Being an Author on Dreamweaver

Sponsored SUNet IDs

Sponsored SUNet IDs are now much easier to obtain. Any faculty of staff member can sponsor a "basic" SUNet ID without email, Web hosting or anything else but Web access. Sponsorship of full SUNet IDs with all services can only be obtained by staff with financial signiature authority.

Important Security Issue

Because SUNet IDs are now more easily available, you can no longer assume that basic WebAuth that permits access to any SUNet ID is sufficient to secure sensitive content. Owners of sensitive content may wish to use a more restrictive version of WebAuth such as individual SUNet IDs or a workgroup.

How to Sponsor a SUNet ID

You and the sponsoree must follow University policy for SUNet IDs. Sponsored will generally be "basic" only, i.e. only Web access is provided, not email, listing or any other service typical of a full SUNet ID.

• Overview - http://accounts.stanford.edu/
• Sponsorship - http://www.stanford.edu/services/sponsorship/

Sponsorship is managed through Sponsorship Manager: https://sponsorship.stanford.edu/

If the person is already in PeopleSoft, i.e. a direct employee, their name should pop up when you search using "Sponsor a Service"

If the person is not in PeopleSoft, i.e. an outside contractor or other non-Stanford person, you will need to have them entered into the system before you can sponsor them. Here's how (send this info to the person in question):

How to Request Sponsorship

1. Go to the Request my own SUNet ID page: 
   https://accounts.stanford.edu

2. Click the link "Anyone else: Provide other identification"

3. Fill in the "Identify yourself" form as directed; first form is for your key identity info, second form is for choosing your ID; on completion, your identity will be entered into the system as "tentative," contingent on sponsorship or other approval.

4. Reply to this email to let us know you are in the system. We will follow up to approve your sponsored ID.

Once you know the person has been entered in the system, use Sponsorship Manager --https://sponsorship.stanford.edu/ -- to find and sponsor the SUNet ID:

1. Click "Sponsor a Service"
2. Enter the person's name and search; click on resulting name to select that person
3. Select "SUNet ID" as the service you want to sponsor
4. Select "base" as the Service level and fill in the form with whatever info you have; Start/End period is typically a year, with a reminder sent to both user and sponsor when time to renew; can be set shorter.
5. Click "Finish" button

The new SUNet ID should now be usable. If there are any problems, contact ITSS using HelpSU.

To become a Dreamweaver Web Author, please use the Web Help form to request access to an existing Stanford Medicine site and select the checkbox for Dreamweaver in the form. You must have a SUNet ID to become a Web Author. Refer to how to set up WebDAV access in the next section.  

WebDAV is the required, secure method for Stanford Medicine web authors to access websites created with and maintained using Dreamweaver. A SUNet ID is required to connect. Before you can connect to your site, you must be enabled by Web Services. 

Set Up WebDAV Connection: Create a New Dreamweaver Site Setup

1. Launch Dreamweaver.
2. Open the Site menu and choose "Manage Sites"
3. In the Manage Sites panel, click the "New" button
4. The Site Setup panel in CS5 has a new layout; there are two items to set in the "Site" tab:
   • "Site Name": Enter the name of your site for tracking purposes in Dreamweaver (e.g. 'Radiology web site')
   • "Local Root Folder": This is where Dreamweaver will store the local copies of files associated with your site; Click on the folder icon next to the box to engage your computer's file browser. Use the browse function to find your existing local folder, if you have one; create a new folder if you don't. The local folder can live anywhere on your computer; My Documents" is typical. Enter the folder, then click "Select."

   

5. Click on the "Servers" tab to enter your site's server settings





6. Click the plus sign (+) button you will find at the bottom of the central, inner window to create a new server connection (below)







7. In the resulting dialog box, use the Basic tab to set your connection.
   • "Server Name": can be anything; we suggest "IRT Public Web Server," or simply "Med"
   • "Connect using": Select WebDAV from the menu options
   • "URL": Your WebDAV URL is provided by IRT Web Help when your access has been set up; Example: https://irt-publish.stanford.edu/live/pathto/yoursite/
     • IMPORTANT: The WebDAV URL must always begin "https://" with an "s" (for secure)
     • Contact Web Help if you haven't already been provided your Web DAV URL

