Shut down my.usa.gov (MyUSA) #762
Comments
|
You can remove Handbook from the list, @yozlet. The documentation working group has a goal of 8/4 to make the Handbook public and are tracking our progress in 18F/handbook#829 |
|
Thanks @jeremiak! I'll keep Handbook in the list for the moment (since it's still a dependent) but link the issue. |
|
What was the final count of apps and departments that were using MyUSA? |
|
|
|
@StephenOTT: Five apps, all 18F (though a couple of those were for users outside 18F, but still within government). See the nested list in the issue checklist. |
|
@yozlet ah! haha, I read that list as those were the alternative apps systems could validate against. Now that i look at the list in more details, that assumption does not make much sense :) Thanks |
|
@StephenOTT Yep, sorry if that wasn't clear! Will be providing the list of alternative auth systems shortly. |
|
@StephenOTT Thanks! Looks impressive, but this isn't the best place to discuss it. Let's chat elsewhere. :) |
|
https://docs.cloud.gov/apps/leveraging-authentication/ is good alternative for something like C2 (which is all GSA users) |
|
Thanks @pkarman! Yep, the current alternative auth methods list looks like this (and I'll keep this comment updated): Cloud.gov AuthPros:
Cons:
GitHub AuthPros:
Cons:
Google AuthPros:
Cons:
MAX.govPros:
Cons:
Not in this list: login.gov. (because it's too far from ready, and also it's not meant for gov-to-gov auth) |
|
I added an item to remove MyUSA from the the data.gov inventory once the AWS instances have been shut down. This is not a difficult process (it just means sending an email and @gbinal or I can handle it), but I wanted to add it to the list. |
|
FYI - I'm working with Yoz to shut down MyUSA so may be reaching to folks with questions and asks for help. |
|
@yozlet per guidance from @NoahKunin:
@yozlet I'll reach out to Lauren Pierce. |
|
no word from Lauren Pierce yet. Pinged today. |
|
still no word from Lauren Pierce. Trying to get info another way through CIO/CTO contacts. |
|
Also pinged. On Tue, Oct 11, 2016 at 11:19 AM, Ric Miller [email protected]
Noah S. Kunin |
|
Adding note to redirect my.usa.gov to login.gov once this is done. |
|
@NoahKunin Good idea - in that case, I'll take out the gravestone landing page. |
|
Open Opps's recent security incident has caused them to shut down MyUSA access. However, I'm not ticking them off the list just yet because they may still need access to the MyUSA data in order to retain access to those accounts. I'm planning on talking to their team about it. |
|
guidance from Lauren Pierce. will review NARA guidance and work with @yozlet on next steps. Since this is just profile data for users of a system/website not involving classified data, then the profile data can be destroyed when there is no longer a business case to keep it. The disposition authority is GRS 3.2/030. GRS stands for the NARA General Records Schedule that can be referenced here: (https://www.archives.gov/files/records-mgmt/grs/grs-trs24.pdf). |
|
Great! Since the system is no longer ours (OPM), I'm going to set a On Fri, Oct 21, 2016 at 2:21 PM, Yoz Grahame [email protected]
Noah S. Kunin |
|
updating issue based on past convos w/ @yozlet . sorry it took so long I spoke with Navin and Pranjali Desai re: who is responsible for records archiving and destruction. Program office is responsible. I also reviewed General Records Schedule Section 3.1, and 3.2 - specifically item 3.2/030 - along with the accompanying disposition authority DAA-GRS-2013-0006-0003. I think we need to: Under 3.2
Under section 3.1
@yozlet I think at this point you're up in deciding next steps on how we do ^. What do you need from me? Happy to help where I can. |
|
@ric7694 Thanks for this. Extracting the data from the database - in a single mostly-encrypted big blob - is pretty easy. However, I'm not sure where or how we should store it. I'm guessing that creating an S3 bucket in GovCloud with an additional explanatory @NoahKunin: do you know of a better place to put it? |
|
App switch updates:
And with that, I believe we've removed all the dependencies on MyUSA. |
|
@ric7694 I assume that the "system development records, configuration records and change management records" discussed in 3.1 (2) basically consist of this GitHub repo. (My previous comment about The Big Database Blob is in answer to 3.2 (1), though that might also need log file storage, which would need to be retrieved from cloud.gov. |
|
