WHIPS Retirement

January 12, 2022

This project is on hold and will be revisited in Fall 2022. At that time, the project team will replan the timeline of the effort and communicate to governance the impact ahead of beginning the transitions of customers from WHIPS to TED. 

The directory web application (https://directory.utexas.edu) continues to be available behind EID authenticaton. 

Executive Summary

The University White Pages Directory (WHIPS) is a public directory service that contains the public contact information of students, faculty, and staff. The IAM Committee endorsed a proposal from the Information Security Office (ISO) to add EID authentication to the directory web application (https://directory.utexas.edu) and remove Lightweight Directory Access Procotol (LDAP) and finger access. This change would limit the ability of bad actors to scrape data from WHIPS for use in various types of attacks. Upon review of this action, the IAM team determined that WHIPS customers and the public Directory website could be transitioned from WHIPS to the uTexas Enterprise Directory (TED), thus allowing the retirement of the LDAP and finger components of the WHIPS service.

The following affiliations will have access to the directory web application (https://directory.utexas.edu): 

  • Current Faculty
  • Future Faculty
  • Current Staff
  • Future Staff
  • Current Students
  • Future Students
  • University Affiliates
  • Official Visitors
  • Retirees

Current State

WHIPS is a repository of directory information consolidated for the public use of the community at large.  The service has been queried more than 1.8 million times since May 19, 2020.  

The https://directory.utexas.edu web application is responsible for 84% of the queries. On campus LDAP queries account for only 6.2% of the total queries.  

WHIPS provides anonymous access to public data via three interfaces:

  1. LDAP,
  2. finger, and
  3. the https://directory.utexas.edu web application.

The WHIPS database contains only public information which is populated from TED via a custom script. The https://directory.utexas.edu web application queries WHIPS via a simulated finger interface which, in turn, queries WHIPS via LDAP. All interfaces are hosted on-premise via the Virtual Machine Gateway (UT-VMG).

The IAM team manages and maintains the WHIPS infrastructure. The Web and Contract Services (WCS) team manages and maintains the https://directory.utexas.edu web application.

Plan

The actions to complete this project are broken into two phases.

PHASE 1 - Completed on December 14, 2020

  • August 31, 2020 - Complete implementation of in-progress re-platforming of https://directory.utexas.edu from UT-VMG to the Deployment Environment Manager (DEM) service.
  • September 1, 2020 - Start campus communication plan for directory authentication/authorization requirement and WHIPS interface changes. Start design and development for implementing authentication/authorization requirements on https://directory.utexas.edu.
  • December 14, 2020 - Deploy authentication/authorization requirements on https://directory.utexas.edu web application, and limit access to the WHIPS finger and LDAP interfaces so that they can only be used by on-campus applications.

PHASE 2 - Replanning expected in Fall 2022

  • Fall 2022 - Start design and development to eliminate remaining dependencies on WHIPS finger and LDAP interfaces from the https://directory.utexas.edu web application.
  • Spring 2023 - Redeploy directory.utexas.edu website without dependency on WHIPS interfaces (responsibility: WCS).
  • Spring 2023 - Complete transition of UT customers to TED.  
  • Summer 2023 - Retire WHIPS service.