Lee Badman wrote: > Anybody rethinking any of their sponsored guest/open access policies > because of CALEA concerns?
Bingo. We are just beginning to roll out a means of provisioning sponsored accounts. Basically, a student, faculty, or staff member will be able to create N number of guest accounts with a duration of X days, limited rights granted to the network. It's expected that maximum values of N and X will vary with the role of the creator. Sponsored accounts will have a standard prefix to avoid collision with existing usernames, and passwords will be generated at account creation. These sponsored accounts will then in turn be permitted to authenticate to the network via Cisco NAC. All wired and wireless communications will pass through Cisco NAC, so we'll catch everybody. This will replace the built-in guest access provisions of Cisco NAC. We're doing this as a part of a self-service password reset application we were already considering -- that's the carrot to go along with the stick. -- Regards, -- Cal Frye, Network Administrator, Oberlin College www.calfrye.com, www.pitalabs.com "In American work places, bosses routinely snoop into personal e-mails and monitor our web-surfing practices. How did it come about that so many Americans have grown to accept such demeaning intrusions into our privacy?" -- Phil Rockstroh. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.