@yozlet yep, I think that's a reasonable interpretation/assumption of "system development records, configuration records, and change management records." I also think that google docs and other work-product falls w/in those buckets. My question at this point - for all of us to engage on - is which records housed in GitHub (as part of an open source project) should be destroyed vs. which ones should be open for all time for all to see. If we draw a line (dotted or solid) from "business use" as justification for "long retention" to 18F's business decision to be open first, it's arguable that some parts of the repo - even if we're not actively maintaining it day-to-day - should not be destroyed ever, and should remain open and available to all for all time. I'm just spitballing tho. I'm interested to hear @NoahKunin and @konklone 's opinions. |
|
Yeah, I don't think we should destroy our GitHub repositories and documentation after 5 years. It's certainly possible we could archive this repository (and other unused ones) in some way, but if we did that it should be a public archive. The easiest thing to do is leave this repository as is and mark it as deprecated or inactive in its description. |
|
@konklone beat me to it. ^^ is what we do for now. Record retention policies set floors for us in this regard. Not ceilings. Conversely, we treat user data the opposite way. We try to destroy or ideally avoid the collection of private data to begin with, as much as possible. |
|
Adding detail on the SORN conversation - this from @jpyuda:
I am thus ticking off the SORN item from the pre-shutdown checklist, which means that all the pre-shutdown items are now done. Next step: Formal decommissioning. Adding @NoahKunin and @jezhumble here since they have the required form(s). |
|
Regarding Data.gov: Link to MyUSA from "Developers" page removed, and MyUSA Citizen API will be removed by Cindy Smith from the Data Catalog tomorrow. |
|
The decommissioning from has been signed and transmitted. |
|
@NoahKunin So, just to absolutely clarify plans for the user data, which is stored as a big mostly-encrypted MySQL snapshot, which of these is best?
I ask because I'm slightly confused between discussion of GRS 3.2/030 apparently saying "at least 1 year", and you saying that we want to destroy user data as quickly as possible (which makes much more sense to me). |
|
As per the Privacy Officer at the time, delete it. But now I'm a little confused, what do you mean by "mostly" encrypted? My understanding was that profile data was encrypted at the row level. |
|
AFAIK (and I can double-check this if needed) the user's email address was not encrypted, whereas all other PII fields (incl. first & last name, etc.) were. |
|
If the app uses Devise and there was no additional encryption work done, then yes, the email is stored in plain text. We just had to solve that problem for login.gov. |
|
The draft MyUSA Infrastructure removal audit document is now on GSA Google Drive, and that is what it's called so you can search for it (because I think I shouldn't be directly linking to it from here, but maybe I'm wrong), and I would greatly appreciate folks in this thread giving it a quick scan (it's very short) and thinking about whether I've missed anything. |
|
Aware of the email not being encrypted, that's fine. It was the term "mostly" that threw me off. Either it's a blob or it's in a structured filed, it's either encrypted or it's not. No worries there. No comments on the doc. Links to GSA Google Docs are fine in public places, it just means you'll occasionally get weird people / strangers potentially asking for access. Obviously, don't give it to them (and since they're outside of our domain, you can't). Audit looks good, nothing off the top of my head. |
It's time to send MyUSA to the authentication service farm upstate where it can run around with the other OAuth2 gateways, chase PII and eat all the budget it likes.
Reasoning
We have too few people and resources to be able to maintain the MyUSA service. The code is gradually bit-rotting due to its reliance on outdated versions of key Ruby gems. As this continues, our ability to safely maintain and deploy it is being eroded.
This wouldn't be such a grave situation if there weren't still active projects depending on it. We need to definitively announce closure and coax dependent projects to move to alternative authentication & authorization services.
Plan
Pre-shutdown
omniauth-myusato RubyGems so it's updated there tooShutdown
Create new landing page for old MyUSA URLsnew landing pagelogin.govThe text was updated successfully, but these errors were encountered: