Versions Compared

Old Version 2

changes.mady.by.user Jeffrey I Schiller

Saved on

compared with

New Version 3

changes.mady.by.user gettes@mit.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

1.

...

Background

...

The

...

High

...

Impact

...

Data

...

Protection

...

(HIDP)

...

project

...

team

...

was

...

convened

...

in

...

late

...

July

...

2008

...

to

...

determine

...

a

...

solution

...

to

...

mitigate

...


the

...

threat

...

to

...

sensitive

...

Institute

...

data

...

posed

...

by

...

lost

...

or

...

stolen

...

portable

...

devices

...

(laptop

...

computers

...

and

...

mobile

...


devices).

...

  PGP's

...

Whole

...

Disk

...

Encryption

...

(WDE)

...

product

...

has

...

been

...

chosen

...

as

...

the

...

best

...

solution,

...

and

...

a

...

deployment

...

plan

...

is

...

currently

...

under

...

development,

...

focusing

...

on

...

a

...

targeted

...

set

...

of

...

MIT

...

users

...

with

...

access

...

to

...

sensitive

...

data.

...

2.

...

Findings

...

  1. LDAP

...

  1. Dependency

...


  1. There

...

  1. is

...

  1. concern

...

  1. over

...

  1. the

...

  1. assumption

...

  1. that

...

  1. LDAP

...

  1. authentication

...

  1. utilizing

...

  1. Kerberos

...

  1. passwords

...

  1. will

...

  1. be

...

  1. available

...

  1. for

...

  1. roll

...

  1. out

...

  1. as

...

  1. the

...

  1. current

...

  1. ldap.mit.edu

...

  1. infrastructure

...

  1. does

...

  1. not

...

  1. support

...

  1. this

...

  1. method

...

  1. of

...

  1. authentication.

...

  1.   The

...

  1. next

...

  1. generation

...

  1. directory

...

  1. system

...

  1. may

...

  1. support

...

  1. such

...

  1. authentications,

...

  1. but

...

  1. issues

...

  1. around

...

  1. access

...

  1. and

...

  1. proper

...

  1. use

...

  1. must

...

  1. be

...

  1. addressed

...

  1. before

...

  1. it

...

  1. can

...

  1. be enabled.

3. Recommendation from the TAP Consultation

Note

"Approved with Concerns":
A majority of TAP approves the plan as long as it takes into account the concerns described in the Findings. 

enabled.  It is recommend that the HIDP project continue to use Active Directory for user authentication. {bgcolor:#ff00ff}I don't agree with this recommendation. We should just get the LDAP authentication to work, even if we have to deploy a hackish server as an interim step. The important point is that the end-users won't have to be burdened with the hackishness of it. The Active Directory integration, by contrast, is a hassle for the end-user. --Jeff{bgcolor} h3. 3. Recommendation from the TAP Consultation {note}"Approved with Concerns": A majority of TAP approves the plan as long as it takes into account the concerns described in the Findings.  {note}