...
There will be 3 classifications for webservices:
Public webservices include only data which is either classified by the university as being public or is considered 'public eligible' by the responsible Data Steward. Public webservices require approval at the time of creation but do not require approval for each use by Cornell applications. Once the service has been created, it is public for any Cornell application to use. Public webservices do not require authentication. With no authentication required we cannot track who is using the service. We can limit the services to be only used by Cornell applications.
Restricted webservices include data classified by the university as being restricted. Restricted webservices require approval at the time of creation but do not require approval for each use by Cornell applications. Once the service has been created it is available for use by Cornell applications. Restricted services will require authentication and each use of the service will be reviewed on an annual basis by the responsible Data Steward.
Confidential webservices include data classified by the university as being confidential. Confidential webservices require approval at the time of creation and approval for each new use of the service. Confidential services will require authentication and each use of the service will be reviewed on an annual basis by the responsible Data Steward.
...