 |
 |
Last year, Jim Green's group at ACNS created a web app for us that was a front end to a MySQL DB backend. This app was used to survey certain MSU graduate students, and we had them authenticate via their MSU NetID. Yes, we had to purchase a SSL certificate and have everything completely encrypted. A policy was forthcoming last year that would require any use of MSU NetIDs to be approved by the Enterprise Information Stewardship office (formerly the Client Advocacy Office). I don't know the status of that policy. I do know that, if the use of students / staff and MSU NetIDs is part of any research (as our project was), then the MSU IRB group (Institutional Review Boards) must also approve what you are doing and how. Yes, I had to give them full details regarding how our subjects would login, where the data was stored, how it was protected, how it was backed up, etc. And, yes, they required a SSL certificate for our project. ~ Esther Esther V. V. Reed IT Systems Administrator MSU Graduate School -----Original Message----- From: MSU Network Administrators Group [mailto:[log in to unmask]] On Behalf Of Tom Rockwell Sent: Wednesday, April 09, 2008 11:05 AM To: [log in to unmask] Subject: [MSUNAG] non-ssl sites using netid login? Hi, Is there a requirement that websites that use netid for authentication be ssl encrypted, or at least perform the authentication using ssl? Given that several MSU websites that use netid for authentication allow access to personal information, I'm wary of using netid over a plain text link. Note that the non-encrypted site is not an official MSU site. Thanks, Tom