UCTrust Workgroup
Child pages
  • InCommon Silver Update for ITLC - April 2013

Update for ITLC - April 2013


Next Steps Identified in Sept 2011 and Update on Status

TaskUpdate
Continue with plan to use InCommon Silver rather than UC Trust audit framework (continue "waiving" UC Trust Basic audit requirement for minimum one more year)No campus has yet certified at InCommon Silver. All campuses except UC Hastings, which just joined the federation, are now out of compliance the UC Trust requirement to audit IAM systems and practices two years after self-certifying compliance when joining UC Trust.
Await revised certification plan and guidelines due from InCommon in the next couple monthsInCommon has a formal assurance certification plan now in place. Only one university in the country, Virginia Tech, has certified at InCommon Silver, and their implementation is for a relatively small set of people.
Review this revised plan at each campus and finalize resource requirementsMostly completed. Resource estimates are posted in the update to ITLC from Sept. 2011: Update for ITLC - September 2011
ITLC as a group and at each campus will need to make determination on resource assignment and priority

Most campuses reported that InCommon Silver is not currently on their priority roadmap for these primary reasons:

  • There are still no applications that require InCommon Silver assurance. The federal government has asserted for some time that some of their applications soon will, especially NIH sites, and possible other grant and financial aid sites.  But in the absence of a true requirement to assert Silver assurance, many campuses have not been able to prioritize InCommon Silver certification when allocating staff time
  • UC Path requires time and effort by many of the same people who would work on InCommon Silver. UC Path has taken precedence.  Also, UC Path decided not to require InCommon Silver assurance, so that project itself is not serving as a main driver for certification as had once been considered.
  • A shared audit resource has not yet been identified to help campuses with that component. UCSB is planning to certify at InCommon Bronze as a way of helping their audit team learn more about identity services.  They might be able to partner with other UC audit teams later as other campuses are ready for Bronze or Silver audit
  • Many campuses did not allocate the resources identified in the resource requirement exercise to an InCommon Silver project
All campuses should begin the process of documenting current practices using the InCommon Silver frameworkNo currently started consistently across campuses - see above.
Begin work to establish an audit framework that will make InCommon Silver audits as efficient as possible. The UC Trust workgroup recommended a multi-campus audit team be formed, with representation from internal audit from 3-5 campuses. Karl Heins volunteered to provide leadership and guidance to this group.Karl Heins passed away.  No other current staff member is available with the same background and expertise to lead this cross-campus effort.  UCSB's efforts to initiate an audit and share experience might help here. UC could also contract with an organization like Kantara to provide audit services to campuses.

 

New Next Steps

  • To enable InCommon Silver certification at all campuses, UC Path requirements should be re-evaluated to include the generation of a token that can be used to bootstrap digital identity at each campus. Without this, every campus will have to implement identity vetting processes that duplicate the HR I-9 process in order to meet InCommon Silver requirements
  • UCSB plans InCommon Bronze certification soon
  • UCB has a funded project for InCommon Silver, but that project is moving slowly due to the competing priorities noted above
  • UC should consider creating a shared audit team, or broach Kantara for a quote for their services
  • Each CIO should review InCommon Silver resource requirements at his/her campus and determine a timeframe to bring their campus into compliance


  • No labels