scope:

Description of Driving Event:

In the 1995-1996 timeframe the Office of Safety and Mission Assurance (OSMA) began development of a distance learning capability under the umbrella of the Professional Development Initiative (PDI). This distance learning capability eventually evolved from a Safety and Mission Assurance discipline system into the Site for Online Learning and Resources (SOLAR) (http://solar. msfc.nasa.gov), currently one of NASA's primary distance learning resources. The intent of the initial development effort was to design and implement a prototype system for the Safety and Mission Assurance discipline. Since the system was web-based part of the design considerations involved system security, specifically the use of User IDs and Passwords. The system was going to maintain user sensitive course completion data (completion records and testing scores) so establishing a User ID and Password to generate and access that information became a requirement. In addition, some course materials were going to contain licensed material and finally we wanted to limit access to the courses to the NASA community to ensure availability of courses to our users. To accomplish this the User ID and Password were also required to access course materials. SOLAR was configured to maintain its own User ID and Password protocols and files. The decision to develop a unique User ID and Password system was based on two assumptions. The first assumption was that requiring users to remember another User ID and Password would not be a burden and second that development of a unique capability would be easier than integrating the system into the various security systems resident at the NASA Centers.

As use of the SOLAR system grew and some disciplines initiated mandatory training, by far the largest demand for user support involved re-establishing out-of-date or forgotten passwords. This represented a significant expenditure of resources to maintain the user support primarily to reset passwords. An additional system capability was added to automate password revalidation, this capability did reduce the demand for manual update. This did not solve the frustrations of users who had to remember another User ID/Password combination or were delayed even momentarily from taking training which they had allotted time to complete often with a looming deadline for completion.