I suggest you ...

allow potential service consumers to limit their usage authorization request to only the less sensitive resources

We're preparing the paperwork to request FWS authorization for one of our applications. Relative to other UW services, it's a fairly rigorous process, considering we only want org code and org name data, neither of which seems to be of a sensitive nature.

Since we're trying to follow best practices in terms of not re-using already approved certs across multiple applications, I anticipate we'll have to go through the approval process at least a few times.

It would be nice if we could self-regulate in exchange for a less rigorous authorization process - i.e. don't let us see sensitive stuff, and therefore don't require signatures, application design review, etc.

The PWS model seems to work well from my outside perspective - an online form is available to request EDS data, and approval is pretty quick and simple if you don't require student data.

Maybe other services would benefit from this same recommendation? I'm only picking on FWS because it's the one I'm working with right now.

23 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    rhbeckerrhbecker shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    acknowledged  ·  Tony ChangTony Chang responded  · 

    We definitely recognize this is a real problem. We plan on working with the FWS data stewards to see if we can develop a lighter weight process for certain resources.

    1 comment

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • rhbeckerrhbecker commented  ·   ·  Flag as inappropriate

        Thanks, Tony. For what it's worth, everyone involved in the approval process was very helpful and responsive. This is at least as much about not wanting to bug them repeatedly as about saving ourselves time / hassle.

      Feedback and Knowledge Base