Duke ITAC - November 21, 2002 Minutes

DUKE ITAC - November 21, 2002 Minutes


November 21, 2002

Attending: Ed Anapol, Mike Baptiste, Pakis Bessias, John Board, Paul Conway, Ken Hirsh for Dick Danner, Angel Dronsfield, Brian Eder, Nevin Fouts, Tracy Futhey, Patrick Halpin, Billy Herndon, David Jamieson-Drake, David Jarmul,Scott Lindroth, Roger Loyd, Melissa Mills, Caroline Nisbet, George Oberlander, Lynne O'Brien, Mike Pickett, Mike Russell, Molly Tamarkin, Clare Tufts, Fred Westbrook, Robert Wolpert

Guests: William McNairy, Amy Campbell, Neal Caidin, Chris Cramer, Dan McCarriar

Call to Order: Meeting called to order 4:04 pm

I. Review of Minutes and Announcements:

ITAC minutes

Mike Pickett announces that the membership page on the ITAC Web site has been updated. Please check your information for accuracy.

ATS brochure

Mike Pickett distributes brochures for Academic Technology Services (ATS) training programs. ATS experimented with student training last year and deemed it a success. They now offer training various software packages for any interested students as well as offer training for individual classes at the request of a faculty member.

Duke Web home page revisions

David Jarmul announces News Services is undertaking a redesign of the Duke.edu top-level Web page. The current Web page is increasingly outdated and difficult to search for information. David Jarmul and members of his team have been meeting with several groups on campus about the page. "We've just been trying to talk to as many different groups and organizations as we can to find out what these people want and what their constituency needs." He thinks he will have something to present to ITAC in two weeks.

Network infrastructure committee

Tracy Futhey announces Mike Baptiste has agreed to lead phase 1 of the project. The phase 1 group will deal with where we want cabling and what kind of cable we want. Phase 1 is scheduled for completion by the end of January.
John Board will head up phase 2. The phase 2 group will concentrate more On the big picture of what we want to do and how we can accomplish or work toward our goals. Phase 2 is scheduled for completion by March 3.

II. Blackboard update

Presented by Amy Campbell & Neal Caidin

There has been an increase in use of Blackboard (Bb) as measured by the number of course sites compared to last fall. This year we began automatically creating course sites for faculty and accounts for students. Judging from comments we received from last semester, users of Bb find the service useful, and generally the comments about it were good.

We have two standing teams or groups affiliated with Bb. One is the project team witch is the operational group. Members of this group include staff from OIT, CIT, and other campus groups. The other group is the advisory group with members from the different schools, libraries, and undergraduate and graduate students as well.
This spring we will continue the existing pilot of the Bb organization feature. We're getting feedback on what tools the different groups and organizations at Duke might find useful. For example we plan another pilot test to integrate e-reserves into Bb.

We're also planning to test Building Blocks, basically software plug-ins, that will enhance the capabilities of Bb. Those building blocks that Bb users are interested in are the ones that we'll test. We have plans to test Bb 6, a new version.

As faculty have used Bb for several semesters they're interest in learning other applications for the software such as:

  • Streaming media and how it relates to Bb
  • Online testing: how best to do it and what tools might integrate with it
  • Group collaboration tools
  • Educational uses for other than standard semester-based courses; use by groups that are not necessarily course-related

Bb is committed to having the Building Blocks program be OKI compliant. There is also an open source community related to the Building Blocks environment.

Long-term issues

We're starting to think about Bb and what it might become in next few semesters or years: How will Bb integrate in the CMS when it gets here; How will Bb integrate into the Duke card system; How will Bb integrate into the portal solution when that is implemented here?


Melissa Mills: You have hosted meetings from time to time to get input from faculty. If a faculty member has ideas what is the best way to have those ideas heard? Is the best way to contact you or how do they go about it?

Amy Campbell: Go to the Bb Web site and any place you see a "send a comment" link, that will e-mail directly to me.

John Board: Left to its own devices it seems like Bb would become the de-facto portal unless we stop it. How much effort are we putting into these portal-like features, like integrating Bb with SISS?

Amy Campbell: The Building Blocks we explore are related to the learning system. Bb is a widely supported course management system so we are obligated to investigate that aspect of it. Integration with SISS is why we decided to go with the enterprise version of Bb.

John Board: It sounds like some people are starting to use Bb as a Web Page development tool. Is that something we should encourage or discourage?

Amy Campbell: Most people are using it to present educational materials. I am not trying to beat the bushes looking for people to use it for other purposes. But if a group comes to us and has an educational service need we don't turn them away.

John Board: Is Bb the only tool we're looking at?

Amy Campbell: For our purposes at Duke, Bb is the top product we should be looking at.

Molly Tamarkin: Bb provides some faculty in Nicholas with a tool to use for things they couldn't normally do.

Robert Wolpert: The groups you mentioned getting advice from are all people who seem to have a vested interest in Bb. I wonder if you are not hearing the cautionary voices as well.

