Date: Fri, 29 Mar 2024 04:40:35 +0000 (UTC)
Message-ID: <174406291.7441.1711687235734@ip-10-10-7-29.ec2.internal>
Subject: Exported From Confluence
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_Part_7440_469832108.1711687235734"
------=_Part_7440_469832108.1711687235734
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Content-Location: file:///C:/exported.html
Survey Str=
ategy and Goals
The intent of this survey is to collect information from higher ed insti=
tutions about their current strategies for dealing with test accounts/ident=
ities, and what gap(s) they see between the tools they currently have at th=
eir disposal and what would meet their needs. Security is becoming more and=
more of an issue in how we test our applications and systems. The aim of o=
ur survey is to collect the current state of affairs and also the good idea=
s of our colleagues, and then share the results of the survey and perhaps s=
park some discussion about various testing strategies, and determine if the=
re is a way in which MACE-DIR could help support these strategies.
If you would like, we can keep your responses anonymous - just check the=
box at the end of the survey. Survey results will be made public.
Survey Draft
- Identity management departments at Higher Ed institutions have many dif=
ferent ways to provide testing accounts and identities for their applicatio=
n developers. These range from "just test in production" to more complex st=
rategies. Can you please describe how your institution approaches this prob=
lem?=20
- Our application developers test with our production identity environmen=
t and we don't have a separate test identity environment.
- We have a test environment that is a complete copy of our production id=
entities.
- We have a test environment that consists only of randomly generated ide=
ntities and does not contain any real identity information.
- Other (comment box)
- If you have a separate test identity environment, are all developers on=
campus allowed to use it or is it limited to the developers in your centra=
l IT department?=20
- Central IT only
- All of campus
- Depends on the application and/or the developer
- Don't have a separate test environment
- (comment box)
- Sometimes problems or bugs arise which can only be solved in the produc=
tion environment. How does your institution handle this type of situation?=
=20
- We will allow a developer to "take over" someone else's identity.
- We create a separate, new identity in production for the developer to u=
se. (please describe)
- We allow a developer to alter their own identity in order to do their t=
roubleshooting (or we will do this for the developer) - e.g. change their t=
ype from staff to student. (please describe)
- We have a "set" of identities in production that developers can use. (p=
lease describe)
- Other (comment box)
- If your institution allows test accounts in the production environment, what governance is used:=20
- What authority decides a test account in production should be created? =
(comment box)
- Is the test credential in production restricted by the same security me=
asures as production accounts (password change, password strength, etc)?=20
- Yes
- No
- Other, please describe (comment box)
- are test accounts in production audited or monitored by information sec=
urity to reduce risk of abuse or misuse?=20
- Yes
- No
- Other, please describe (comment box)
- are test accounts in production limited in scope to:=20
- particular applications
- all institution hosted apps
- not restricted at all
- Comment box
- To reduce the number of them, are test accounts in production shared by=
departments?=20
- Yes
- No, limited to individuals
- Other (comment box)
- Many application developers use their desktops for initial development,=
then move on to a test environment, and then move on to production. Do you=
provide any special identities for the "development" environment (as oppos=
ed to "test" and "production")?=20
- Yes (please describe)
- No
- Other (comment box)
- At least one institution has created a "test" attribute in their produc=
tion directory which is used to indicate that an entry is not a real identi=
ty. Do you think it would be useful to have an attribute like that availabl=
e as part of the eduperson schema?=20
- Yes, we would use something like that.
- No, we probably wouldn't be interested.
- Comments
- What doesn't work about your current test environment?=20
- Would you like your survey answers kept anonymous?=20
- Yes, please do not associate them with me or my institution
- No, it is ok to list my name and institution
- Any other comments, ideas or issues you would like to see discussed wit=
h respect to identity management test entities?=20
Thank you for participating!
------=_Part_7440_469832108.1711687235734--