     You may be able to guess your WebDAV URL:

     • http://med.stanford.edu/pathto/yoursite/ = https://irt-publish.stanford.edu/live/pathto/yoursite/
     • http://yourdomain.stanford.edu = https://irt-publish.stanford.edu/live/yourdomain/ (in most cases)
     • Sample URL for self-guided practice sites:
       http://medwebtraining.stanford.edu/practice/student12/ 
       = https://irt-publish.stanford.edu/live/medwebtraining/practice/student12/
   • "Username": Use your own SUNet ID
   • "Password": We recommend you leave this blank; you will enter your password when prompted;
   • "Save" Password: We recommend that you not check this box
     It's not generally a good idea to store your SUNet password mechanically
   • "Web URL": Dreamweaver will fill in your WebDAV URL by default, but you should change it to your live site URL
     • Visit the site in question in a browser and click the "Home" link or tab
     • Select and copy the entire URL from the browser address bar
     • Switch back to Dreamweaver and delete the default URL
     • Paste the live Web URL you copied from the browser using the right-click (Win), ctrl-click (Win) or Ctrl-V (Win) popup menu or Command-V (Mac) keyboard paste shortcut



8. OPTIONAL: Advanced server settings: Most users can skip this section; Click the Advanced tab if you want to change the following options:
   • "Maintain synchronization information" is on by default, and recommended
   • "Automatically upload files to server on Save": We think this is a bad idea and never use it
   • "Check-in/Check-out": Web Help doesn't generally recommend this option because it leads to frequent permissions problems on the sites where it is in use; see Check-in/Check-out on the Get and Put page for more details; when activated, you must supply a Check-out Name (your first and last name) and your email address.

 

9. Advanced Settings tab: Most of these settings are fine by default.
   • "Local info": Controls for Default Images folder, link relativity (keep it on "Document"), case-sensitive link checking, and enable cache (recommended, unless your site is very large)
   • "Cloaking": Used to suppress transfers of specific file types, for speed

 

10. Click OK. You should see the name of your site selected in the "Manage Sites" window. Click "Done"

Connect to the site

Test your connection. Find the "Files" panel and click on the "Connect" button. When connected, you should be able to see a list of files on the server under "Remote Server" in the Files window.

The Help Desk will contact you when your access is ready. You will now be ready to start publishing to your site. WebDAV provides a secure mechanism for Stanford Medicine web-authors to access web sites using a SUNet ID and password. If you choose Dreamweaver, you will need to configure it to establish a connection using the WebDAV URL provided to you. Refer to how to set up WebDAV access in the section above.

• If you have worked on any previous version of the site, be sure to set aside your older local folder. You should not upload older files to the site. Instead, start over with a fresh, blank directory on your local computer to hold your local site files. You will need to "get" all the site's files from the server before making changes.

You will need a local copy of the Templates resources for your site in order to preview your pages properly. Refer to the archived Help Guide. 

All new pages should be created by duplicating and renaming existing ones. Refer to the archived Help Guide. 

To Back Up a Site

1. Make sure your local directory is up to date by getting all the site files from the server

2. On your Desktop (NOT in Dreamweaver), find and select the folder that contains your local files

3. Make a duplicate of the folder:

   • Windows - Right-click on the folder and select "Copy;" then right-click again and "Paste"

   • Macintosh - Highlight the folder then select "Duplicate" from the "File" menu

4. Rename the new folder. Add the date at the end (i.e. "localfolder052710" for the archive of the site as of May 27, 2010)

To Back Up a Page

• Get a fresh copy of the page's file from the server with Dreamweaver
• In Dreamweaver, right-click (Win) or Ctrl-Click (Mac) on the file's name in the Local view of the Files panel; find Edit and track to Duplicate
• Find "Copy of [your file name]" in the local Files list; rename it to indicate your backup, e.g. "[your file name]-bkup.html" or "[your file name]052716" for May 27, 2016

IRT supports Stanford University Web Authentication (WebAuth), which provides a way of restricting access web pages to users in the Stanford community, by requiring SUNet IDs. Web materials can be restricted to all Stanford users, or to specific users (named by SUNet ID). You can request installation of WebAuth via the Web Help form, or install WebAuth yourself.

