{"id":260,"date":"2010-02-22T11:44:40","date_gmt":"2010-02-22T11:44:40","guid":{"rendered":"http:\/\/blogs.oucs.ox.ac.uk\/networks\/?p=260"},"modified":"2010-02-22T11:45:43","modified_gmt":"2010-02-22T11:45:43","slug":"visitor-network-account-lifetime","status":"publish","type":"post","link":"https:\/\/blogs-new.it.ox.ac.uk\/networks\/2010\/02\/22\/visitor-network-account-lifetime\/","title":{"rendered":"Visitor Network account lifetime"},"content":{"rendered":"

Several comments on my recent post about updates to the Visitor Network Account Management tool<\/a> requested an increase of the maximum account lifetime. Whilst this is more of a policy change than a feature update to the tool, and hence probably appropriate for consideration at the Network Advisory Group<\/a> (NAG), I thought some explanation here would be appreciated. I’ll certainly take this item to the next meeting of NAG for discussion.<\/p>\n

You can create accounts in two<\/strong> ways: either one-at-a-time within an existing group<\/em>, or in bulk at the same time as creating a new group<\/em>. The subtlety comes in that these two methods of account creation have, quite deliberately, different maximum lifetime limits. Individual accounts have a 14 day limit and bulk created accounts inherit the lifetime of their parent group, which can be up to 92 days.<\/p>\n

So the quick answer to the comments is that yes, you can already create accounts with a lifetime of up to a term, but they must be created along with a new group. As groups and accounts are “cheap and disposable” we see no problem in you using this as a way to achieve what you want. Admittedly you have less control over the data on bulk created accounts – the visitor’s name and so on – but we will address that in the updates mentioned in my previous post.<\/p>\n

But there’s more: on the group setup page is a field named “valid for X consecutive days<\/em>“, for use with bulk account creation. This allows you to set a start and end time for the group\/accounts which becomes a window of opportunity, within which the account can be used for X days since first log-in. So let’s say you create a group of 50 accounts with a lifetime of 92 days, but set them to have 21 consecutive days validity. You can give the accounts to visitors and they have a lifetime of only three weeks from first use, but you need only create that group once a term.<\/p>\n

Why the different maximum lifetimes, then? Well, it’s not random and we did consider carefully how the service would be used, and potentially abused; remember that we need to maintain accountability at all times as to who is accessing the network. One concern is that accounts with a long lifetime will either be traded between users, or have the credentials disposed of and subsequently recovered and used by a 3rd party.<\/p>\n

If you know, for example with summer school attendees, that they are here for a few months, then you can create a group of accounts with an extended lifetime. But for the majority of cases the visitor will be short-term and single account creation is adequate. Remember also that it’s often non-IT staff issuing accounts via delegated access to the tool, so we need to moderate their actions in a way which might not be necessary for an IT Officer -only tool.<\/p>\n

I think the above answers the questions raised, but if you still feel strongly, please do let me know either by email to networks@oucs.ox.ac.uk<\/a> or in a comment below. If you do, it would be useful to have an example of your use case – possibly we can tweak things to accommodate your scenario whilst continuing to safeguard access to the JANET network.<\/p>\n","protected":false},"excerpt":{"rendered":"

Several comments on my recent post about updates to the Visitor Network Account Management tool requested an increase of the maximum account lifetime. Whilst this is more of a policy change than a feature update to the tool, and hence … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[278,119,12],"tags":[],"class_list":["post-260","post","type-post","status-publish","format-standard","hentry","category-documentation","category-services","category-wireless"],"_links":{"self":[{"href":"https:\/\/blogs-new.it.ox.ac.uk\/networks\/wp-json\/wp\/v2\/posts\/260","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs-new.it.ox.ac.uk\/networks\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs-new.it.ox.ac.uk\/networks\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs-new.it.ox.ac.uk\/networks\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs-new.it.ox.ac.uk\/networks\/wp-json\/wp\/v2\/comments?post=260"}],"version-history":[{"count":15,"href":"https:\/\/blogs-new.it.ox.ac.uk\/networks\/wp-json\/wp\/v2\/posts\/260\/revisions"}],"predecessor-version":[{"id":275,"href":"https:\/\/blogs-new.it.ox.ac.uk\/networks\/wp-json\/wp\/v2\/posts\/260\/revisions\/275"}],"wp:attachment":[{"href":"https:\/\/blogs-new.it.ox.ac.uk\/networks\/wp-json\/wp\/v2\/media?parent=260"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs-new.it.ox.ac.uk\/networks\/wp-json\/wp\/v2\/categories?post=260"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs-new.it.ox.ac.uk\/networks\/wp-json\/wp\/v2\/tags?post=260"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}