Blogs.Oracle.com

OracleOracle has taken an interesting step, and I hope others will follow.

Blogs.Oracle.com seems to have been created as an Oracle blogroll! Why is this important? Well, for one thing it means Oracle is encouraging their employees to blog, but additionally they are also linking to non-employee blogs.

Here’s the introduction from Blogs.Oracle.com:

Welcome to the Oracle blogging community, where Oracle executives, employees, and non-employees alike exchange views about best practices for using Oracle and industry-standard technologies. This continuous feedback loop helps Oracle stay in touch with the needs of the overall community, so keep those comments coming!

This not only validates what others have been saying regarding the value of blogging in the corporate environment, but also recognizes the role that non-employees play in the big picture.

Check it out at Blogs.Oracle.com. Right now there are a couple dozen employee blogs and fourty-something non-employee blogs. Hopefully they’ll stay on top of adding new folks as they come along.

blogging, information technology, internet, technology, web, web 2.0, web office, blog, database, database administration, database programming, dba, pl/sql, plsql, sql, oracle

Why blog?

Every once in a while I revisit the question of why I blog. Not because I doubt that I should, but because I see by blog as a living, evolving part of my personal and professional self.

Rod Boothby of Innovation Creators sums it up nicely in reference to MBA students:

With 10 minutes of effort a day, they use blogs (which are web pages that are easy to edit) to reach a massive audience. They can develop a worldwide reputation as an expert in their field. These MBAs don’t blog about parties or their dog. They blog business topics like marketing or financial derivatives. Even with traffic of only 5 to 10 people a day, that quickly translates into over 1,000 people who know who they are, and respect their knowledge and opinions.

This is from Rod’s whitepaper “The Next Wave in Productivity Tools – Web Office White Paper” in which he discusses how many Web2.0 technologies and the folks who use them are entering the corporate world. It’s well worth the read.

Thanks to John for sending this on to me.

blog, blogging, web, web 2.0, internet, information technology, technology, web office

Telecommuting Web Resources

With a fairly long commute (45 miles each way) and gas above $3 per gallon I have been doing a little homework on telecommuting, also known as telework.

The Office of Personnel Management and the General Services Administration have some extensive telework resources for federal employees. The site www.telework.gov is full of great information including resources for identifying good candidates for telework, maintaining a good working environment when some employees telework and others do not, and evaluating the performance of teleworkers.

More pertinent to higher education, the University of Minnesota has much of their telecommuting policies and agreements available online at this page including a supervisor’s toolkit for implementing telecommuting. They outline the following potential benefits of telecommuting:

Society:
• Supports the Clean Air Act/Reduces air pollution
• Reduces traffic congestion, fuel consumption
• Supports the Americans with Disabilities Act
• Provides more job opportunities for the disabled, part-time, and semi-retired
University Units:
• Enhances employee productivity and work quality
• Increases long-term recruiting, retention, and loyalty of employees
• Improves employee morale and job satisfaction
• Increases workforce diversity by widening of labor pool
• Reduces overhead costs, especially in capital investments
• Reduces employee sick leave and absenteeism
• Enhances employer image in partnership with 21st century
• Enables employees to work during weather emergencies
Employee:
• Enhances job productivity and work quality
• Improves morale and job satisfaction
• Provides greater degree of responsibility
• Provides greater lifestyle flexibility in meeting family and job needs
• Reduces commuting time and stress
• Reduces transportation costs
• Provides satisfaction from greater employer trust

Of course there are more resources out there, but I believe these two are a good starting point for any employer or employee.

While my institution does not recognize telecommuting, well, let’s just say I’ve still been doing a lot of thinking about it. Hey, it’s better than looking for another job…

Technorati tags: , , , , , , ,

Password Management in an Identity-Theft World

The problem

At Plymouth State University we, like many institutions and organizations are facing the challenges of password maintenance for our twenty-some-odd thousand constituents, many of whom may never visit our campus. As our systems become more integrated, password security becomes more important. Today a user accesses everything from address information to grades to financial information all with the same password.

Historically a system was used in which an initial password was set up for users when their accounts were created. In the case of a forgotten password, a user could present a college ID in person (which they had to present a government issued ID to obtain) and we could update their password. This has proven to be time consuming for the IT department and is inconvenient to our growing audience of distance education students and alumni.

Other popular solutions to this problem currently being used at other organizations include the use of security questions, alternate email addresses, or remote assurance of identity by a third party (e.g. notary.) None of these options provide a complete or ideal solution for the following reasons:

Security questions:
– Answers to standard questions like “What is your mother’s maiden name?” or “What is your pet’s name?” can be easily researched or even guessed.
– Offering a free-form question frequently results in overly simple question/answer pairs such as the question: “What color is the sky?” with the answer: “Blue.”

Alternate email address:
– As we provide email services we do not want to require the user to maintain a separate email service.
– Email accounts, especially those associated with an ISP are rarely permanent.
– Email addresses may be re-used resulting in password information being sent to a third party.

Remote identity providers:
– Time consuming, cumbersome and costly for the end user.
– Involves extensive manual processing at the institution.
– Difficult to identify remote identity providers globally.

Another potential solution which has become available is Faces. This is a commercial solution which presents the user with a series of faces to remember. To authorize the user to change their password, they identify the unique pattern of faces they were given to remember. The company claims users have no problem remembering their face-code after two years; however, our user relationship may last 80 years or more. This solution is also likely to be costly.

Our solution

Faced with this password management challenge, Zach Tirrell and I have formulated the following solution.

When a user obtains an account in our system, regardless of their relationship with the institution (student, faculty, alumni, guest) they will receive a username and Password Change Authorization Code (PCAC) through the mail. The PCAC is a 32 character code, unique to that user.

Upon receiving the PCAC, the user is instructed to keep it in a safe place, such as with their birth certificate or social security card. While the user’s account has been created it is initially locked. With PCAC in hand, the user accesses a secure web form on our site. They are prompted for their username, PCAC, and their desired password. Upon entering a password which fits our requirements (capitalization, numbers, etc.) the account is unlocked and the user may now log in with their password.

Users can change their passwords at any time with their current password. If the user has forgotten their current password they can change it with the same procedure as when they set it up, provided they have access to their PCAC. This offers the user the opportunity to change their password anytime from anywhere and frees them from the necessity of either providing personal identifying information over the phone or having to be physically on campus.

Of course we do expect some users will loose their PCAC. A user can request a new PCAC be sent to them at a known address at any time. Even without their current password we would mail a new code to the user. This cannot be done without the time lag of a few days in the mail; however if the user fulfils their responsibility to keep their PCAC in a safe place they should never encounter this delay.

This solution has the potential to increase the security of user passwords, decrease the time to reset passwords, and decrease the amount of human intervention and IT time involved in password maintenance. Perhaps more significantly the responsibility for securing and resetting passwords is put in the hands of the user.

This flowchart (pdf) outlines the entire password process. I have also provided an example of the PCAC here.

This process is still in the design stages here at Plymouth State University. While we are airing it internally we are also looking for outside opinions. If you have any suggestions or comments please leave a comment here, or email me at jon@lifeaftercoffee.com.

To read more about our procedure, check out Zach Tirrell’s post about this procedure on his blog.

Technorati tags: , , , ,