- The new LDAP infrastructure based on the open-source 389DS project goes into production.
- Features include a streamlined schema, pruning (old entries are dropped) and synchronization with the new Central AD Authentication Domain.
- The University of Hawaii UH Federated Web Login Service can now be used to authenticate to Ex Libris for online digital content via the Voyager application hosted by UH Manoa Hamilton Library.
- The University of Hawaii UH Federated Web Login Service can now be used to authenticate to all Service Providers in the InCommon Federation's Research & Scholarship (R&S) Category. As the number of Service Providers grows, setting up attribute release policies by category rather than by Service Provider will be more scalable.
- The UH Web Login Service v3.0 is available. This version utilizes CAS v3.x technology and differs from the previous version in several profound ways:
- The method for releasing attributes is different. The UH Web Login Service v3.0 features attribute release policies for additional flexibility.
- The UH Web Login Service v3.0 imposes additional security requirements. Production URLs must be registered before authentication is allowed.
- The UH Web Login Service v3.0 complies with the new UH Data Governance policies and procedures that are being established by ensuring the attribute release policies are governed by the Data Governance Committee.
- The University of Hawaii UH Federated Web Login Service can now be used to authenticate to the DMP Tool. A number of U.S. funding agencies such as the National Science Foundation and the National Institutes of Health require researchers to supply detailed, cost-effective plans for managing research data, called Data Management Plans.
- The UH Federated Web Login Service can now also used to authenticate to CILogon. The CILogon project facilitates secure access to CyberInfrastructure (CI) via personal certificates.
- The University of Hawaii UH Federated Web Login Service can now be used to authenticate to the IndianaCTSI HUB. The IndianaCTSI HUB's goal is to transform the participating institutions to create an environment that facilitates the conduct of clinical and translational science research by providing new mechanisms to accelerate translational research.
- The University of Hawaii UH Federated Web Login Service can now be used to authenticate to Research.gov. The National Science Foundation (NSF) provides the research and education community access to its online services via Research.gov. Principle Investigators are now able to access FastLane services with their UH credentials (UH Username and password).
- Second meeting of the UH Application Developers was well attended by developers and IT managers from a number of campuses and UHM departments. The slides and discussions from these meetings are now published online: <https://www.hawaii.edu/bwiki/x/FYqdDQ>. Meetings will be held approximately quarterly. Interested attendees may contact firstname.lastname@example.org to be included on the mailing list.
- The University of Hawaii UH Federated Web Login Service can now be used to authenticate to E-Academy via the UH Manoa Bookstore. E-Academy is a sponsored member of the InCommon Federation and a reseller of software products. To project privacy, only a person's role (student, faculty, staff, other) and Targeted ID (eduPersonTargetedID) are released when a person chooses to authenticate to E-Academy.
- ITS adds the UHIMS Groups - Grouper to the set of centralized identity and authorization management services available to UH developers. The UH Grouper Service maintains a repository of groups of people. The groups are automatically updated regularly. Besides the groups that are automatically maintained, custom groups can also be created. Custom groups can combine custom entries with references to members of the automatic groups.
- The University of Hawaii UH Federated Web Login Service can now be used to authenticate to the TeraGrid portal for access to supercomputing resources.
- The University of Hawaii UH Federated Web Login Service can now be used to authenticate to EDUCAUSE online services.
- The University of Hawaii UH Federated Web Login Service can now be used to authenticate to the InCommon Federation Spaces wiki service. This new capability is a result of UH joining the InCommon Federation and setting up our UH Identity Provider (UH IdP). Your UH Username and password provides you single-signon access to an increasingly broad range of internal and external resources.
- The University of Hawaii joins the InCommon Federation of Universities; Government and Nonprofit Laboratories, Research Centers, and Agencies; and sponsored Partners. This is a crucial step towards making UH credentials (UH Username and password) useful for authentication to a broader range of services.
- Starting May 3, 2010 'Ohana retain full email services rather than just email-forwarding services.
- Unfortunately, it is not feasible to restore email for those that transitioned to 'Ohana previously. We were very aggressive with cleanups due to tight resources. We are now able to seamlessly host 'Ohana on external resources rather than on University resources.
- Legacy UH Usernames cleanups are now completed.
- Over 100,000 legacy UH Usernames have been terminated. All owners were given the opportunity to join the UH 'Ohana and to take advantage of the email forwarding-only service if they wanted to ensure that email sent to their UH address would continue to be forwarded.
- Nearly all accounts are now subject to a UH Username Life Cycle that ensures that the appropriate University roles are assigned for the appropriate time periods. We are now working on the edge cases, such as the manually provisioned accounts.
- Note that UH Usernames are not recycled and are reassigned to the original owner should she return to the University.
- New Password Management Practices have been approved for implementation. Developers of applications that authenticate against LDAP take note:
- The password associated with the UH Username (used for email, MyUH, etc) may now be anywhere from 8 to 32 characters long. Some applications developers may need to add a use-case for this to their test suites.
- The new Password Management Practices now recommend that applications that authenticate against LDAP be designed to resist brute force guessing of passwords
- Implement logic to resist brute force attacks by detecting and responding to a failed authentication event. With each failed consecutive authentication add 5 additional seconds delay between processing of a new password attempt. The delay between the first and second password attempts for a single user would be 5 seconds, between the second and third would be 10 seconds, etc.