allow potential service consumers to limit their usage authorization request to only the less sensitive resources
We're preparing the paperwork to request FWS authorization for one of our applications. Relative to other UW services, it's a fairly rigorous process, considering we only want org code and org name data, neither of which seems to be of a sensitive nature.
Since we're trying to follow best practices in terms of not re-using already approved certs across multiple applications, I anticipate we'll have to go through the approval process at least a few times.
It would be nice if we could self-regulate in exchange for a less rigorous authorization process - i.e. don't let us see sensitive stuff, and therefore don't require signatures, application design review, etc.
The PWS model seems to work well from my outside perspective - an online form is available to request EDS data, and approval is pretty quick and simple if you don't require student data.
Maybe other services would benefit from this same recommendation? I'm only picking on FWS because it's the one I'm working with right now.
rhbecker
shared this idea
We definitely recognize this is a real problem. We plan on working with the FWS data stewards to see if we can develop a lighter weight process for certain resources.
-
rhbecker
commented
Thanks, Tony. For what it's worth, everyone involved in the approval process was very helpful and responsive. This is at least as much about not wanting to bug them repeatedly as about saving ourselves time / hassle.