Amy Campbell: There are representatives on the advisory group who do not use Bb or do not use it heavily. All members of the group may have looked at Bb but not all are wholesale convinced that Bb is for them.

Robert Wolpert: One of the reasons many of us don't use Bb is because of its lack of openness.

Amy Campbell: Bb is designed to provide course materials. Some of the materials, for copyright reasons or other reasons, faculty don't want to publish. It seems like in the demo we saw recently, version 6 is more open and allows access without logging in and access to sites as long as guest access is allowed on the site.

Brian Eder: What percentage of functionality that Bb offers do you think we're using now?

Amy Campbell: All the features of the Learning System itself are being used, but in the interface with the Community/Portal aspects, only about 30-40% of those are being used. For example, the roles aspect for targeting information to Bb users, and some of the modules in the "portal" area are or will be used in Spring. The major aspects of the "portal" (e.g., configurations for alumni and other non-user groups, display of news/weather/ sports/stock modules, etc.) won't be used, by conscious choice, because of the current status of portal discussions at Duke.

Mike Pickett: We have roughly a quarter of the courses we offer available on Bb. Have you seen any trends across schools.

Amy Campbell: I have not investigated percent per school. It is not used much in Duke Law. Nursing has a scattering, one or two. Fuqua has none.

Fred Westbrook: But we [Nursing school] do have all the courses there in Bb, but we haven't started using them yet.
Pat Halpin: One of the trends is non-traditional applications. I put together a Bb site for staff to use. I put up an online course using bb as a tool. Is that going to grow? If so, CIT shouldn't have to manage that.

Amy Campbell: One aspect is that of educational but not a course related. How do we divide out what goes where? SAP training is thinking about doing some online training with Bb.

Paul Conway: We've used 'open' as in open source and 'open' as in availability. You know about the Teach Act. The copyright venture has been tracking the implications of this. The bottom line is that sites like the Bb sites comply with the Teach Act, whereas, others that are sort of thrown up there do not.

Pat Halpin: If we could set different levels of access within our course sites that would help us comply with the Teach Act. Unfortunately, we're not there yet. A lot of the faculty who need hand holding and need a Web site done for them need to use Bb.

III. Enterprise Directory/LDAP explorations issues

Presented by Mike Pickett

In our explorations meeting last Thursday, we talked about having a clearinghouse of information--an authoritative source for people. That information is currently stored in different areas. We had a lot of questions and answers, and a lot of ideas.

Some of the questions we asked were:

What are people doing with LDAP?
- lots are using the online phonebook - lots are pointing e-mail clients to look up addresses

We asked, "Should all e-mail clients do that?"
People said 'yes' but we've only got about 40% of the email addresses in the LDAP directory.

What can we do to fix that?
- When we get more of the self-service pages running it will get better.
- We will pull together a small group of people who will help us dump in addresses. Some applications come bundled with LDAP authentication capabilities.

We asked, "Can we use LDAP to store classroom information and other aspects of a room?"
The answer is, "No. We do not want to do that." We do have an enterprise system called Resource 25 that is equipped and designed to do this.

We asked where do department or school-based shadows or clones of the LDAP directory fit in? And how is the data moved back and forth?

Should we equip the LDAP directory to accept and store PKI certificates?
We have that capability, but there were not a lot of people who said they could use it today.


Robert Wolpert: What about the question of how do we reconcile disparities when we pull from several sources?

Chris Cramer: The problem isn't so much that as if there is a discrepancy between the two copies of data, how do you tell the difference between the two sets?

Mike Pickett: Another point brought up was how to we set the data flow? A lot of that has not been worked out yet. That will be a tough one.

Robert Wolpert: For some things with multiple correct answers, like multiple e-mail addresses (some people do use multiple addresses), how to you keep that straight?

Chris Cramer: There is a logic that determines which of multiple affiliations is the master affiliation. The trick is that in some cases you do want multiple affiliations to be displayed, in other cases you do not want them displayed. What is being leaned toward now is to only display in the global phonebook. The application pulling the data will decide what to do with the data that is returned.

Melissa Mills: Is there any idea of using the enterprise directory to manage what you have access to? What you're authenticated for? And if not in the LDAP directory, then where?

Mike Pickett: Different schools approach that differently. It is being thought about, but I'm not sure one approach is more appropriate than the others.

Brian Eder: Is there a timeline on the Resource 25 software Mike mentioned?

Mike Pickett: I just opened a conversation with the Registrar on that.

David Jamieson Drake: Are pictures allowed yet in the LDAP directory? When will they be?

Tracy Futhey: That is interesting area, but to me it does not trump e-mail addresses and we need to solve that first.

IV. Homework database & OKI update (part II)

Presented by Melissa Mills

Related URLS: OKI homepage OKI Architecture Overview http://web.mit.edu/oki/product/whtpapers/arch_overview.html

The project lead and the project lead architect from MIT visited here last Tuesday. A group including Robert, Tracy, Molly, and others listened to them talk for 2 hours. What they explained was that OKI is an initiative funded by the Melon foundation and their funding ends this June. They are working with IMS Global, a consortium of vendors of higher education products, who are trying to work on standard data definitions so there is interoperability across products and platforms. The whole OKI is identifying a set of services that are common to all applications and not related to any scripting or programming language.

