Following is a description of the process for authentication and authorization for access to the private data area for the USAFA Class of 1965 web site at: https://usafa-1965.org Responsibilities ================ All --- + NEVER DISTRIBUTE CERTIFICATE PASSWORDS BY E-MAIL! + Contact the certificate distributer immediately (see below) in the event of any certificate password or e-mail password compromise. + Do not use any private information for commercial or business purposes or distribute individual contact data to non-classmates without approval by the individual involved. Webmaster --------- + generate individual SSL client certificates (and passwords) for all known classmate e-mail addresses + provide certificates (by e-mail) and passwords (by US Postal mail), grouped by cadet squadron, to each Cadet Squadron Representative and Alternate (if designated) + act as a Cadet Squadron Representative for those squadrons not yet having a volunteer + upon hearing of a password or e-mail compromise, immediately revoke the affected certificate and take all other necessary measures to bar access to the private areas of the site by that e-mail or certificate Cadet Squadron Representatives ("CS Reps") ------------------------------------------ + act as gatekeepers to the site by providing certificate files (by e-mail) and passwords (by telephone) to classmates desiring access + upon hearing of a password or e-mail compromise, immediately inform the Webmaster by telephone or e-mail Individual classmates ("users") ------------------------------- + for access to the site's private area: - the user must have a valid e-mail account (preferably not shared with anyone, but a spouse-shared account is allowed as long as it is known to be such) - the user's e-mail address will be the user name for access - contact the appropriate CS Rep (or alternate) by e-mail and obtain his telephone number - call the CS Rep and get the user's individual certificate's password Note: In order to receive access, the requestor must provide their contact information and agree that other classmates can view it. Procedures for accessing the site ================================= 1. Obtain a certificate and certificate password as described above. 2. Import the certificate into the user's browser(s) as described elsewhere. Not yet implemented: 3. Upon first attempted access, the user will have to register his user name (e-mail address) which he will then have to authenticate by visiting his e-mail and clicking on the token inside. The next step will be to enter a password which he will select. If the password is ever forgotton, he will have to complete the registration procedure again. (It is planned to have a password strength indicator and a password generator on the login screen for convenience.) Note: It is not critical to lose this user password as long as the e-mail account is not compromised since a new registration will override the old user password.