|
Home
>
7. what projects have done
>
7.4 Legal etc.
|
Previous
Next 
|
|
|
|
|
|
|
|
|
|
|
Users log in with username and password, authenticated against an LDAP server.
SSL is used for the connection to the Student Information System (QLS). Queries from the MLE system to
the QLS are restricted by a "thin client" application. See
http://mle.dmu.ac.uk/deliver/DMU_MLE_QLS_Broker_Documentation_5_3b_v1_005.doc |
|
The GIMIS security system is both granular (access and activity assignments granted on a role basis)
and robust (every page request is checked prior to processing). SSL will be implemented nearer the end
of the current project cycle. |
|
A security issues and policy analysis with respect to the web: SSH, SSL, IpSec, Certificates etc.
LDAP (Lightweight Directory Access Protocol) exploiting the institution's ITS issued usernames and
passwords;
Use of Matriculation Cards for authentication to online systems Role-based access controls on MMS. |
|
Log-on via UEA user-ids and passwords (which are validated to exclude dictionary words etc.) held in
LDAP server. Investigating using HTTPS for log-on. |
|
Log-on via University of Sunderland user-ids and passwords held in LDAP server. |
|
The TISR configuration file should be appropriately protected, as it contains database and LDAP
connections strings. The TISR server should be physically secured from unauthorised access. Web
access should be implemented over SSL, though isn't in demonstration application. We have developed
a sample LDAP authentication module for use with Resin. This is unsupported code for demonstration
purposes. It requires the Netscape/Mozilla Java LDAP SDK. As TISR is middleware, it is up to
implementers to determine security policy. A TISR solution could provide a student directory, say,
available to all, or a secured service with restrictions in place. |
|
|
|
|
SSL has been implemented. The MLE-QLS Broker provides additional security via a read-only connection
to the SIS. |
|
Until SSL is implemented for Web access then the benefits of institution-wide Active Directory
authentication do not come without significant risks of plain text password interception. |
|
SSL is not yet employed during LDAP authentication. |
|
Until SSL is implemented for Web access then the benefits of institution-wide LDAP authentication do not
come without significant risks of plain text password interception. |
|
Sunderland has implemented SSH for command line access to its systems. However, until SSL is
implemented for Web access then the benefits of institution-wide LDAP authentication do not come
without significant risks of plain text password interception. |
|
The demonstrator does not use SSL (no user authentication credentials are required). As the project
notes "As TISR is middleware, it is up to implementers to determine security policy." SSL should be
mandatory for any use requiring user authentication. |
|
|
|
|
Estimated costs for January 2003 to September 2005:
|
|
Approximate cost
|
Notes
|
|
Staffing
|
c £140k per annum
|
Includes Core MLE Team: 3 software developers plus 2 analysts.
It is envisaged that the c 1 - 1.5 FTE of the Team will be carrying out
externally funded research closely related to the MLE development
through this period
Costs do not include senior management
There will also be significant input from the managers and
administrators of the various data sources which are being integrated.
|
|
Hardware
|
c £24k in total over
the 32 months
|
Includes purchase of separate database server plus 2 application
servers.
|
|
Non staff
revenue costs
|
c £15k per annum
|
|
|
|
The initial costs are:
Appropriate hardware >£,1000
ColdFusion Server (v5 or MX) <£4,000 |
|
Intel/Linux servers, commercial software swipe card readers, personal machines for project officers,
project personnel time. This ignores the costs of Oracle, SITS, Ingres and the servers they run on. |
|
The start-up costs are minimal: deployment license for WebObjects (< 100UKP) plus the hardware costs
of a server sizing depends on load. The cost should be similar to a web server for the same user
population. |
|
Server - £25000 Sun E450 Software - free |
|
1 day set up circa £300
Hardware circa £1,500
Software circa NIL GBP to several K |
|
|
|
|
See above. N.B. this is still a development phase. |
|
There are no "required" costs, the largest element in cost of ownership is the time involved in content
creation. The system is designed to create and manage as much as possible without human
intervention. The content that does need time and effort, is the creation of the extractions from the host
systems. This is largely because we always try to optomise the extraction code; so it is time spent in
Oracle or Access or Informix coding rather than in GIMIS, which simply manages and delivers the created
code. This element of the developemnt is done by the MIS team in the same way that any such
extractions are done. |
|
If we separate development costs from daily technical maintenance costs and the efforts needed by
lecturers and administrators:
MMS at St Andrews: Cost of Intel/Linux server; daily backup; periodic updates to OS and TomCat software;
periodic updates for security patches; bug fixes; maintaining user lists. Estimate: one programmer day
per week. Probably best done as a set of chores as part of a Helpdesk + standard ITS support unit.
Effort required by e.g. a lecturer in setting up a module: 10 30 minutes.
The Intellectual Property rights and copyright belong to University of St Andrews. Project integration
software is free in principle, but has not been adapted to work outside its Institutional context, and has not
been packaged for distribution. See notes on "existing software release" below. |
|
The direct costs of ownership of the software are minimal (no annual license). The broader issue of the
total cost/saving is dependent on the level of integration into the organisation and the organisational
profile. Maintenance of the system (ie. keeping it running) is minimal and will cost roughly .05 FTE (1 day
per month) but effecting & supporting further development would obviously require more resources. |
|
Project - including an indication of staff effort in terms of FTE |
|
Depends on Implementation |
|
|
|
|
