[Drupal] pro

Abraham, George Abraham.46 at osu.edu
Tue May 18 15:02:09 EDT 2010 

Quick note on the SSL front; Scott Cantor lets us know that we might have an option. InCommon Federation (of which OSU is a member) has reached an agreement in principle with Comodo for providing higher ed institutions with unlimited certs at a flat rate for the whole institution. So the cost would be at a highly discounted rate. By the way, this is not just SSL certs, but also personal signing, encryption and code signing PKI certs. The cost for a large research univ is supposed to be around $20000 per year. In addition, since we are an Internet2 member, there is a 25% discount. Full rollout is supposed to happen during Summer 2010.

If people think this is a good idea, please express that to the Office of the CIO. 

Details here: http://www.incommonfederation.org/cert/

George

On May 18, 2010, at 9:00 AM, Jason Little wrote:

> I like the new site too.  Great job Mitchell.
>  
> Our approach for shib/ssl is nothing special.  We use site alternate name certificates from Geotrust.  We had to set up our own account with them to do this.  They gave us the “education” rate of $500 for 5 domains + $29 / domain up to 25 total.  So if you’ve got a lot of sites, you’re looking at around $43 per domain.  Although others offer much cheaper SANs, that’s at least competitive with low end single site ssl certificates, and I think the renewal rate may be lower.  You can change your certs around or add new ones at any time.  You just need to regen the certificate.  Because it’s a single cert, it only requires one ip address.  SANS are licensed per server. 
>  
> With a lot of osu.edu sites in our org, it’s tempting to just get a wildcard, but that would probably be excessive and a security liability.  The SAN approach also has the benefit of being able to handle non-osu.edu domains. 
>  
> We use geotrust because they were the official supplier recommended by OIT and we once had trouble with another vendor.  Compared to others, they are extremely expensive and have a propensity for messing up our orders.  That said, I’ve found that our service rep, Dennis Hopp (dhopp at verisign.com), has been pleasant to deal with and helpful in sorting out the messes.
>  
> I think you can use shibboleth without SSL, but I’m not sure if Scott supports such configurations.  Personally, I like the idea of having SSL on anything that requires authentication.  In the end, a cost of around $43 per domain is trivial compared to the overall expenditure that goes into producing and maintaining a site. 
>  
> We use the secure pages module to force SSL for some sections (admin, ecommerce) but not others (normal content).  This minimizes load caused by ssl and eliminates those pesky IE warnings when loading insecure content (ie from youtube).
>  
> Best,
> Jason Little
> College of Engineering
>  
>  
> From: drupal-bounces at lists.service.ohio-state.edu [mailto:drupal-bounces at lists.service.ohio-state.edu] On Behalf Of Shelton, Mitchell
> Sent: Tuesday, May 18, 2010 7:48 AM
> To: Drupal at lists.service.ohio-state.edu
> Subject: Re: [Drupal] pro
>  
> Hello Vedu,
>  
> We discussed adding Shibboleth to the login and we like the idea, but are going to hold off for now. There are a few hiccups with setting up Shibboleth on Drupal, mostly having a secure certificate for each site (or perhaps server, sorry, outside of my field). I don’t know the details of this but we are looking at our options now because it is a problem we will need to resolve on many other sites. Jason Little has had this problem and I think he is aware of the kinks, not sure if he worked everything out or not.
>  
> Speaking of Jason Little, he has also mentioned how helpful it would be to install the Drupal module “Project” on the site to host modules built for the university. I think once we get the shibboleth issue sorted that will really be able to take off. I will probably go ahead and get it installed in the next week or so anyway, just to see how much use it gets. I imagine some folks would be more comfortable sharing things behind shib.
>  
> Thanks for the support. Please feel free to offer any advice, at this stage absolutely everything is useful as we try to figure out how to build out this community. I am hopefully that it will take on a life of its own very quickly. I think there are a lot of Drupalers out there at OSU, they just seem to be kind of shy.
>  
> Thank you,
> -Mitchell
>  
> From: drupal-bounces+shelton.5=osu.edu at lists.service.ohio-state.edu [mailto:drupal-bounces+shelton.5=osu.edu at lists.service.ohio-state.edu] On Behalf OfHariths, Vedu
> Sent: Monday, May 17, 2010 3:09 PM
> To: Drupal at lists.service.ohio-state.edu
> Subject: [Drupal] OSU:pro
>  
> Firstly, great Job guys.
> I am impressed by this effort.  I was wondering if a) we should shibbolethize the login? And b) if modules should be made available for folks trying to start new development. Two modules that come to mind are a) Shibboleth, and b) Making the OSU:pro module available.
>  
> That said: sorry if both of these are already out there.
>  
> Thanks!
>  
> Vedu Hariths
> Sr. Systems Consultant
> OSU:pro
> Center for Knowledge Management
> Email:  vedu.hariths at osumc.edu
> Phone: (614) 688 - 5318
>  
> 
> Spam
> Not spam
> Forget previous vote
> _______________________________________________
> Drupal mailing list
> Drupal at lists.service.ohio-state.edu
> https://lists.service.ohio-state.edu/mailman/listinfo/drupal

More information about the Drupal mailing list