[Psml] Electronic Merit Mark Passwords

Fri Mar 9 16:33:09 EST 2007

John,

Bob Payette has what I believe to be a good idea. I believe what he suggests
is a viable solution to the dilemma.

Bob Miller

-----Original Message-----
From: psml-bounces at usps.org [mailto:psml-bounces at usps.org] On Behalf Of NLPS
& D/1 Computer Services 
Sent: Friday, March 09, 2007 1:22 PM
To: boatsafe at comcast.net
Cc: 'United States Power Squadrons Mailing List'
Subject: Re: [Psml] Electronic Merit Mark Passwords

I'm wondering if the Updater password could be used for the MM submission
process. This is usually given by the Cdr. to the person in the Squadron
using DB2000 for roster downloads-uploads, and this person can probably be
trusted to do the MM's. Could be set up like the Ed dept 800 form where the
person making the change has to identify himself, i.e. Cdr, SEO, Designate
(and that would include name and certificate #) so there is a track of who
was making the changes?)  Best,  Bob Payette

-----Original Message-----
From: psml-bounces at usps.org [mailto:psml-bounces at usps.org] On Behalf Of John
R. Bradley
Sent: Thursday, March 08, 2007 2:26 PM
To: r.payette at snet.net
Cc: United States Power Squadrons Mailing List
Subject: [Psml] Electronic Merit Mark Passwords

This is a request for comments.

As mentioned at the Jacksonville meeting on DB2000, we will be going live
with electronic filing of merit marks in a few months. This electronic
procedure will require a means of certifying that the merit mark submission
really comes from the commander or his agent.

During the beta test in 2006 we took the stop gap approach of using the
commander's master password as the certification.  For  those squadrons and
districts in which the submissions are not physically submitted by the
commander but by an agent such as the merit mark chairman, this required the
commander to reveal his master password to someone else. Once revealed, the
person to whom it is revealed can perform any password protected function
that would normally be restricted to the commander. Clearly not a good idea.

The simplest solution is to merely create another password for each squadron
and district to be used solely by the commander or his agent and only for
the purpose of certifying merit mark submissions.  This would be a fourth
password in addition to the existing three supplied to the commander at the
beginning of the watch year.

The objection to this approach is that as we develop more and more
facilities requiring restricted access, we will, if we follow this approach,
need to add more and more single purpose passwords.

Another approach could be as follows:

We provide an ability for the commander to create userIDs identified by
their password, and allow the commander to specify what functions each
userID can perform.  This would mean that HQ would only assign one password,
a master password to each commander.  The commander in turn, using web based
software, would be responsible for creating any additional userIDs, and
specifying what those userIDs can do, within constraints imposed by the
software. This would include insuring that only one ID could upload changes
to the database, etc.

An objection to this approach is that it would be beyond the ability of many
commanders to create the necessary IDs.

Comments please!!

Stf/C John R. Bradley, SN
Member USPS Information Technology Committee
60 Old Brook Road 
Dix Hills, NY 11746-6432 
(800) 777-3770 ext.203 Office 
(631) 243-5240 Home 
(631) 274-2103 FAX 
jrb at accurecord.com 

________________________________________
Need to subscribe, unsubscribe or change your email address?  See
www.usps.org/mailman/listinfo/psml for details.