Today I presented an overview of the PASS migration at the Network of People meeting (slides [pdf]). I thought it went well. From a poll I took in the beginning, most indicated this was their first hearing about the pending change (although, I really asked a trick question, and even caught fellow co-workers who knew the right answer). I included a reference to this blog, so maybe, someone out there is reading this besides me :).
After presenting, I noticed I missed mentioning a few things I'd like to point out here, including:
- Command line ACL permission tools - both the Harrisburg and World Campuses (among others) make extensive use of the command line equivalents to ACL Explorer for their daily IT administration in their allocated chunk of PASS. I hope to make it both easier and faster for IT managers like them to continue to do what they are doing today with DFS.
- New path names - Users today are confronted with a rather long and confusing path name to even get into the root of PASS. For example, the proverbial user "xyz123" may find way to her home folder via any of the following equivalent paths:
/.../dce.psu.edu/fs/users/x/y/xyz123 /.:/fs/users/x/y/xyz123 /:/users/x/y/xyz123
We plan to make it a less technology-centric and a more service oriented name, one that should fare to be more memorable such as:/pass/users/x/y/xyz123
I also found both the Knowledge Base and IPAS presentations to carry quite a bit of relevance to the PASS Migration. Well maybe the point on KB isn't too exciting, I'd like to use it more for pre/during/post migration relevant issue detail for users and IT managers.
IPAS seems to be the answer to something I've been hoping to see happen in data sensitivity awareness for a while. Specifically, some data classes should never be found on PASS or the Web services we provide that use it such as PCI DSS protected data (credit cards) or DOD classified data. Other systems may be suitable for these such as the eCommerce services or select systems managed by ARL, respectively. Some types are really the bread and butter of what we do, such as FERPA protected data and human research data managed by researchers, and thus are generally allowed to reside on PASS, but should still require adequate protections beyond the default (rather open) permissions and other security settings; other rules may apply. Items such as HIPAA protected data scare me, mainly because it is in that huge grey area of not sensitive enough to warrant specific rules I can point to like PCI DSS and certainly sensitive enough to cause us concern who run the service. Perhaps my unit may need to produce more specific policies about our services w.r.t. what data classifications are permitted and under what protections. We can't be the police of the data on our systems (that's not in our job description) but I hope we can at least provide clear, up front advice on what is proper use. I bring this up, because I've either seen or have been asked about using PASS and/or our Web services for each of these different data classes at least once.
--
Jeff