Central Authentication and Directory Service Application Form

marlinlineInternet and Web Development

Oct 31, 2013 (3 years and 8 months ago)

78 views

Form No.
A2
0

(Page

1

of
5
)


06 2013




Central Authentication and Directory Service Application Form




Personal Data

Collection


1.

The personal data provided on this form will be used by



ITSC to verify your identity in the University to confirm your eligibility for the
computing

resources and

services being provided
by ITSC



ITSC to contact you

2.

The provision of personal data on this form is voluntary. If you do not provide sufficient information, however, we may not b
e able to
process your application.

3.

Personal data held by us relating to you w
ill be kept confidential and will not be used for other purposes apart from the above.

4.

You have the right to check whether ITSC holds personal data on you. You can submit your request through Electronic HelpDesk
at
https://helpdesk.itsc.cuhk.edu.hk/group/pd
-
help

or in writing to “
User Support

Division, Information Technology Services Centre
”.

5.

Details on the use of personal data by ITSC can be found at
http://www.cuhk.edu.hk/itsc/about/pdo.html
.



Form Submission


1.

To expedite the process of your application
, the information/documents must be supplied/produced/completed.

2.

You can submit the form to the
Service
Desk

(User Area, Room 109A
of Pi Ch
iu Building) in person and present your CU Link card to the
consultant
-
on
-
duty for identification or send the form, with a photocopy of your CU Link card, to
“User Support Division, Information
Technology Services Centre”
.

3.

You wil
l receive an initi
al reply slip

through internal
mail or phone in FIVE working days.

4.

For any enquiries about the status of the application, please s
ubmit your enquiries through Electronic HelpDesk at
http
s://helpdesk.itsc.cuhk.edu.hk/group/account
-
help

.

































Form No.
A20

(Page

2

of
5
)





06 2013


IT system owner must supply
the

information
below
for ITSC to consider
his/her

applications


Application for:

Central Authentication and Directory Service

[

]


New Applica
tion


[

]

Renewal

[

]

Closing


Central Authentication and Directory Service (in local authentication mode)

[

]

New Application


[

]

Renewal

[

]

Closing


A.

About the Applicant (must be t
he IT System Owner or assignee)


Staff

/ Computing

ID No.



Title

Pr
of / Dr / Mr / Mrs / Ms

Name in English



Name in Chinese

(if applicable)


Contact E
-
mail

Address


Contact Phone No
.


Department





B.

About the IT System


Name



CADS Number

(if assigned)


Department



Access Type

[

]

C l i e n t/S e r v e r


p l e a s e s p e c i f
y t h e s y s t e m n a me:




[

]

We b


p l e a s e s p e c i f y t h e U R L:




[

]

M o b i l e



p l e a s e s p e c i f y t h e
s y s t e m
n a me
:






[

]

A u t h e n t i c a t i o n M e c h a n i s m



[

]

S S L e n c r y p t i o n



[

]

O t h e r s, p l e a s e s p e c i f y






D e v e l o p e r

(
P l e a s e s p e c i f y t h e
c o n t a c t d e t a i l s a t S e c t i o n E
P a r t I
I S y s t e m D e v e l o p e r )

[

]

C U H K I T S t a f f


[

]

O u t s o u r c i n g Ve n d o r / T h i r d
-
p a r t y S o f t w a r e
C o mp a n y

[

]

O u r d e p a r t me n t/u n i t h a s s i g n e d t h e N o n
-
D i s c l o s u r e A g r e e me n t f o r m
(
h t t p://w w w.c u h k.
e d u.h k/i t s c/s e c u r i t y/r e s t r i c t e d/i s p o l i c y/
) w i t h a n o u t s o u r c i n g v e n d o r /
t h i r d
-
p a r t y s o f t w a r e c o mp a n y.

[

]

O u r d e p a r t me n t/u n i t h a s r e c e i v e d a l l t h e s y s t e m s o u r c e c o d e f r o m a n o u t s o u r c i n g v e n d o r /
t h i r d
-
p a r t y s o f t w a r e c o mp a n y.

[

]


T h e s y s t e m i s d e v e l o p
e d b y

a
n o u t s o u r c i n g v e n d o r

o r a

t h i r d
-
p a r t y s o f t w a r e c o mp a n y

[

]

C o mp a n y n a me:


[

]

S o f t w a r e/P a c k a g e n a me:



[

]

S u b s e q u e n t s y s t e m ma i n t e n a n c e w o u l d b e c a r r i e d o u t b y


[

]

O u r d e p a r t me n t/u n i t I T s t a f f


[

]

A n
o u t s o u r c i n g v e n d o r / t h i r d
-
p a r t y s o f t
w a r e c o mp a n y




C o mp a n y n a me:









Form No.
A20

(Page

3

of
5
)





06 2013




For New Application:

Target Production

Date


Target Users and its
Population Size


Estimated maximum number
of con
-
current users



Estimated average number
of con
-
current users




C.

About the Hosting Server


Serv
er Hostname



Hardware


Operating system and
version


Web/Application
Server version


Development platform
(e.g. Java, ASP, Perl, etc.)


IP address
*


Physical location



Is the physical access to the system restricted to authorized
personnel only?

[

]

Ye s

[

]

No

Is there any departmental firewall for server protection?


[

]


Ye s

[

]

F i r e w a l l H o s t n a me:




[

]

F i r e w a l l I P a d d r e s s:




[

]

No


Is the system administrated by dedicated server
administrator(s)?

[

]

Ye s, p l e a s e s p e c i f y i n S e c t i o n E.


[

]

No

Will

your application connect to CA
D
S using encrypted
connections such as LDAPS, LDAP+TLS, etc.?