Installing WebAuth

Access to files is controlled at the directory level. This means that all the files in a given directory will be restricted. It's a good idea to provide an unsecured "landing page" where users are instructed on who is permitted, and how to request access.

To protect a given directory with WebAuth, you will need to include a file in that directory named ".htaccess". The .htaccess file tells the Web server how to authenticate users. You must use Dreamweaver to place the file. If you are a Contribute user, contact Web Help.

1. Within your local site files as defined in Dreamweaver, create a new file within the directory to be protected and name or re-name the file ".htaccess"
2. Replace all the text in the file code with the appropriate directives, depending on who you wish to allow (see links below to jump to a specific approach).
3. Upload the file to your site, and test the protection through your Web browser.

Restricting access to any valid SUNet ID

The content of the file should be the following text only. Be sure to have a blank line after last line of text.

AuthType WebAuth
require valid-user

Restricting Access to Specific SUNet IDs

You can limit access to a single SUNet ID or list of multiple IDs, typically as listed in Stanford.Who. All of the SUNet IDs must be on one line (no paragraphs or carriage returns; word-wrap in the Dreamweaver code window is OK). Be sure to have a blank line after last line of text.

AuthType WebAuth
require user bjones jsmith lmccoy

Restricting Access to a Workgroup

Using the previous method can be tedious when users come and go. It's more convenient to manage lists of users' SUNet IDs using workgroups. Once a workgroup is established, owners of the workgroup manage membership using the Workgroup Manager site (SUNet ID required...there is also an unsecured page explaining workgroups).

Personal vs. Organizational

Anyone with a SUNet ID can create a new workgroup under their personal prefix. These take the form "~yoursunetid:groupname"  Important: Personal prefix workgroups are deleted when the user leaves Stanford.

To create workgroups with an organizational prefix that will outlive the members' and admins' SUNet IDs, you must first request a new "stem" from ITSS through the HelpSU form. You can also request that your first group be set up under that stem. These take the form "organization:groupname"

It can take several days to get your organizational prefix workgroup set up. It's perfectly fine to start out using a workgroup you set up under your personal prefix, and then switch to the organizational one when it's ready.

Here's the .htaccess document syntax for personal prefix workgroups. Be sure to have a blank line after last line of text.

AuthType WebAuth
require privgroup ~yoursunetid:groupname

Here's the .htaccess document syntax for organizational prefixes. Be sure to have a blank line after last line of text.

AuthType WebAuth
require privgroup organization:groupname

Restricting Access to a System-maintained Privgroup

Access can also be restricted to broad classes of users, such as faculty, students, staff or combinations of these classes. See System-maintained groups on the ITSS site for a detailed list of these groups and who is and isn't included in them. IRT has not found this capability especially useful, as "faculty" means all Stanford faculty, "staff" means all Stanford staff, etc., which is usually overly broad.

Here's the .htaccess document syntax to allow any Stanford faculty.

AuthType WebAuth
require privgroup stanford:faculty

Using WebAuth Protected Pages

To protect the full transaction between the user's browser and the server, one should always use "https://" rather than "http://" to access a WebAuth-protected page or directory, and an absolute URL using the long med.stanford.edu domain name. So, even if you're protecting a directory in a site with the custom domain URL "yoursite.stanford.edu" you must still link to the protected files using a full https URL, i.e.

"https://med.stanford.edu/yoursite/protected/securepage.html"

When a user clicks on a link to a WebAuth-protected page they are redirected to a central Stanford WebAuth login page; upon authenticating, the user is directed back to the original page requested. Users who are not "valid-user"s or specifically listed after "require user" will not be allowed to view the page or directory.

Secure and Unsecured

Another common source of problems occurs when the user encounters both secure and unsecured pages within the same browser window, sometimes because of frames, more often because of problems with page coding.

More information about WebAuth is available from ITSS.

You might also be interested in how to restrict pages with basic authentication (i.e. an arbitrary, non-SUNet ID, username and password) or by machine IP address, which can also be combined with WebAuth.

Here are the most common problems, in order of frequency among users. Please read each carefully. If one doesn't help, try the next. If none get you connected, use the link to Web Help at the end.

