Webservice classifications and guidelines

Each time a new webservice is created, the Data Steward responsible for data included in the service must approve.  Approval will include a review of all attributes being returned by the service and a description of how the service might be used by Cornell applications.

There will be 3 classifications for webservices: 
Public webservices include only data which is either classified by the university as being public or is considered 'public eligible' by the responsible Data Steward.  Public webservices require approval at the time of creation but do not require approval for each use by Cornell applications.  Once the service has been created, it is public for any Cornell application to use.  Public webservices do not require authentication.  With no authentication required we cannot track who is using the service.  We can limit the services to be only used by Cornell applications. 

Restricted webservices include data classified by the university as being restricted.  Restricted webservices require approval at the time of creation but do not require approval for each use by Cornell applications.  Once the service has been created it is available for use by Cornell applications.  Restricted services will require authentication and each use of the service will be reviewed on an annual basis by the responsible Data Steward.

Confidential webservices include data classified by the university as being confidential.  Confidential webservices require approval at the time of creation and approval for each new use of the service.  Confidential services will require authentication and each use of the service will be reviewed on an annual basis by the responsible Data Steward.