Open yozlet opened 8 years ago
You can remove Handbook from the list, @yozlet.
The documentation working group has a goal of 8/4 to make the Handbook public and are tracking our progress in 18f/handbook#829
Thanks @jeremiak! I'll keep Handbook in the list for the moment (since it's still a dependent) but link the issue.
What was the final count of apps and departments that were using MyUSA?
@StephenOTT: Five apps, all 18F (though a couple of those were for users outside 18F, but still within government). See the nested list in the issue checklist.
@yozlet ah! haha, I read that list as those were the alternative apps systems could validate against. Now that i look at the list in more details, that assumption does not make much sense :)
Thanks
@StephenOTT Yep, sorry if that wasn't clear! Will be providing the list of alternative auth systems shortly.
@StephenOTT Thanks! Looks impressive, but this isn't the best place to discuss it. Let's chat elsewhere. :)
https://docs.cloud.gov/apps/leveraging-authentication/ is good alternative for something like C2 (which is all GSA users)
Thanks @pkarman! Yep, the current alternative auth methods list looks like this (and I'll keep this comment updated):
Pros:
Cons:
Pros:
Cons:
Pros:
Cons:
Pros:
Cons:
Not in this list: login.gov. (because it's too far from ready, and also it's not meant for gov-to-gov auth)
I added an item to remove MyUSA from the the data.gov inventory once the AWS instances have been shut down. This is not a difficult process (it just means sending an email and @gbinal or I can handle it), but I wanted to add it to the list.
FYI - I'm working with Yoz to shut down MyUSA so may be reaching to folks with questions and asks for help.
@yozlet FYI https://github.com/18F/Infrastructure/issues/691
@yozlet per guidance from @NoahKunin:
@yozlet I'll reach out to Lauren Pierce.
no word from Lauren Pierce yet. Pinged today.
still no word from Lauren Pierce. Trying to get info another way through CIO/CTO contacts.
Also pinged.
On Tue, Oct 11, 2016 at 11:19 AM, Ric Miller notifications@github.com wrote:
still no word from Lauren Pierce. Trying to get info another way through CIO/CTO contacts.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/18F/myusa/issues/762#issuecomment-253000525, or mute the thread https://github.com/notifications/unsubscribe-auth/AAifT8W1M3sClG6Dq4dueGZ_sbFJ9xgWks5qy9NAgaJpZM4JK6Ua .
Noah S. Kunin Infrastructure Director https://18f.gsa.gov/team/noah/ | Technology Transformation Service http://www.gsa.gov/portal/category/25729
Adding note to redirect my.usa.gov to login.gov once this is done.
@NoahKunin Good idea - in that case, I'll take out the gravestone landing page.
Open Opps's recent security incident has caused them to shut down MyUSA access. However, I'm not ticking them off the list just yet because they may still need access to the MyUSA data in order to retain access to those accounts. I'm planning on talking to their team about it.
guidance from Lauren Pierce. will review NARA guidance and work with @yozlet on next steps.
Since this is just profile data for users of a system/website not involving classified data, then the profile data can be destroyed when there is no longer a business case to keep it. The disposition authority is GRS 3.2/030. GRS stands for the NARA General Records Schedule that can be referenced here: (https://www.archives.gov/files/records-mgmt/grs/grs-trs24.pdf).
Great! Since the system is no longer ours (OPM), I'm going to set a deadline of 10/31 on this before we "tick them off". No OPM users had MyUSA after all.
On Fri, Oct 21, 2016 at 2:21 PM, Yoz Grahame notifications@github.com wrote:
Open Opps's recent security incident has caused them to shut down MyUSA access. However, I'm not ticking them off the list just yet because they may still need access to the MyUSA data in order to retain access to those accounts. I'm planning on talking to their team about it.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/18F/myusa/issues/762#issuecomment-255437039, or mute the thread https://github.com/notifications/unsubscribe-auth/AAifT__iDzqex7x3n8NcI5DgoCXUkkBtks5q2QKagaJpZM4JK6Ua .
Noah S. Kunin Infrastructure Director https://18f.gsa.gov/team/noah/ | Technology Transformation Service http://www.gsa.gov/portal/category/25729
updating issue based on past convos w/ @yozlet . sorry it took so long
I spoke with Navin and Pranjali Desai re: who is responsible for records archiving and destruction. Program office is responsible.
I also reviewed General Records Schedule Section 3.1, and 3.2 - specifically item 3.2/030 - along with the accompanying disposition authority DAA-GRS-2013-0006-0003. I think we need to:
Under 3.2 (1) Archive "files created as part of the user identification and authorization process to gain access to systems and monitor system usage", and "destroy 1 year after user account is terminated or password is altered or when no longer needed for investigative or security purposes, whichever is later." Examples include:
Under section 3.1 (2) [very conservative interpretation but doesn't hurt us to go this way] Archive the following types of records and "destroy 5 years after system is superseded by a new iteration, or is terminated, defunded, or no longer needed for agency/IT administrative purposes, but longer retention is authorized if required for business use." [basically: all other work product not covered under #1]
@yozlet I think at this point you're up in deciding next steps on how we do ^. What do you need from me? Happy to help where I can.
