The World Wide Web has become so thoroughly integrated into daily personal and professional life that it would be impossible to enumerate all the ways in which it is used by UCAR staff. A strategic objective for UCAR is to continuously explore new Web technologies to promote effective collaboration among its staff and with outside entities and conduct its business. UCAR websites are used to conduct official business and to communicate scientific work to agencies and the general public. They should be built on secure enabling platforms for social interaction and the display of rich media. In addition, Web applications are now an active target for security exploits. UCAR must take an active approach to minimize this risk.
The following general principles guide the use of the web and collaborative tools at UCAR:
- Facilitate discussion of web technologies and strategies through the Web Advisory Group (WAG)
- Create WAG working groups to tackle key issues that require extensive research
- Develop web security practices as a collaboration between the WAG and the Computer Security Advisory Committee (CSAC)
- Use the WAG as an advisory body to the CISL-hosted Web Engineering Group (WEG)
- Evaluate proposed collaboration software according to the following criteria:
- How is the application developed and supported?
- Is the application actively maintained and updated?
- How is the application hosted?
- If local, what are the impacts on WEG/division infrastructure (including support personnel)?
- If remote, what are the implications for storage of UCAR information?
- What is the cost? Is it one-time or ongoing? What are the implications of licensing?
- What is the application's security track record?
- Coordinate development of in-house web applications through discussion at the WAG
- Security - At the recommendation of the UCAR Security team, certain applications may be designated as unsuitable for use at UCAR due to known security weaknesses, including such possibilities as lack of maintenance, cross-site scripting vulnerabilities, SQL injection vulnerabilities, or exposure of proprietary UCAR information to unauthorized parties.
- Coherence of UCAR web sites - NCAR, UCAR, and UOP site owners should meet regularly both within and outside of the WAG context to coordinate the efforts of their institutions and create coherence across top-level websites. Each institution also should meet periodically with its constituent site owers for the purposes of content planning.
- Non-web network applications - Some non-web network-oriented collaborative tools exist and are used in the institution to varying degrees, such as a wide variety of Instant Messaging (IM) systems, videoconferencing (such as ReadyTalk, Skype, and iChat A/V), and text-based Internet Relay Chat (IRC). These tools do not have a formal "home" within UCAR, and have been discussed in the WAG, at CSAC, and at ACCIS.
- Reducing redundant services - Historically, there have been occasions when multiple web applications have been employed to fill the same need, such as web access to email or web content management. In such situations, UCAR groups should attempt to standardize on a single application to maximize familiarity within the institution, but also recognize that there may be specific reasons to continue the diversity of applications.
- Social networking - Social media sites have become hugely important in modern society, with a user base at Facebook alone that far exceeds the population of the United States. UCAR should encourage professional staff to engage in social networking on the Internet because science is important to society. At the same time, UCAR must also publish guidelines and best practices to ensure that such interaction will remain constructive and supportive of NCAR goals.
- Explosion of hosting options - Web applications and services are increasingly being offered by external entities that host applications themselves, raising potentical privacy and legal issues for UCAR given that we don't have control over the host systems. Many of these solutions have a strong business case for their use at UCAR, but we need to evaluate these external hosting relationships with attention to the implications.