The University of Nebraska-Lincoln's LDAP service now requires secure communication for all connections, improving the security of UNL usernames and passwords. All systems that communicate to LDAP must use TLS/SSL beginning August 1.
The LDAP directory contains the My.UNL usernames, passwords, and other important attributes for all UNL users.
"Securing LDAP is one step in the process of following best practices formulated by InCommon," says Brett Bieber, Identity Management Lead for Information Technology Services.
InCommon is a federation of many leaders in higher education, including University of Nebraska campuses and Big 10/CIC institutions, with the goals of interoperability and trust in electronic authentication.
The standards from InCommon define two levels of assurance with electronic authentication: Bronze and Silver. The standards require detailed analysis of operating procedures, and adherence to best-practices in Identity Management.
A first step was to require secure communication of the credentials faculty/staff/students use, and in April, 2013, the Identity Management Steering Committee published a policy to that effect.
Over the last year, developers at UNL have modified their applications to meet the requirements and ensure the security of the usernames and passwords of UNL constituents. Without this basic requirement, UNL would not be able to meet the Bronze or Silver Levels of Assurance from InCommon.
By working to meeting Bronze and Silver, UNL faculty, staff, and students can access internal and external services with reduced risk and those services will have higher trust in the users accessing their systems.
For more about InCommon, go to http://www.incommon.org
For information on the secure credential policy, go to http://idm.unl.edu/authentication-services-policy