May 2007 Archives

NWOP meeting notes

| 0 Comments | 0 TrackBacks

Today I presented an overview of the PASS migration at the Network of People meeting (slides [pdf]). I thought it went well. From a poll I took in the beginning, most indicated this was their first hearing about the pending change (although, I really asked a trick question, and even caught fellow co-workers who knew the right answer). I included a reference to this blog, so maybe, someone out there is reading this besides me :).

After presenting, I noticed I missed mentioning a few things I'd like to point out here, including:

  • Command line ACL permission tools - both the Harrisburg and World Campuses (among others) make extensive use of the command line equivalents to ACL Explorer for their daily IT administration in their allocated chunk of PASS. I hope to make it both easier and faster for IT managers like them to continue to do what they are doing today with DFS.
  • New path names - Users today are confronted with a rather long and confusing path name to even get into the root of PASS. For example, the proverbial user "xyz123" may find way to her home folder via any of the following equivalent paths:
       /.../dce.psu.edu/fs/users/x/y/xyz123
       /.:/fs/users/x/y/xyz123
       /:/users/x/y/xyz123
    
    We plan to make it a less technology-centric and a more service oriented name, one that should fare to be more memorable such as:
       /pass/users/x/y/xyz123
    

I also found both the Knowledge Base and IPAS presentations to carry quite a bit of relevance to the PASS Migration. Well maybe the point on KB isn't too exciting, I'd like to use it more for pre/during/post migration relevant issue detail for users and IT managers.

IPAS seems to be the answer to something I've been hoping to see happen in data sensitivity awareness for a while. Specifically, some data classes should never be found on PASS or the Web services we provide that use it such as PCI DSS protected data (credit cards) or DOD classified data. Other systems may be suitable for these such as the eCommerce services or select systems managed by ARL, respectively. Some types are really the bread and butter of what we do, such as FERPA protected data and human research data managed by researchers, and thus are generally allowed to reside on PASS, but should still require adequate protections beyond the default (rather open) permissions and other security settings; other rules may apply. Items such as HIPAA protected data scare me, mainly because it is in that huge grey area of not sensitive enough to warrant specific rules I can point to like PCI DSS and certainly sensitive enough to cause us concern who run the service. Perhaps my unit may need to produce more specific policies about our services w.r.t. what data classifications are permitted and under what protections. We can't be the police of the data on our systems (that's not in our job description) but I hope we can at least provide clear, up front advice on what is proper use. I bring this up, because I've either seen or have been asked about using PASS and/or our Web services for each of these different data classes at least once.

--
Jeff

Feedback from kxm's blog comment

| 2 Comments | 0 TrackBacks

In a comment to Kevin's blog, I asked a few questions about the directions we should take w.r.t. features and capabilities of PASS and applications we provide that use PASS as we move from DCE/DFS to a different technology.

Here's your chance to provide some feedback. Some specific issues I can think of include:


  • How can we make (file and Web based) access control easier for users? How can we better help IT managers to manage access for their constituents?
  • With Vista on the rise, what PASS and Samba issues have you already seen or expect will see? Are there new features you would like to see?
  • Some applications such as the Student Organizations Web Service Administrative Tool are built so closely into DCE/DFS to require a substantial redesign. Now may be a good time to ask what features should we consider changing or adding.
  • I've heard requests over the years for lowering the bar for editing web sites served from PASS, such as Personal Web sites. The blogs pilot is one such method we are working on. Will this handle the common case, or are there more types of "the Read/Write Web" we should consider doing for the non-technically savvy users? Should we look into a desktop application method more? Should we consider spending more effort on helping the "smart users" enable applications for others, e.g. databases for sites (clubs, etc) on php.scripts.psu.edu?

Feel free to bring up other points of interest to you.

Search This Blog

Full Text  Tag