search

donders-research-data-management / rdm-wiki

Technical documentation for RDM
http://donders-research-data-management.github.io/rdm-wiki
1 stars 2 forks source link

document password requirements in FAQ on data acquisition #27

Closed robertoostenveld closed 8 years ago

robertoostenveld commented 8 years ago

@robertoostenveld: Een andere is over de pseudonimization key in SURFDrive. Er staat dat er in dat geval een wachtwoord gebruikt moet worden, maar eerder staat al dat er een wachtwoord gebruikt moet worden (dus eigenlijk altijd). Herhalen voor surfdrive lijkt me dan niet nodig, tenzij het eerder niet nodig is.

@EricMaris: Ook hier graag de input van Jean, van wie ik deze richtlijn heb overgenomen. Zoals ik het van hem begrepen heb, zit het verschil in “should” and “required”. Ik twijfelde al toen ik het overnam, want het verschil tussen “should” en “must” (Jean gebruikt “required”) is m.i. te subtiel voor de Donders collega’s. Ik zou gaan voor “it is good practice to …” en “it is required to …”.

robertoostenveld commented 8 years ago

terminology is according to https://www.ietf.org/rfc/rfc2119.txt

  1. MUST This word, or the terms "REQUIRED" or "SHALL", mean that the definition is an absolute requirement of the specification.
  2. MUST NOT This phrase, or the phrase "SHALL NOT", mean that the definition is an absolute prohibition of the specification.
  3. SHOULD This word, or the adjective "RECOMMENDED", mean that there may exist valid reasons in particular circumstances to ignore a particular item, but the full implications must be understood and carefully weighed before choosing a different course.
  4. SHOULD NOT This phrase, or the phrase "NOT RECOMMENDED" mean that there may exist valid reasons in particular circumstances when the particular behavior is acceptable or even useful, but the full implications should be understood and the case carefully weighed before implementing any behavior described with this label.
  5. MAY This word, or the adjective "OPTIONAL", mean that an item is truly optional. One vendor may choose to include the item because a particular marketplace requires it or because the vendor feels that it enhances the product while another vendor may omit the same item. An implementation which does not include a particular option MUST be prepared to interoperate with another implementation which does include the option, though perhaps with reduced functionality. In the same vein an implementation which does include a particular option MUST be prepared to interoperate with another implementation which does not include the option (except, of course, for the feature the option provides.)
robertoostenveld commented 8 years ago

In my initial comment to the text I failed to notice the subtleties. I will change it such that

If stored on surfdrive, it MUST (i.e. is REQUIRED to) have a password. Also if stored on a local hard disk of a laptop (prone to loss or theft) or of a shared desktop computer (prone to unauthorized access), it MUST have a password.

Otherwise (this includes it being stored on a hard drive of a non-shared desktop, or on a password protected network drive with appropriate permissions), it SHOULD (i.e. is RECCOMENDED) have a password.

agreed?

hadrianswall commented 8 years ago

Agreed!