One of the questions was what would it mean for Duke to join OKI. It sounded like all they wanted was a commitment for partners to adhere to the specs and write their code to it. They don't want to be writing code themselves. They want to come up with the specs and the architecture, and they want partners to take those specs and put them into applications. The APIs seem to be almost ready to send out for use.


Robert Wolpert: I went into the meeting with a misconception about what OKI was and what they were doing. I thought they were building open source applications to compete with some of the other higher education applications we've seen. They have no interest in Duke or any others in participating in the specs phase. They do hope others will build things to those specs.

Melissa Mills: One of the reasons we're interested is because there are tools that have been developed at other schools that we are very interested in sharing. We can do that now.

Tracy Futhey: We can go off and develop by ourselves without any formal commitment to OKI. They just wanted to make sure that whoever the partners are, all are on board with what the core is. MIT's piece was looking for people who were like-minded in developing applications.

George Oberlander: Another application called HL7 was very successful in getting out there and getting people to write to its specs.

Melissa Mills: Whatever we try to build, we try to build to a standard. By banding together with other people who are doing this, our applications will talk to each other.

Robert Wolpert: It sounds like OKI compliance should become a matter of interest as we start building or buying applications.

David Jamieson-Drake: Some universities have it in their mission to spin off software. Duke doesn't do that so I don't know if we have the same stake in it as other universities.

Mike Pickett: OKI has a mission. HL7 was spec'd in 1897. It took many years to affect industry. What happened was a lot of hospitals and universities went to vendors and said we aren't buying your stuff unless it can talk to other stuff. That might happen with OKI if enough groups get interested.

Melissa Mills: The question is should we buy or should we write our own tools? If we try to buy, we haven't seen what we want yet. It also makes no sense to write a tool that isn?t compatible with other groups.

V. Review of problematic requests related to security/privacy

Presented by Chris Cramer

As far as security problems go, we're making good progress. Of greater concern are privacy issues. What I understand to be the acceptable use policy was created by ITAC five years ago and applies to acpub accounts. Essentially it says due to legal and policy issues, privacy cannot be guaranteed. I have never found a Duke privacy policy.

Problems of particular concern to me are:

  1. I get a lot of requests such as, "I am concerned about person X's behavior. I would like to monitor all of person X's Web site viewing and Internet traffic."
  2. We get requests to read people's e-mail. Typically these deal with ex-employees. The requests have not been for students, typically, but in theory we could get a request for students. We can hypothesize that we could also get requests for reading faculty mail.


Molly Tamarkin: Is there some danger or problem with stating for managers: these are best practices?

Chris Cramer: Every time we get these requests, we tell the requestor how to avoid this kind of problem in the future, but people seem to be ignoring what we tell them.

George Oberlander: In these privacy issues there is a distinction between faculty, staff, and students. In the case of staff, there are cases where they use e-mail for the business of department. So e-mail contains department business. Why can't departments look at it?

Chris Cramer: What has happened once or twice is that I have gone through someone's mailbox. I never found any business mail, just lots of spam. If we fire someone we give him or her an opportunity to clean out his or her desk. We don't have anything like that for network things.

John Board: We actually had a legal request to do this after the death of someone.

Fred Westbrook: There are both legal and moral issues here. Perhaps this is something a workgroup, and ethics workgroup, could look at?

Ken Hirsh: The question is, how do you differentiate between what you 'can' do and what you 'ought' to do? One option is to say that unless your group comes up with another policy, this university policy applies to you. As for students, you can't look at anything, you can't touch them. Staff? They are your employees and you can do whatever you want.

Tracy Futhey: It is easier for Chris to say 'no' to a department head or dean. But imagine if you are a system administrator and your boss comes in and says, "Do this." What do you do?

Robert Wolpert: Although there may be a difference between students, faculty, and staff, the reason people want to work here is that we treat them with some respect.

George Oberlander: We have a policy written and it is ready to go. What it says is that we cannot guarantee your privacy. We're trying to set what the expectation of what privacy is.

Mike Baptiste: Granting absolute privacy to an employee is dangerous. If you want to terminate someone and protect the company, you need to document everything.

Molly Tamarkin: I have an issue of people not recognizing what is a violation of privacy. We do orientation for students where we say that it is written that we monitor system resources.

Chris Cramer: Obviously, we aren't going to get to the other issues that need discussion, but here are some things to think about:

  • Some groups have an institutional policy of password sharing. Can we stop this?
  • Should departments who use contract system administrators be required to contract for system maintenance?
  • Do we need to have a security standard for departments and individuals running servers?
  • How do we handle Alumni wanting to use Duke resources?
  • Can we bless the security and privacy statement as an official Acceptable Use Policy?

Tracy Futhey: To compound this, there is increasing pressure from the recording industry on university presidents to meet head-on the issues of copyright violations and the Digital Millennium Copyright Act.

VI. Other business