[

]

Ye s




[

]

No

Is there any other applications/services running on the same
web/app server?

[

]

Ye s
, p l e a s e s p e c i f y




[

]

No




Is there an
y s
erver certificate
installed?


Note: The IT system

enabled with secure web
communication (https) must be installed with a digital
certificate which is

default entrusted by popular Internet
browsers including IE, Firefox, Safari, etc.

[

]

Ye s

[

]

S e r v e r

c e r t i f i c a t e i s i s s u e d b y
:





[

]

S e r v e r c e r t i f i c a t e e xp i r y d a t e:





[

]

No


*

The access would only be granted to
the
specific IP address. Should there be a change of IP address, the applicant should complete and submit
the “
Central Authentication
and Directory Service Amendment Form” to ITSC.



Form No.
A20

(Page

4

of
5
)





06 2013



D.

Request Details


1.

The application should be renewed yearly.

2.

To enable you to use CADS, I
TSC will provide you a comput
ing
account to access information on LDAP (via caa.cuhk.edu.hk) if your
application is app
roved.


Remarks:

-

Keep this information to yourself only and
do
not use it in other application (1 account for 1 application)

-

All traffic from your server to caa.cuhk.edu.hk MUST be encrypted (LDAPS or LDAP+TLS). Traffic for all web pages involving us
er
cre
dentials (e.g. computing
ID
, university
ID
, password, etc.) should also be encrypted.


Purpose of using Central Authentication and Directory Service (please use a separate sheet if necessary)





Attributes and access privileges required for your system wh
en applicable (e.g. computing
ID
, authentication, specific
department/faculty/college

users and etc.).








E.

About the Suppor
t Personnel


I.
System Owner (if different from
Section A
):

Staff

/ Computing

ID No.



Title

Prof / Dr / Mr / Mrs / Ms

Name in Engli
sh



Name in Chinese

(if applicable)


Contact E
-
mail

Address


Contact Phone No
.


Department





II.

System Developer:


Staff

/ Computing

ID No.



Title

Prof / Dr / Mr / Mrs / Ms

Name in English



Name in Chinese

(if applicable)


Contact E
-
mail

Addre
ss


Contact Phone No
.


Department





III.

Server

Administrator
:


Staff

/ Computing

ID No.



Title

Prof / Dr / Mr / Mrs / Ms

Name in English



Name in Chinese

(if applicable)


Contact E
-
mail

Address


Contact Phone No
.


Department





IV.

End
-
user Su
pport:


Staff

/ Computing

ID No.



Title

Prof / Dr / Mr / Mrs / Ms

Name in English



Name in Chinese

(if applicable)


Contact E
-
mail

Address


Contact Phone No
.


Department





Form No.
A20

(Page

5

of
5
)





06 2013



F.

Declaration of the Applicant

1.

To use the Central Authentication and Director
y Service (CADS), the IT System Owner is responsible for:

a.

Making sure that basic security measures have been implemented in their information systems that are going to connect to
CADS.

b.

Providing basic security measures include, but not limited to, the foll
owing settings: encrypt all data transmitted between the
information system and CADS system, control the number of password trials, forbid any forms of password storage even
temporarily, etc. More suggestions on security measures could be located in
http://www.cuhk.edu.hk/itsc/security
.

c.

Allowing the ITSC to enlist information of their information systems in the home page of “Central Authentication Service” at
http://www.cuhk.edu.hk/itsc/security/cads
. .

d.

Informing the authorized users of their system that the use of their computer account information for authentication has been

authorized by the ITSC.

e.

Complying

with The Personal Data (Privacy) Ordi
nance when handling user data. Personal Information Collection (PIC)
Statements must be published at an eye
-
catching area of the information system notifying the users the purpose(s) of
collecting and using their computer account information.

f.

Maintaining a

channel for their users for enquiring their policies on using personal data. A link to ITSC Electronic HelpDesk
(
https://helpdesk.itsc.cuhk.edu.hk/group/abuse
) for users to report any improper

use of the CWEM computer account
information must be placed at the information system.

g.

Using the user authentication mechanism provided by ITSC on the designated IT System only.

2.

For an non
-
CUHK developed application,

a.

If

it is subsequently maintained (bot
h coding and support) by CUHK full
-
time IT staff, the CADS application
1

may be
considered.


b.

If

it is subsequently maintained by vendors, the CADS application would be rejected in considering the potential risk
2
.


3.

For systems which are using local authentic
ation mode, system owners must state clearly on the login page reminding your users to
use a password different from CWEM password. In long run, we highly recommend system owners to:

a.

Change not to use CWEM computer account as the login ID to prevent any c
onfusion or otherwise

b.

Turn to use CADS using both CWEM computing ID and CWEM password.


I have observed the responsibility above and agree to
be
abide
d

by them. And I understand that it is not the
ITSC
’s obligation to fulfill my
request.









IT Sys
tem Owner’s Signature


aate




b湤潲ne搠批 aepa牴me湴/r湩t eead








Department/Unit Head’s Signature with Department/Unit Chop


Date

(

)



N a me i n P r i n t




G.

Office Use Only


Received by



Date


Autho
rized by



Date


Processed by



Date


Expiry Date



Assigned CADS No


Remarks









1

The user authentication mechanism provided by ITSC could only be used by CUHK full
-
time IT staff on the designated IT application. And
the mechanism should not be sh
ared/known/kept by vendor. The department shall make sure that no CWEM account information will be
passed/shared to vendor or third parties (including external application or service provider) through any means. Otherwise, t
he application will
be rejected.

2

Risk of out
-
sourced vendors making un
-
intentional or intentional security mistakes due to variation of service quality and level of commitment
to the University.