• Security Groups
• About Passwords
• Guests
• Registered Members
• About the Privacy of Personally Identifiable Information
• Services that Use Digital IDs to Encrypt or "Sign" Messages and Documents
• Where to Get Digital IDs

Security Groups

This Web site classifies each visitor to the site into a security group.  The user's security group determines the pages and information they can access and the actions they can take.

Everyone who arrives at the home page for the application (or any other page within the members area) is treated as either a guest or a registered member depending on whether they have an identification "cookie" (meaning a record of a login identity that has been stored on the user's computer) that was put there by the site.  After authenticating their member account by entering a secure password, registered members identify themselves by logging in with their unique user name and secure password. 

About Passwords

Each registered member's account password is stored in the database along with user names and other information, except that passwords are always encrypted (using Secure Hash Standard SHA-1 -- Federal Information Processing Standards Publication [FIPS PUB 180-1] -- http://csrc.nist.gov/fips/fip180-1.txt) in a way that can not be viewed or decrypted by any administrator ... or by anyone for that matter.  So there's effectively no way anyone can ever discover your password except by what's called "social hacking" -- that is, convincing you to tell them your password or watching you key in your password or finding where you've written it down.   Please, NEVER tell anyone your password or write it down in a place that someone could see it!  Doing so could compromise the confidentiality of information that could be misused in a way that is embarrassing or harmful to other members.  In the unlikely event that such a situation were to occur, the person who compromised security could be criminally and/or civilly liable for failing to protect the security of their password.

Some members may prefer to share a single member account.  In that case, they must both know the password for their account, so extra care must be taken to maintain secrecy.  It's a wise practice to change your password from time to time.  Statistics as well as security experts have demonstrated that the best password is at least 6 characters long with at least one capital letter and one punctuation mark and one number in it.
 

Guests

When anyone shows up at the home page for the application, they are assumed to be the user "Guest" until they are positively identified -- by cookie or by logging in.  Guests are limited in what pages and information they can access.  If they attempt to access other pages, the system will redirect them to this page: insufficient_permission.asp.

The managers for this Web site are responsible for setting the fence in the right place to exclude access that could be unwelcome without unduly inhibiting members from participating. 

Registered Members

Once someone has been positively identified as a registered member with a valid e-mail account, the system can determine to which user group(s) that person belongs.  Pages and content on the site are often limited so they're accessible only by members of designated user groups.  This provides a very secure fence around areas of the site that may disclose contact information or other sensitive content, such as the list of members.  Only those with the proper credentials can access secured content.
 

About the Privacy of Personally Identifiable Information

Click here to view the site's privacy policies.

If you have any questions about security or privacy that aren't answered here, please contact the administrators by e-mail.
 

Services that Issue or Use Digital IDs to Encrypt or "Sign" Messages and Documents

Digital IDs help to validate your identity.  They can be used to "sign" important documents electronically. To find services that issue digital IDs for your use, or services that complement Microsoft Office applications and use digital IDs, check out the services listed here.

 

Where to Get Digital IDs

My Credential™ from GeoTrust, Inc. (US$20) is a personal digital certificate for document signing and secure e-mail.  Digitally sign and apply the U.S. Postal Service’s Electronic Postmark® to Microsoft Office Word documents, verifying that documents have been signed by you and time-stamped by the USPS.  Also digitally sign and/or encrypt Microsoft Office Outlook® e-mail messages to verify that they have come from you unaltered.  The certificates are scalable and can be distributed to the enterprise or other community of users.

 

Digitally sign Word documents and encrypt e-mail messages

Use your GeoTrust My Credential™ certificate to digitally sign your Word documents or to sign and encrypt your e-mail, or both.

My Credential acts as your online identification card, passport, signature or password. With My Credential, you can rest assured that digitally signed Word documents are tamper proof, fraud proof and remain secure. In addition, signing e-mail messages extends the assurance to recipients, who will receive confirmation of your identity -- giving them the assurance that they are communicating with you, not an imposter.

My Credential is 100% compatible with the United States Post Office Electronic Postmark® Extension for Microsoft Office.

For personal digital certificates for the enterprise, see GeoTrust’s True Credentials and True Credentials Express offerings.

 

VeriSign provides digital IDs for secure e-mail.  Use your VeriSign digital ID to digitally sign e-mail messages, assuring recipients that your e-mail messages really came from you and not an impostor.  You can also use your digital ID to encrypt the contents of your messages (including attachments), letting recipients know that your e-mail message was not read by unintended readers or altered in any way during transmission.  To learn more about digital IDs, visit the VeriSign Web site.

 

Services that Use Digital IDs

USPS EPM Extension for Microsoft Office allows users to sign Word documents digitally and then seal them with the USPS Electronic Postmark (EPM).  After installing the EPM Extension, just click the blue eagle icon in your Microsoft Word toolbar, apply a USPS EPM to your document (contract, letter, or agreement), and electronically sign. This gives your document tamper protection against fraud, and it gives the recipient the ability to verify document authenticity online. Transaction records about postmarked Word documents are stored in the USPS EPM repository for seven years, providing third-party evidence to support non-repudiation of content. To learn more and download the software, visit the USPS EPM Web site.