UCTrust Workgroup
Child pages
  • Meeting Notes - 2011-08-25 Conference call

Meeting Notes - 2011-8-25 Conference call

Agenda

Attendees

(Partial list, please add/edit your names)

Curtis Bray, UCD
Tom Poage, UCD
Bob Ono, UCD

Dedra Chamberlin, UCB
Eric Goodman, UCSC
Arlene Allen, UCSB

Celia Cheung, UCLA (scribe)
Albert Wu, UCLA
John Kamminga, UCM

Brian Roode, UCI
Matt Elder, UCSD
Hampton Sublett, UCD

InCommon Silver Implementation update

  • The ITLC meeting will be on September 20th. At the moment, UC Berkeley and UC Davis have presented a more detailed plan and gap analysis. UC Berkeley has submitted a resource request totalling $166,000; it was put on hold pending a further review. There is no guaranteed go-ahead to do the work at UC Berkeley.
  • UC Davis has raised the topic to their management, but timing-wise they cannot visit this until at least October or November. They are constrained with resources and budget.
  • A question is raised on when InCommon Silver will become a mandate for assurance.  Dedra responds that as of the last time there was an update (which was during the Educause security conference), the answer was some time this Fall.
  • Dedra mentions that no SP's are requiring InCommon Silver at the moment, but that could change in the future, especially for NIH and NSF applications and possibly for student grant applications. The larger issue is that since we are all self certified to be in compliance with UC Trust Basic, we have to do an audit after 2 years. ITLC originally waived that requirement since we were going to InCommon Silver; however, if we go back to the ITLC in September and tell them that we do not have time to implement InCommon Silver right now, the ITLC may say that they will not waive the audit for UC Trust Basic any longer. As a result, any campus due for their UC Trust Basic audit will have to go through with the process.
  • A question is asked if UC Trust is going to the ITLC to request funding and resources for InCommon Silver, or are we handling this at the campus level?  Dedra responds and says that each campus needs to make a resource plan and take that to each of our CIO's before the September ITLC meeting. At that point, we should know where we stand in terms of resources needed. As of last month, everyone said they were on schedule and were putting together their implementation plans. Dedra asks each campus if they are still on track to create the plans and take them to their CIO's before the September ITLC meeting. As a general consensus, it seemed like most campuses were a little behind, but were willing to try and make it by the September ITLC meeting.
  • A new suggestion is brought forth by the workgroup saying that we do both audits (UC Trust Basic and InCommon Silver), with the intention of most likely failing the InCommon Silver audit. There was some discussion of how to coordinate the audit process; perhaps having a collaborative effort would be the most effective. The audit itself is a self assessment process, and then auditors review that process. It would be ideal if we could ask auditors to use both set of criteria (for UC Trust Basic and InCommon Silver) when going through this process. Dedra is willing to make some inquiries to other campuses who are going through this same process. It is suggested that we should have a place on the wiki where we can post questions and solutions in reference to the audit process. Dedra will also make some talking points to the ITLC for moving this effort forward.

UC Trust leadership

  • During the previous meeting, it was brought up that it would be useful to have a formal ITLC/UC Trust liason. The idea was brought to the executive committee, and we are waiting to hear back.
  • We have also talked about a UC Trust Chair and Co-Chair - the workgroup agreed to wait until we hear back from the ITLC before proceeding.

System wide HR/Payroll decision

  • The identity management licensing associated with this agreement is only for employees and via the on demand service. For those of us who have students, affiliates, alumni, etc. the licensing does NOT apply. Local campuses would continue using their existing IAM system and intergrate this with the system wide HR tool.

Next generation IAM solutions

  • Joint Venture update from Hampton: two weeks ago, he met with different groups in Chicago to determine what open source IAM solutions exist today, and to identify what remaining gaps there are. There are three primary areas of functionality - person registry including identity reconciliation, provisioning, and access management. Between now and mid-September, there will be three workgroups formed based on those primary areas of functionality, and they will be working on a weekly basis gathering requirements and looking at componenents within these areas to see what needs to be enhanced and what pieces are missing entirely. The groups will come together in mid-September and share their findings with the larger group.
  • There was discussion on using a vendor solution and Oracle products - but it would cost a lot to convert to a license, and it would require support and professional services. Alternately, we could hire a developer that could contribute back to the Joint Venture project.
  • We will have a better idea of what's out there in mid-September. Penn State has developed a person registry; Hampton mentions that it might be what the group decides to use as a starting point, and then use that code base to make it more generic to the different campuses. It may take a year, but if we had a contribution model where schools could have a venue for offering a resource or two to help accelerate the schedule, then that would be a great help.
  • Dedra mentions that UC Berkeley will request a fitgap analysis instead of a formal RFI from their meeting with Oracle so that they can get an analysis of their specific needs and see how Oracle would meet those needs.

eCompliance

  • eCompliance is a vendor application that some campuses have rolled out without Shib. Since UCSD uses only Shib, they have no choice but to roll it out with Shib enabled. Matt asks what the official way is to bring this to the group and find out what we will accept from them as an SP.
  • In terms of dealing with SP's that want to provide a service to multiple UC schools, there is a suggestion from the workgroup that we create bundles of attributes for SP's; if we pre-negotiate packages based on what type of SP it is, it would streamline the whole process. It would not be efficient to have to negotiate attribute release for every single SP.
  • Dedra notes that while we do have documentation to show SP's that provide services to all UC campuses, and also documentation on SP integration with Shib, we do not have documents to give guidelines on attribute release at multiple schools.  
  • There is existing documentation on how each campus handles data release. This will be posted on the UC Trust wiki page.

Next UC Trust meeting

  • The next meeting is proposed to be moved to September 29th, 2011.
  • No labels