Utilization of Directory Services of the SCC
Access to Directory Services of the SCC
The SCC operates several servers providing central directory services for the KIT. Access to the data of these directory services requires a prior authentication (bind). Exceptions in form of anonymous access are coordinated by the SCC and if necessary after clerance by the data protection officer.
Utilization of KIT-Accounts for the Authentication
Subject to the following requirements, it is permitted to use the KIT-Account information for authentication:
- Only those servers and mechanisms are to be utilized, that are made available by the SCC. The list of these servers and mechanisms is published separately. Services that are not intended for the authentication of users are not to be used for authentication purposes.
- The application using the directory services has to be reported to the SCC. The SCC informs administrators of the reported application about planned changes of the directory service servers.
- All legal regulations are to be observed, especially those in regards to data privacy.
- The storage of passworts of thirs parties is not permitted (not even for audit or debug).
- Passwords are only to be transmitted over secure and encrypted network connections.
- The application and the underlying operating systems have to maintain a current patch level (securtiy patches, anti-virus definitions, etc.)
- All regulations by the SCC for the hosting system are to be observed.
- The SCC reserves its right to perform at any time spot checks of the authenticating application and its realization.
The SCC will maintain and publish a list of the authorized external applications.
Resolution making Board
This security policy has been put into effect on the 11th of July 2007. The resolution making board has been the former "Arbeitskreis IT Sicherheit des Rechenzentrums" (AK-Sicherheit). The number of this resolution is AK-Sicherheit-2007/02.