating the identity of users of E-Government services offered by a broad range of Federal agencies.
Credential Assessment for InCommon Federation Sampling of Three Universities (DOC) provides an example of how three universities fared on assessing their infrastructure and practices for assurance levels 1 and 2 using the E-Authentication Assessment Framework. The linked doc is the gap analysis of those assessments done.
Credential Assessment Suite from the Federal E-Authentication Initiative.
Electronic Risk and Requirements Assessment (MS Access) is a database-driven tool made available from the Federal E-Authentication Initiative for a more detailed risk assessment of applications.
Entropy Spreadsheet (XLS) helps you to determine your policy and LoA compliance.
Federal E-Authentication Guidance for Federal Agencies (PDF) provides a process for assessing risk of an application and assigning the requisite LoA for credentials.
NIST Publication 800-63 Electronic Authentication Guideline (PDF) discusses the specific components that affect LoA, how they differ across the levels, and what you need to implement to achieve each of the four Federal LoA levels.
Password Credential Assessment Profile (PDF) describes the LoA requirements E-Authentication levels 1 and 2.
Free Application for Federal Student Aid (FAFSA) is the online student Federal financial aid application.
Identity Theft Resource Center provides information on the disclosures of U.S. Data Incidents protection of privacy and approaches for mitigation of identity theft.
IETF links to The Internet Engineering Task Force web site.
Institutional Roadmaps
Cornell University (HTM)
Kerberos Information
MIT provides the Massachusetts Institute of Technology's Kerberos distribution.
IETF: RFC 1510 via FTP
KX.509 information is the University of Michigan's distribute site of their Kerberos-to-PKI credential conversion software.
PKINIT is the University of Michigan's PKINIT site, the Kerberos Version 5 extension that provides for the use of public key cryptography.
Log Management for the University of California: Issues and Recommendations provides an example of issues associated with logging, security, and compliance.
National Institute of Standards and Technology's Computer Security Division
PKI Information
Resources/Help Desk and Passwords from Matt Smith from the University of Connecticut offers an informal survey on help desk and password reset issues.
Risk Assessment Framework (PDF or DOC) provides risk assessment guidance developed by the EDUCAUSE/Internet2 Computer and Network Security Task Force Risk Assessment Working Group.
SANS (SysAdmin, Audit, Network, Security) Institute
Shakespeare On Cyberliability (PDF) provides an excellent discussion of institutional liabilities in cyberspace, written by Beth Cate, Associate University Counsel for Indiana University.