Attendees:

• Kevin Rooney
• Greg Kroll
• Randy Marchany
• Brad Tilley
• Susan Brooker-Gross
• Rhonda Randel
• Kim Homer
• Dean Kirstein
• Karen Herrington
• Ken McCrery
• Marc DeBonis
• Mary Dunker

Requirements discussion:

Marc: We already have a process in place that manages Q/A pairs -- PIDGen. Since we allow peoople with PIds to create Hokies IDs, we could utilize the same web service for PIDs and Hokies both. Could we use the same challenge/response web service and affiliations to determine question set? Could we use the same application infrastructure web service.  Interface would show allowing resetting PID & Hokies using the web service. MIG could communicate with the existing web service. PIDGen uses Spring technology. Question: Could/should we use the same technology; i.e., web service that is currently used by PIDGen? Answer from all:**YES

Daniel: should we require a person to set up 3rd party e-mail before setting up Q/A? Advantage is another piece of information. Disadvantage is that some poeple do not have external e-mail accounts, and we have encouraged people to use VT e-mail. Discussion revealed that using a 3rd party e-mail during password reset process is very common in industry. In the vT environment, it might add some amount of functionality/security, but could be outweighed by the political task of requiring users to obtain and maintain a 3rd party e-mail address. Vote: requrement YES 0, option 2. Can be revisited in the future.

Brad: Should VT ID number be required? ID numbers are sequential so this does not offer any security. Kevin: We just ask that to say you must be this tall to play. 

Marc proposal: Use existing questions that are used today to allow a person to create their PID. Susan: When a person is first establishing their identity, the information in the questions used for PIDGen is less well-known than after a person has created the PID. Too many people have access to this data.  Vote: Should we use the existing Banner data alone for challenge/response? Vote: 4 YES.  Fastest, cheapest, easiest way to roll this out.

Should we require challenge/response Q that are different from those used for PIDGen today? Vote: 5 YES

Should we offer challenge/response as an option for users in addition to using Banner questions? 4 YES

Randy: Let people create their own questions.