Enterprise Authentification Requirements
The University of North Carolina at Greensboro
Policy Reference: Security of Networks and Networked Data
Approved: November 30, 2006
Document Maintainer: Assistant Vice Chancellor, ITS - Systems
Purpose
This procedure addresses the following sections of the related policy:
Section III.B.ii
"Application developers with applications containing passwords, shared secrets, or key phrases contained within should adhere to the following guidelines:
- Support authentication through ITS enterprise authentication services.
- Support authentication of individual users and not groups.
- Must not store passwords in clear test or any form that is reversible."
Scope
This procedure covers all software applications that require individual authentication deployed for the use of UNCG whether authored internally or purchased.
Campus offices may run servers that provide services to populations who are not eligible to use enterprise authentication, for example, pre-admission Web services. Offices may also provide services to populations who are not part of UNCG. It is likely that data contained in those systems would be classified as "restricted." Applications which provide services primarily to individuals for whom enterprise authentication is available must use enterprise authentication. For populations outside of the enterprise authentication schema alternative authentication options will be reviewed on a case by case basis by ITS.Responsible Parties
- UNCG application developers
- Any party purchasing an application
- Application Service Providers
Procedure
- Any application that is to be deployed for the UNCG campus and that requires individual authentication will use UNCG enterprise authentication service.
- The division of Information Technology Services (ITS) provides a computer services management system that populates an enterprise directory services. As of this writing, the enterprise authentication service is Novell Directory Services.
- For applications developed in the Microsoft IIS, .NET, and AFS/UNIX Web server environments, ITS will provide written documentation on how to use Enterprise Authentication Services, including guidance on authorization. Application developers may request this documentation by submitting a request to the Service Desk via 6-TECH.
- For purchased applications, clients should check with the application vendor to ensure that authentication is compatible with Lightweight Directory Access Protocol (LDAP). Clients should additionally consult with ITS for a compatibility check well before purchasing by initiating a request for product compatibility evaluation to the Service Desk via 6-TECH.
- For ITS internally developed applications, ITS staff will provide application programming information to other developers as needed.