Federating UCLA Hosted Applications
Overview
UCLA hosts key business systems such as Payroll and Financial systems for UCOP and UC Merced. Consequently, several of the UCLA web applications based on these key systems have users from UCOP and UC Merced. These applications include:
- PCard - An application allowing PCard holders to upload scanned in receipts.
- PAN - Business Transaction Audit Notification. It's based on the Payroll Audit Notification system from UCOP, but UCLA has adopted it to audit transaction across multiple mainframe systems.
- Travel Express - Travel expense submission and tracking application.
- ERS - UCLA installation of the Effort Reporting System.
- and others...
UCLA is in the process of migrating all of its web applications to adopt Shibboleth as its native single sign-on protocol. As the migration happens, it makes sense for these applications to become federated so that users from UCOP and UC Merced can log in using their local campus ID.
Questions and Issues
- Should these applications be federated (InCommon)?
- Should these applications be UCTrust certified?
- Because all these systems are tied to the UCLA business systems, all of them assume at this point that the users have a UCLA employee ID. They are using the UID as a key identifier to retrieve user records. They are also expecting the IDP to present a user's during the attribute query/response. How should we handle this?