Duke ITAC - December 14, 2000 Minutes

DUKE ITAC - December 14, 2000 Minutes

Minutes

December 14, 2000

Attending: Pakis Bessias, John Board, Dick Danner, Ed Gomes (for David Ferriero), John Garcia (for Nevin Fouts), Alan Halachmi, Patrick Halpin, Bob Newlin (for David Jamieson-Drake), Ken Knoerr, Roger Loyd, Melissa Mills, George Oberlander, Lynne O'Brien, Mike Pickett, Rafael Rodriguez, Mike Russell, Edward Shanken, Robert Wolpert.

Guests: Ginny Cake, Rob Carter, Chris Cramer, Billy Herndon, Dave Kirby, Jennifer Vizas.

Call to Order: Meeting called to order by 4:00 PM

Review of Minutes and Announcements:

  •  
  • The minutes from the previous meeting were approved without changes.
     
  • Mike Pickett made several announcements:
    1. Dr. Chris Cramer has been hired as the OIT University Information Technology Security Officer, effective January 15, 2001. Chris received his Ph.D. from Duke's Electrical and Computer Engineering department, and in addition to his system administration and security responsibilities, teaches courses in Electrical Engineering.
       
    2. Duke has received an offer from Akamai for caching the public information on University Web servers. There is no cost to Duke associated with this offer.

      If there are questions or concerns regarding this offer please send email to Mike.
       
    3. Since most members are not going to be on campus, the ITAC steering committee decided to cancel the December 28th meeting.

Recruitment for open IT positions - what's working?

  •  
    1.  
    2. Duke needs to have a clearinghouse of information on IT recruiting, such as what newsgroups or websites to post to, sharing the leftover applications after hiring etc.
       
    3. Duke needs to establish relations with contract vendors and technical schools as a source of IT candidates.
  • Robert Wolpert opened the discussion on IT recruiting at Duke. What are the best practices and how can they be shared among the Duke community? Some members pointed out some of the problems with the current recruiting process: old job descriptions that are too generic and do not correspond to industry standards, as well as turnover at Human resources are inhibitors for IT recruiting.

    Melissa Mills and Ginny Cake said that Arts and Sciences and OIT provide their own online postings on the web, and utilize user groups and conferences for advertising as well as working closely with Duke's Human Resources.

    Billy Herndon mentioned that he has been successful with contract vendors. Basically, contract employees end up becoming full time employees when their initial contract runs out.

    John Garcia who teaches part-time at Durham Tech suggested using Durham Tech students for IT projects and that Fuqua has hired some of these former student interns as permanent employees.

    Robert Wolpert summarized the discussion as follows:

Systems administration and ethics - CLAC update

Rob Carter gave an overview of the discussion on "systems administration and ethics" from the last CLAC (Campus LAN Administrators Committee) meeting. Rob and the CLAC steering committee came up with 7-10 hypothetical scenarios that posed ethical questions for a systems administrator. Due to the complexity of the issue and the limited time at hand, only one of these scenarios was discussed!

David Jamieson-Drake suggested bringing the issue to ITAC and maybe have a joint ITAC/CLAC meeting in January.

Rob said that the responses from CLAC members were very diverse when the members were presented with the first scenario:

a professor goes to a systems administrator and wants her to look into a student's network folder and compare lab reports that look almost identical to lab reports that were turned in by another student. What is a systems administrator to do? Is it ethical (or legal) for her to do what the professor wants her to do? What about the student's rights?

Pat Halpin asked whether somebody from University Counsel should take part in the discussion.

Lastly, Rob solicited ideas about the form of the discussion. It was suggested that a panel form will be best, and that the joint ITAC/CLAC meeting will take place on January 11th (at the Sanford Institute).

Public key infrastructure (PKI) and digital certificates - a tutorial

  •  
    •  
    • Certification
    • Validation and
    • Distribution.
    •  
    • How do you publish the public key?
    • How do you ensure that a public key belongs to the person you think it belongs to?
    •  
    • the security of the private keys, e.g. a private key stored in an unsecured workstation
    • the portability of the keys, e.g. using smart cards.
    •  
    • Duke is the best authority for verification of its own departments and employees
    • there is one central entity managing PKI rather than each department going alone
    • it's easier to set up SSL on Duke's many web servers
  • A PKI is a system for publishing public keys and it commonly supports at least three operations:

    Rob Carter and Dave Kirby led the discussion. Rob distributed a handout that explained in more detail public and private keys, digital signatures, SSL (Secure Sockets Layer), CA (certificate authority) and RA (registration authority). Rob provided brief explanations and examples of using these technologies for encryption/decryption of data and authentication.

    There are many questions and issues that need to be resolved in a PKI implementation.

    That is where digital certificates come in: they contain information about a public key and signature from a certificate authority like Verisign. Rob said that the credibility of the RA is very important. Other issues to be considered are:

    John Board posed the question. Should Duke become its own Certificate Authority? Benefits of doing so are:

    Dave Kirby added that from a HIPAA (Health Insurance Portability and Accountability Act) standpoint, a local (Duke) Certificate Authority is a very good idea.

Laptops and wireless connectivity for students

  •  
    1.  
    2. What is the role of laptops and personal devices for Duke students?
    3. How can they be used to improve teaching and research?
    4. What are the things that would provide an enabling environment?
    5. What do we do/look for in the next year or two in terms of software and hardware?

    Alan Halachmi commented that faculty need to be trained to use the current technologies available to them.

    Dave Kirby said that we need to provide the infrastructure first, e.g. wireless before we decide what combinations of hardware/software to use.

    Ken Knoerr suggested that we look at how others (UNC, NC State etc.) did it and use the information in deciding which path to choose.

    Melissa Mills inquired about pilot programs. She said that HP laptops are available for checkin/out at UNC-Willmington. Pilots of this sort will help faculty to get on with the new technologies.

    John Garcia reported that they have an 11-mbit Nortel wireless at Fuqua and will have a pilot in January for 20-25 students.

    Lynne O'Brien thought that the main use of laptops will be outside of, not in the classroom; e.g. using webassign to do homework, post opinions before and after class. So, maybe outside of class use is more important.

    Ken Knoerr suggested that to make this work, we need to provide the technical support and guidance.

    Dick Danner said that laptops are required at the Law School. There is some distraction associated with laptops in the classroom, but the students like multitasking! He also reported that the Law School would have a wireless installation pilot in January.

  • Mike Pickett started the discussion by posing a few questions to the group.

    These questions generated many comments from the attendees:

     

    At that point, Mike Pickett suggested that members send him email if they'd like to follow up on this issue.

     

The meeting was adjourned at 5:30 p.m.