@ric7694 Thanks for this. Extracting the data from the database - in a single mostly-encrypted big blob - is pretty easy. However, I'm not sure where or how we should store it. I'm guessing that creating an S3 bucket in GovCloud with an additional explanatory README
file is a start, along with pointers from various places (such as this issue) should we somehow ever need to find it again.
@NoahKunin: do you know of a better place to put it?
App switch updates:
And with that, I believe we've removed all the dependencies on MyUSA.
@ric7694 I assume that the "system development records, configuration records and change management records" discussed in 3.1 (2) basically consist of this GitHub repo. (My previous comment about The Big Database Blob is in answer to 3.2 (1), though that might also need log file storage, which would need to be retrieved from cloud.gov.
@yozlet yep, I think that's a reasonable interpretation/assumption of "system development records, configuration records, and change management records." I also think that google docs and other work-product falls w/in those buckets.
My question at this point - for all of us to engage on - is which records housed in GitHub (as part of an open source project) should be destroyed vs. which ones should be open for all time for all to see. If we draw a line (dotted or solid) from "business use" as justification for "long retention" to 18F's business decision to be open first, it's arguable that some parts of the repo - even if we're not actively maintaining it day-to-day - should not be destroyed ever, and should remain open and available to all for all time. I'm just spitballing tho.
I'm interested to hear @NoahKunin and @konklone 's opinions.
Yeah, I don't think we should destroy our GitHub repositories and documentation after 5 years. It's certainly possible we could archive this repository (and other unused ones) in some way, but if we did that it should be a public archive. The easiest thing to do is leave this repository as is and mark it as deprecated or inactive in its description.
@konklone beat me to it. ^^ is what we do for now. Record retention policies set floors for us in this regard. Not ceilings.
Conversely, we treat user data the opposite way. We try to destroy or ideally avoid the collection of private data to begin with, as much as possible.
Also, HUGE CONGRATS to @yozlet @ric7694 @harrisj and anyone else who worked on this. Huge effort.
Let's get my.usa.gov (presuming this will need a GSA IT Service Desk ticket) redirecting to login.gov and get this issue closed!
Adding detail on the SORN conversation - this from @jpyuda:
"The former myUSA SORN was renewed and amended so as to be in place for the (very early stages) usa.gov information exchange project. [...] Keeping this SORN alive, while somewhat unusual, will save us time and money later and is something we want to continue to do."
I am thus ticking off the SORN item from the pre-shutdown checklist, which means that all the pre-shutdown items are now done.
Next step: Formal decommissioning. Adding @NoahKunin and @jezhumble here since they have the required form(s).
Regarding Data.gov: Link to MyUSA from "Developers" page removed, and MyUSA Citizen API will be removed by Cindy Smith from the Data Catalog tomorrow.
The decommissioning from has been signed and transmitted.
@NoahKunin So, just to absolutely clarify plans for the user data, which is stored as a big mostly-encrypted MySQL snapshot, which of these is best?
MyUSA
folder in Google Drive that might be a good home for this), with a README, but don't worry about the decryption key; put a "delete that bucket" event on people's calendars, dated a year from nowI ask because I'm slightly confused between discussion of GRS 3.2/030 apparently saying "at least 1 year", and you saying that we want to destroy user data as quickly as possible (which makes much more sense to me).
As per the Privacy Officer at the time, delete it.
But now I'm a little confused, what do you mean by "mostly" encrypted? My understanding was that profile data was encrypted at the row level.
AFAIK (and I can double-check this if needed) the user's email address was not encrypted, whereas all other PII fields (incl. first & last name, etc.) were.
If the app uses Devise and there was no additional encryption work done, then yes, the email is stored in plain text. We just had to solve that problem for login.gov.
The draft MyUSA Infrastructure removal audit document is now on GSA Google Drive, and that is what it's called so you can search for it (because I think I shouldn't be directly linking to it from here, but maybe I'm wrong), and I would greatly appreciate folks in this thread giving it a quick scan (it's very short) and thinking about whether I've missed anything.
Aware of the email not being encrypted, that's fine. It was the term "mostly" that threw me off. Either it's a blob or it's in a structured filed, it's either encrypted or it's not. No worries there.
No comments on the doc. Links to GSA Google Docs are fine in public places, it just means you'll occasionally get weird people / strangers potentially asking for access. Obviously, don't give it to them (and since they're outside of our domain, you can't).
Audit looks good, nothing off the top of my head.
It's time to send MyUSA to the authentication service farm upstate where it can run around with the other OAuth2 gateways, chase PII and eat all the budget it likes.
Reasoning
We have too few people and resources to be able to maintain the MyUSA service. The code is gradually bit-rotting due to its reliance on outdated versions of key Ruby gems. As this continues, our ability to safely maintain and deploy it is being eroded.
This wouldn't be such a grave situation if there weren't still active projects depending on it. We need to definitively announce closure and coax dependent projects to move to alternative authentication & authorization services.
Plan
Pre-shutdown
omniauth-myusa
to RubyGems so it's updated there tooShutdown
Create new landing page for old MyUSA URLsnew landing pagelogin.gov