A Host Database Trusted Party (or a trustedparty for short) is someone who is authorized to change and delete practically any entry in the Host Database, and to edit the Departmental Contacts for any department.
This authorization is typically granted to those OIT fulltime staff members who, as part of their responsibilities, are often required to make such changes or deletions on behalf of customers throughout the University. If you are an OIT fulltime staff member and you believe you need trustedparty status, please ask your supervisor to contact firstname.lastname@example.org .
This authorization is not granted to student employees, casual employees, persons who are not OIT fulltime staff, nor those are not responsible for acting on behalf of customers throughout the University.
When a change or deletion to a Host Database entry is submitted via the Web, we record the requester's netid (the netid that was used to login to the Host Database Web Service). Normally the requester's netid@Princeton.EDU must be equivalent to one of the Technical Contacts or Departmental Contacts for the Host Database entry that is being changed or deleted. However, if the requester's netid is one known to be a trustedparty, the request will be processed without checking to see that it is equivalent to one of the entry's Technical Contacts or Departmental Contacts.
When a department's Departmental Contacts are set via the Web, we record the requester's netid (the netid that was used to login to the Host Database Web Service). Normally the requester's netid must be one of the department's current Departmental Contacts. However, if the requester's netid is one known to be a trustedparty, the request will be processed without these checks.
For information about Technical Contacts in general, see Host Database Field: Technical Contact; for information about how Technical Contacts are normally checked, see Technical Contacts and the Web Interface to the Host Database.
For information about Departmental Contacts, see Departmental Contacts and the Host Database.
The remainder of this document is intended for Host Database Trusted Parties.
The trustedparty privilege allows you to change or delete any entry in the Host Database, and to set the Departmental Contacts for any department. Be careful with this privilege:
For example, if you receive email from someone requesting a change or deletion, examine the email to determine if you can trust that the apparent sender is indeed who s/he claims to be. If the mail headers prove that the mail was sent via OIT's Webmail service, OIT's authenticated SMTP service, or from an OIT UNIX system, then it's generally reasonable to trust that the request did indeed come from the OIT netid claimed in the mail header. If the email was sent from some other University departmental system, a private computer, or from elsewhere on the Internet, you should not trust the mail headers.
Similarly, if you receive a phone call from someone requesting you make such a change or deletion, you need to verify that the caller is indeed who s/he says s/he is. Often this is not practical over the phone.
If the person placing the request claims to be one of the entry's current Technical Contacts or Departmental Contacts, one way to verify the person's identify is to ask the person to send email to you confirming the request, in such a way that you can trust the mail headers. (In most cases, this simply means they need to send the email using OIT Exchange, OIT Webmail, or OIT authenticated SMTP.)
For example, imagine an entry has two Technical Contacts (Trudy and Tom), one Departmental Contact (Dianne). Joe Random asks you to change the entry; Joe says that Tom is no longer at the University so Tom cannot change the entry anymore. You (or Joe Random) should try to contact Trudy, Tom, and/or Dianne to seek permission from one of them before proceeding. (If you know for a fact that Tom has indeed left the University, you could contacting skip him.) Only when we believe that all Technical Contacts and Departmental Contacts are no longer at the University do we consider the entry "orphaned" and allow someone else to claim it.
It is insufficient to obtain consent from the entry's "User Contact" (a.k.a. "User Email"). That person does not own the Host Database entry.
Nearly all the information that is referenced from the Host Database home page describing how one makes changes to Host Database entries is still relevant, even when you are acting as a trustedparty. The only difference is that the test to see if you are one of the Technical Contacts or Departmental Contacts is skipped.
In particular, be aware where the email will be sent when the request is processed:
You will be prompted to enter the netid of the student for whom you are acting. The rest of the forms you will see are slightly different than the forms that a student would see; the Web interface knows you are acting as a trustedparty on behalf of a particular student.
If you are issuing a "Subscribe to Dormnet" or "Change Dormnet Entry" command, you are responsible for verifying that the student is aware of and agrees to the statements that appear on the form you complete on behalf of the student. Of special concern is the material in the "Affirmation" section on the page where you enter Ethernet hardware address, Wireless hardware address, etc. You are responsible for verifying that the student is aware of, and affirms that the information on the form is accurate.
The information about making changes to these entries that appears on the Host Database home page still applies. In particular, be aware where the email will be sent when the request is processed:
Please be sure the student knows that you will be subscribing her to Dormnet, or changing her Dormnet entry, and that she will receive email (at the address listed as the Technical Contact) indicating the succesful outcome of the change/deletion. That will help prevent confusion when she receives that email.