Penfield Cottage - Key Administration

Penfield Cottage

Key System Information

This Web site has restricted resources and tools not intended for use by all visitors. You can think of these resources as being behind locked doors, which can be unlocked using keys issued by the Key Administrator.

Types of Access

To use restricted resources you need to demonstrate that you are someone to whom an appropriate key has been issued. Normally you do this by signing in -- identifying yourself and entering your password.

Individuals: You may sign in as yourself, using your own personal password.
Groups: Groups include several people, for example students in a class. Some of them may have their own personal password, and others may use a group password. Members of a group may use any key issued to the group.
Courtesy Access: On some sites access to some restricted resources is granted by request, without a password, to any visitor. You can think of these resources as being behind doors that are closed but not locked.
Automatic Access: On some sites access to some restricted resources is given to people using a computer with a domain name or IP address within a particular range. Signing in is not needed. You can think of these resources as being behind doors that open automatically for those computers.
Certificate Access: Some sites are set up to recognize personal digital certificates in lieu of signing in.

New Users

To request a key as an individual user, with your own personal password, use the New User Key Request Form. After approval by the Key Administrator you will be able to use the restricted resources.

Current Users

If you are a current user and your name is not in the pop-up menu on the password form, perhaps you are seeking a resource for which you are not eligible. Each resource has its own key or keys (see below); to get the necessary key, ask the Key Administrator.

Individual users: to change your password, your email address, your name, or your password hint, use the Change Form. This link appears on the password form, and on some pages served by restricted resources.

Forgotten Password

If you have forgotten your password, use the button provided to see your password hint, which you yourself defined when you specified your password. If this is enough to remind you of your password, fine; if not, contact the Key Administrator directly and ask for a temporary password. Then take the first opportunity to change your password.

Signing in

If you have already signed in during this session within the previous ten hours, and have a key for the resource you are seeking, you do not need to do so again. Or if your computer qualifies for Automatic Access to this resource you do not need to sign in. Or if your personal digital certificate identifies you as someone with an appropriate key, you do not need to sign in. Otherwise you do.

After identifying yourself and entering your password, you access the restricted resource immediately, and can continue for the next ten hours, or until you quit your browser.

On occasion, you may see the password form in the middle of a session. This happens if you attempt to access a resource for which you have no key (see below). Then you will need to impersonate someone who has a key.

If you see the password form repeatedly, perhaps your browser is configured to reject cookies. Temporary cookies are used to inform the Web site that you have already signed in. These cookies do not remain on your computer after you quit your browser.

Signing off

Normally you do not need to sign off after accessing these restricted resources. Signing off is automatic after ten hours, when you quit your browser, or when you turn off your computer. The next time you try to use restricted resources you will be asked to sign in again.

Perhaps you want to sign off anyway, without quitting your browser. This may be because you want to let someone else sign in, because you want to see the password form for some reason, because you want to end Express Signon, or because you are leaving your desk and are concerned about security. At the bottom of some pages served by restricted resources is this Signoff Link which will sign you off.

Express Signon

The Express Signon feature allows you to stay signed in for the next six months, instead of being signed off when you quit your browser or turn off your computer. This is a convenience if you are the only person using your computer, but it is also a security risk because anybody else using your computer will automatically impersonate you. Therefore it should not be used in an open office environment. The Key Administrator must enable it for your computer, and then issue you the key express. At this point you can start using Express Signon by checking the “Remember me” box the next time you sign in. Express Signon will continue for six months, or until you deliberately sign off, or until another person signs in using your computer, or until you use the Change Form.

Keys

Different restricted resources are intended for different users, and can be accessed using different sets of keys. If you do not have the right key your name will not appear in the pop-up menu in the password form.

To see which keys you have been issued, look at the Change Form. To request a key you do not have, contact a Key Administrator (see the list below).

Here is a list of the keys currently in use for this site, and the corresponding restricted resource(s).

Key	Restricted Activities
`admin`
`any-person`	View site map
`archive-editor`	Create Digital Object Edit existing Digital Object
`archive-manager`	Configure existing Digital Archive Edit existing Digital Archive Edit existing Digital Collection Start Digital Collection
`calendar-manager`	Manage calendar
`content`	Edit news headline Set up forms View advanced usage View file metadata View site files
`host`
`key-administrator`	Authorize access
`pencot`	Edit graduation View anniversary View birthday View fullmoon View holiday View meeting View pencot reservation View talk Visit pencot region
`postmaster`	View email actions
`programmer`	See debugging reports View advanced usage
`reservation-manager`	Edit graduation Edit meeting Edit pencot reservation Edit talk
`secret`	See shared secret
`system`	Edit anniversary Edit birthday Edit fullmoon Edit graduation Edit holiday Edit meeting Edit talk
`webmaster`	Edit configuration file Edit meeting Edit pencot reservation Edit site configuration Edit talk Install resource Start Digital Archive Start Digital Collection Test code View advanced usage View external files View file metadata View site metadata View technical information

Key Administrators

Users with the key key-administrator approve new users, issue and revoke keys, delete users, enable and disable Express Signon, and assign users to groups. Key Administrators can issue temporary passwords to users who have forgotten theirs, but cannot change email addresses of individuals (except themselves). Key Administrators can also define attributes and assign them to users. Key Administrators cannot see your password, even during the approval process.

Key Administrator(s) for this site:

Paul Penfield, Jr. <paul @ penfield.us>

If you are already a user but need an additional key, want to return a key no longer needed, or want your name removed from the list of users, you should notify a Key Administrator (see the list above). You can do this by email, letter, telephone, or direct contact. If more than one Key Administrator is listed, any of them can help you.

Privacy of Personal Information

As an individual user, after approval of your request to access restricted resources on this site, some of your personal information is retained and used in the following way:

Your name, used to identify you, can be seen by anyone attempting to access restricted resources.
Your email address, used for communication with you, cannot normally be seen by visitors, unless you are a Key Administrator.
Your password hint is for your benefit. It is not used by the Key System but can be seen by anyone who may want to impersonate you.
The optional message that accompanies your new-user request is sent by email to the Key Administrators for their information, but is not retained or used by the Key System.
Your password is used to authenticate you, that is, verify that you are who you say you are. It cannot be seen even by Key Administrators. It is stored in encrypted form. However, when you sign in, your password is sent from your computer to the Web site without encryption and, like all messages sent over the Internet, can be read by eavesdroppers using techniques known as “packet sniffing.”

The file which contains your name, email address, hint, and keys is not encrypted but is restricted so that it cannot ordinarily be accessed except by Key Administrators or webmasters (those with FTP or shell accounts).

Different sites have different policies about sharing this information. However, you should be aware that security on the Internet is difficult and computers are sometimes broken into, so you should not depend on this information remaining confidential, regardless of the site policy.