CIT/Identity Management Guidelines for Handling Source Code
The following guidelines lay out simple rules for handling source code distributed by the Identity Management group. We believe the guidelines to be "common sense" rules where the main concern is insuring that the central authentication mechanism behaves in a consistent manner. When you click on "I agree", you will be asked to authenticate as a means of confirming your acceptance of the guidelines. Then you will be taken to a page which will allow you to download source.
For any guideline which involves contacting the Identity Management group, you may use the aadssupport@cornell.edu email address.
Guidelines:
- If you are planning to do anything other than simply compile the code on your system to use without modification, please let us know what you are doing.
- If you are planning to build the software to distribute to others with similar systems, please allow us to look over any modification you felt were necessary.
- Any modifications made should not alter the basic functionality (with respect to authentication) of the software. Any published protocols and policies must be adhered to such as (but not limited to): (a) the length of time a credential is valid, (b) conditions under which credentials must be invalidated so that the user is reprompted, (c) never asking the user for their password directly.
- Any problems found with the authentication protocols should be brought to the attention of Identity Management staff instead of being publicly broadcast.
- Submitting code back to Identity Management is encouraged, but there should be no expectation of any time frame associated with incorporating such code back into the distribution.
- Individuals who would engage in behavior which disregards these guidelines should be discouraged from doing so, as it could jeopardize the availability of source code for the whole community.