#1 Problem: Don't Know the Connection URL

You should have received the connection URL for your site when your access was established. The URL always begins with “https://irt-publish.stanford.edu/live/" The "s" in "https" (for "secure") is important, and you can't connect without it. If you know your URL under the med.stanford.edu domain, you can decipher the rest of the Web DAV for yourself. If your URI is med.stanford.edu/path/to/yoursite/ or yoursite.stanford.edu, then your connection URL is probably http://irt-publish.stanford.edu/live/path/to/yoursite/

#2 Problem: Firewall

Network firewalls can interfere with connections to Luge. The VA Palo Alto facility has such a firewall. If you work at the VA and are having trouble connecting, configure Dreamweaver normally and email Evelyn Willcox - Evelyn.Willcox@med.va.gov - and CC Larry Vellinga - LARRY.VELLINGA@med.va.gov - with the following information:

• Your name
• Why you need access, i.e. "access to the site at http://yourURLgoesHere/"
• Your computer's ID, which looks similar to this: "abcdefwxyz/pal-p4c236w2.v21.med.va.gov"

Evelyn or Larry will let you know when to re-try your connection.

#3 Problem: Server Down

Occasionally, the IRT server is off-line. When this is a planned action, typically for servicing, IRT tries to provide advance notice and do the work during days and times with the least likely impact on operations. Sometimes, the server fails as any technology will, and IRT tries to avoid these and keep them brief when they happen. If you can view the site through your browser, you should be able to access the server through WebDAV. If http://med.stanford.edu/ is not available in your browser during normal business hours, please immediately call the IRT Help Desk line, (650) 723-8000 and use option 6 to report the outage.

#4 Problem: WebDAV Error (sometimes with "sharing violation")

Make sure your Office documents (word, excel, etc) are closed when you try to put them to the server.

You may also want to review the procedure for setting up your connection in the "Set Up WebDAV Connection" section above. 

If you are still having trouble, contact Web Help for further assistance.

1. Terms of Use

1. Stanford Terms: All Stanford Medicine sites, wikis and blogs are governed by the Stanford Terms of Use policy for online conduct. IRT as hosting agent for Stanford Medicine has the right to remove material from any site, wiki or blog, block access, or take other action with respect to the material, although it is under no obligation to do so.
2. Computer Users: As a user of a University server, you are expected to adhere to Stanford's Computer Usage Policies (PDF).
3. Purpose: All sites hosted by IRT must serve an official purpose.

2. URLs

1. Hosting: All official units of the School of Medicine (SoM) and Stanford Hospital & Clinics (SHC) must use hosting provided by, or approved by IRT for the school, or by Marketing & Communications for the hospital. Please do not attempt to establish independent hosting, commercial or private, of school resources or information under .com or .org domains.
2. Exemptions: If you feel a particular site should be hosted differently, please contact the Help Desk.
3. For Print: Do not commit a particular URL to use in print unless you have confirmed that it is currently published and operational (best) or that it can be made available to you by press time (second-best); contact the Help Desk to find out about URLs you wish to create in advance, and allow 2 or more weeks lead time.

3. Site Development & Hosting

1. Review: All sites must be reviewed by IRT prior to launch. It is the sole discretion of IRT Web Services what content can and cannot be hosted.
2. Maintenance: Each site must have an assigned person for maintenance and updating the content of that site. IRT must be notified who this person is and when a change occurs.
3. Contacts: Contact information must be prominently displayed on each site. At least one contact email address is required and (ideally) phone numbers and mailing addresses should be included.
4. Active Server Development: Hosting of client-developed Web applications such as CGI, PERL, ASP, JSP, PHP, JSP, Java, etc.are not permitted on IRT's servers, although IRT provides many such applications and processes. If you need hosting for a web application, please submit a Web Help request before committing resources to development.
5. Software & Access: The use of Dreamweaver is required for editing sites hosted on the legacy Stanford Medicine platform. WebDAV is the required method for accessing static Web sites for editing. FTP is not available.
6. Inactivity: All sites must be reviewed, and updated as necessary, at least every three months to update outdated and inaccurate information. Neglected or out-of-date sites may be removed from the server.
7. Content: Site content should be professional and informative; placeholder content ("coming soon") is discouraged. See the Help Guide for more information.

