Best Practices

Policies

UF Web professionals provide, provision, manage, populate, administer and oversee Web services. All Web services, Web pages, Web sites, Web applications, etc. must comply with UF policies.

Best practice for Web Services include:

  1. Hosting
    • Services should be hosted on UF servers.
    • Services may be hosted on external servers under appropriate contracts.
    • All domains must be recorded with CNS consistent with the Domain Name Policy regardless of hosting location.
    • All services should allow UF related scans and crawlers for security and indexing purposes when appropriate.
  2. Administrative Staff
    • Services provided within the UFL.EDU namespace should be managed by UF staff.
    • Services provided within the UFL.EDU namespace may be managed by non-UF staff under appropriate contracts.
    • Services associated with non-UFL.EDU name space may be provisioned and administered by UF staff under contract with external groups.
    • UF staff should conduct an annual inventory of services provided, identifying responsible parties, administrators and contracts.
  3. Business Purpose
    • All Web services provided by UF must be part of UF business activities consistent with the Acceptable Use Policy.
    • UF may provide services not directly related to its activities under contract with external groups.
    • Consistent with the Domain Name Policy, services not directly related to UF business purposes should not be in the UFL.EDU domain name space; Services related to UF business purposes should be in the UFL.EDU domain name space.
  4. Security and Data
    • All services that include privacy related data must conform to UF privacy and security policies.
    • Services may include data that is restricted to segments of the UF community via GatorLink ID.
    • Use of authentication and identity schemes other than GatorLink is discouraged.
    • Consistent with security policies, Web services should use UF enterprise provided authentication systems.

Created by the ITAC-AT Web Policy Subcommittee and approved by the ITAC-AT Committee on September 17, 2009.