WHIPS Retirement

October 26, 2020

The University White Pages Directory (WHIPS) is a public directory service that contains the public contact information of students, faculty, and staff. The IAM Committee endorsed a proposal from the Information Security Office (ISO) to add EID authentication to the directory web application (https://directory.utexas.edu) and remove Lightweight Directory Access Procotol (LDAP) and finger access. This change would limit the ability of bad actors to scrape data from WHIPS for use in various types of attacks. Upon review of this action, the IAM team determined that WHIPS customers and the public Directory website could be transitioned from WHIPS to the uTexas Enterprise Directory (TED), thus allowing the retirement of the LDAP and finger components of the WHIPS service.

The directory web application (https://directory.utexas.edu) will continue to be available behind EID authenticaton. 

Executive Summary

The University White Pages Directory (WHIPS) is a public directory service that contains the public contact information of students, faculty, and staff. The IAM Committee endorsed a proposal from the Information Security Office (ISO) to add EID authentication to the directory web application (https://directory.utexas.edu) and remove Lightweight Directory Access Procotol (LDAP) and finger access. This change would limit the ability of bad actors to scrape data from WHIPS for use in various types of attacks. Upon review of this action, the IAM team determined that WHIPS customers and the public Directory website could be transitioned from WHIPS to the uTexas Enterprise Directory (TED), thus allowing the retirement of the LDAP and finger components of the WHIPS service.

The following affiliations will have access to the directory web application (https://directory.utexas.edu): 

  • Current Faculty
  • Future Faculty
  • Current Staff
  • Future Staff
  • Current Students
  • Future Students
  • University Affiliates
  • Official Visitors
  • Retirees

Current State

WHIPS is a repository of directory information consolidated for the public use of the community at large.  The service has been queried more than 1.8 million times since May 19, 2020.  

The https://directory.utexas.edu web application is responsible for 84% of the queries. On campus LDAP queries account for only 6.2% of the total queries.  

WHIPS provides anonymous access to public data via three interfaces:

  1. LDAP,
  2. finger, and
  3. the https://directory.utexas.edu web application.

The WHIPS database contains only public information which is populated from TED via a custom script. The https://directory.utexas.edu web application queries WHIPS via a simulated finger interface which, in turn, queries WHIPS via LDAP. All interfaces are hosted on-premise via the Virtual Machine Gateway (UT-VMG).

The IAM team manages and maintains the WHIPS infrastructure. The Web and Contract Services (WCS) team manages and maintains the https://directory.utexas.edu web application.

Plan

The actions to complete this project are broken into two phases.

PHASE 1 - Complete by December 14, 2020

  • August 31, 2020 - Complete implementation of in-progress re-platforming of https://directory.utexas.edu from UT-VMG to the Deployment Environment Manager (DEM) service.
  • September 1, 2020 - Start campus communication plan for directory authentication/authorization requirement and WHIPS interface changes. Start design and development for implementing authentication/authorization requirements on https://directory.utexas.edu.
  • December 14, 2020 - Deploy authentication/authorization requirements on https://directory.utexas.edu web application, and limit access to the WHIPS finger and LDAP interfaces so that they can only be used by on-campus applications.

PHASE 2 - Complete by July 30, 2021

  • January 2021 - Start design and development to eliminate remaining dependencies on WHIPS finger and LDAP interfaces from the https://directory.utexas.edu web application.
  • April 30, 2021 - Redeploy directory.utexas.edu website without dependency on WHIPS interfaces (responsibility: WCS).
  • July 16, 2021 - Complete transition of UT customers to TED.  
  • July 30, 2021 - Retire WHIPS service.