Security with students entering own data?
Date: 1996/03/20
Message-ID: <4ip26d$jc_at_ratatosk.uio.no>#1/1
We are about to implement our new student system, and the developers are
finally ready to discuss security.
It turns out they want students to be able to update their own demographic data,
and register for exams etc.
This will be done from designated workstations with a special client program.
But the question arises, how do we pretend the students from deregistering
anybody whose "person number" they might pick up somewhere, changing other
people's addresses etc - in short, how can we authenticate them?
So far we have come up with the idea of mailing them usernames and passwords
with their admission letters - but we are told the vast majority of students
do not read their mail and do not bring the required documentation.
I would be interested to know if anybody is addressing similar issues, and how. In principle this is no different from letting them make a phone call to the student office to update this information. Maybe we should accept the fact that this information is not 100% trustworthy?
Regards, Torfrid Leek
USIT - Centre for Information Technology Services
University of Oslo
torfrid.leek_at_usit.uio.no Received on Wed Mar 20 1996 - 00:00:00 CET