4. Design Standards

1. Basis: To increase the usability of the School's websites, the Executive Committee has provided design standards for all departments, divisions, centers, and institutes within the School of Medicine.
2. Flexibility: These design standards are intentionally flexible to accommodate unique online identies for individual units when desired, and have now been extended to all adult Stanford Medicine entities. The standards provide a coordinated identity and navigation scheme school-wide and create a logical experience for users as they traverse our various sites.
3. Customization: By default, all official units of the School and SHC must use the standard templates. If your group would like to develop a unique design, IRT must be involved in the process to insure your site will fit in with the overall online presence for Stanford Medicine. Contact Web Help to learn more.
4. Reverse-engineering: Is not allowed. Do not attempt to set up the Stanford Medicine format on your own server without first consulting with IRT. For your own protection, do not break pages hosted by IRT out of the templates provided by IRT or attempt to modify locked code.
5. Faculty Labs: Sites for individual faculty or research labs are exempt from the standard formatting requirement. All other standards apply.
6. Accessibility: Sites should follow accessibility guidelines, as laid out by the World Wide Web Consortium.

5. Privacy and Security

1. HIPAA Legal Standard: Content authors are responsible for insuring that information published on Stanford Medicine sites and other electronic communication tools does not violate HIPAA or FERPA requirements. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) contains standards and rules which govern the treatment of individually identifiable health information. Under no circumstances should health information about a patient — whether being treated at the Stanford University Medical Center or elsewhere — be disclosed without express written consent from the patient or his or her guardian. See the University's online HIPAA resources for more information.

2. Obligations of Site Operators: Reasonable measures must be taken to protect the security of pages that contain protected health information. In general this means that access to these pages needs to be tightly controlled and the content must be deliverd via SSL encryption.

3. Public Sites: Therefore, no Protected Health Information (PHI) should be stored or served from any public Stanford Medicine sites hosted bhttp://med.stanford.edu/irt/help/y IRT. Contact Web Help if you need to store, serve or share PHI.
4. Email: Do not collect PHI from your site via email form or regular email, as regular email is not secure; to collect PHI via form, see Surveyor.
5. Photo releases: Secure written consent from individuals not affiliated with Stanford whose pictures appear in your site, wiki or blog. In most cases, the school's general release form will suffice. However, whenever personal medical information is disclosed, the individual (or their guardian) must sign the school's HIPAA release form.
   1. Stanford students, faculty and staff -- No release required but please ask for verbal permission
   2. Family, friends, anyone in the community -- Basic photo release.
   3. Any person who identifying health information is disclosed -- HIPAA release. Note: this applies to individuals treated at the Stanford University Medical Center AND elsewhere.
   4. Download consent forms: General Photo Release and HIPAA Release.

6. eCommerce

1. Stanford Administration: All Stanford eCommerce (financial transactions via Web page) is required to use the official Stanford process. See the University ecommerce policy in the Admin Guide for details. Stanford has contracted with an internet commerce transaction services vendor to handle the authorization and management of electronic orders. This arrangement allows the University to:
   1. Consistently require the vendor to take necessary and reasonable steps to ensure that transactions are secure,
   2. Assure appropriate integration with University financial systems,
   3. Ensure that parties comply with Stanford name use and privacy policies,
   4. Use tested emergency response and recovery procedures,
   5. Leverage University transactions to reduce costs, and
   6. Provide current technology and support for developing applications.
2. Documentation: Stanford eCommerce is documented on the Stanford Financials site. To request assistance with this service, file a HelpSU request with the Stanford eCommerce support team.

7. Copyrights

1. Site owners and operators are responsible for copyright compliance on their sites. All copyrighted information (text, images, icons, programs, video, audio, etc.) must be used in conformance with applicable copyright and other law. Copied material must be properly attributed. Plagiarism of digital information is subject to the same sanctions as apply to plagiarism in any other media.

8. Advertisements

1. In general, the School's electronic communication facilities should not be used to transmit commercial or personal advertisements, solicitations or promotions.
2. Services and products offered by Stanford Medicine business entities are exempted.

9. Legal Liability

1. All content authors are legally responsible for their commentary. Individuals can be held personally liable for any commentary deemed to be defamatory, obscene, proprietary or libelous.