| Issue Number | 3747 |
|---|---|
| Summary | CDR GP: GP Web Site Identity Management Feasibility Study |
| Created | 2014-03-25 13:28:58 |
| Issue Type | Task |
| Submitted By | chengep |
| Assigned To | alan |
| Status | Closed |
| Resolved | 2014-06-24 16:14:55 |
| Resolution | Fixed |
| Path | /home/bkline/backups/jira/ocecdr/issue.121453 |
Security Vulnerability: Identity/Password Management
Affects: CDR Genetics Professionals web site
Background/Issue Description:
The Information System Security Office (ISSO) indicated that the CDR
Genetics Professionals web site does not provide standard account
management safe guards. Integration with NIH External AD requires a high
LOE due to the complexity of the current CDR Genetics Professional web
site.
Task:
Due to complexity of the work, we will to prototype a solution. The
lessons learned from the prototype will further inform the feasibility
of integrating the CDR Genetics Professional web site with NIH External
AD.
Investigate whether there is a way to secure the site without requiring eDIR (NIH External AD) accounts for/by the genetics professionals. This includes changing the form so that it emails the information to a distribution and then manually entered into CDR. Or also looking into NIH Open ID.
The deliverable from this task is 2 or 3 alternatives with associated level of effort, pros/cons.
I've started gathering data and making notes for this task. I won't be dedicated to this until we have finished the CDR 3.2 release.
Elapsed: 0:00:00.001286