Its not often I do a personal post (if ever), but Devin did this a while ago, so I don’t feel as bad!. I’m selling my Alfa GT. Its a fantastic car (its my third alfa) and it has almost every extra known to man. If you are local and interested, drop me a line or call 0862838545
Over the past 12 months, this question
has raised its head a few times, and I would love to get some opinions
from the community on what they see in the IT world or what they think
is a good practice.
Scenario:
More and more frequently, information
is being dealt with outside of email. A good working (browser based)
example of this is Quicr or Sharepoint, where people are collaborating
and sharing data using default templates. Pretty soon, this will
be escalated as Activity servers get deployed. As this is occuring
more and more frequently, a byproduct of this is the desire to allow external
people to your organisation access to this data. The question follows…
what way is the best way to accomplish this?
You have 2 specific problems. The
first problem how does mr external get access to the data you want him
to get access to. The second problem is how do you verify if the
person is who they say it is. A sideline problem of this is how do
you do this without tying yourself up with massive management overheads.
First problem – allowing mr external
access to your data
There are a few possible solutions to
this….
Solution 1 – Allow them inside.
Grant the external person access to
your network via VPN, Keyfob or whatever method you use. This has
license implications and management implications. However, the data
is still on your LAN always.
Solution 2 – Place some of the data
outside the network
It would be possible to replicate some
of the sites that ou want people to collaborate on to a DMZ, and grant
access that way. This has a lesser management implication, and if
the data is on your DMZ, it is still with you. Mr external can then
access it through a browser as needed.
Solution 3 – Place all your data offsite
in a data centre.
This is the "way out" soloution
(at the moment). Place all your data in a location that is available
to all users, be them internal or external, and use your security levels
to allow/restrict access. This is quite Web 2.0ish, but data protection
could have a lot to say about that. Do you trust the data centre?
Do you trust your security that much?
Second problem – trusting that Mr
external is Mr external
Going with solution 1 above means that
each external person has an external account created in your internal domain,
which is secure and you can manage the account. Assuming you
add a vpn account or keyfob/cert this is secure by today’s standards.
But lets say you don’t do that.
If you want to maintain external users
effectively, you need to maintain them in an external directory. This
is where their details are kept, including authentication information.
In addition, this is what your external data would be used for authorisation
off. Lets assume LDAP. The directory contains account information,
including their password. Microsoft and IBM use something along those
lines, with their passport sites (IBM’s has come a long way), and external
people enter their name and password on a SSL based site. But the
question remains, is a user name and password enough?. Typical answer
is "it depends on the data" so lets assume that the data could
hold sensitive information. The IBM one already does for Business
Partners. Is giving a person a user name and password enough to keep
corporate sites happy? Do you also issue SSL certificates to the
browser? Do you also require PIN number authorisation on top of name/password?
I would like to know what other sites
are considering good enough these days, especially ones that fall into
the above categories.
Warren and IBM have done a great job
putting together the first UK Lotus User Group meeting for the 26th September,
in Hatfield. There is already a great line up of speakers (and me)
and a hands on lab…. (stay tuned for details!). I am going to GUESS
that this event will reach capacity QUICKLY… so register. its a
free event. Details are here.
I have been mucking around with the
whole social networking scene. Something that has been on my list
for a long time. So, I finally started to look at linkedin (my account
is created). I created an account on the huge Bebo site (huge over
here anyway) and now a Facebook account. So I will be playing in
these realms over the next few weeks as much as here. If you have
an account in any of those places, sure add me in.
Im not too sure if Bebo is big in the
US or not, but are any of the geeks on it?
In Heathrow airport now, waiting for
my flight to Dublin on a Saturday morning which unusual in itself in the
fact its not pissing from the heavens. For the first time in two
years (I think) I attended a conference without having to speak or really
be part of it, although I did offer to do anything I could to help out.
Collaboration University is a great example of a focussed technical
conference. All sessions went deep, and assumed skill from the outset.
The size of the event lead to excellent speaker availability, and
many "out of session" conversations were had, all of them related
typically to deep technical issues. There is a lot of positive feeling
about Quickr, and many sites were about to implement or testing functionality.
A LOT of people bore my frustration on LDAP directory usage in Domino
and provision of awareness in these applications. One quote keeps
coming to mind "This Sh1t is supposed to work together!". Rob
Novak and the team put together an excellent list of sessions, and gave
useful, practical tips to the delegates on a minute by minute basis…
Presentation content was excellent, and the slides very descriptive
and able to be brought home and followed as "how to" instructions.
Another theme that was quote prevalent
was socialising (or beer to be specific). There was a lot of that
available to anyone that wanted it. Collab Uni started at 8am every
morning… and even though the sessions finished at 6.30pm (do the math..
its a long day) the booze began soon afterwards. Many people had
a post Lotusphere glazed look to their eyes by the end of the last day.
That being said, the majority of the people already planning attendance
for Collab Uni 2 in September. I know I am.
Excellent work by Rob, Chris, Gab, Carl
and all the others at the event.
