Meeting Notes - 2011-9-29 Conference call

Attendees

(Partial list, please add/edit your names)

Agenda:

1. InCommon Silver update
2. HR/PPS update
3. Update on IAM next generation conversations at UCB/UCSF and higher ed open source IAM joint venture - others who would like to participate and how?

InCommon Silver and ITLC update:

• The update presented to the ITLC can be found here: https://spaces.ais.ucla.edu/display/uctrustwg/Update+For+ITLC+-+September+2011

• This summary page was shared with the ITLC and includes resource estimates. It goes over how we are using the InCommon Silver audit as a replacement for the UC Trust Basic audit that we are all overdue for. Dedra had a conversation with Ann West to re-energize the effort from InCommon to reach out to campuses and federations to see where we are, and how InCommon can help.

• As the page states, the CIC schools are targeting the second quarter of next year for their certification attempt. Also, if you are interested in the InterOp testing program mentioned in the update, go to the InCommon website and subscribe to their mailing list.

• All the resource estimates are shown on the update page as well. Dedra told the ITLC that this is the amount necessary to get the campuses to InCommon Silver, but not to re-credential people. These estimates also do not include the cost of the actual audit; however, since most of the work is on the Identity Management teams, the total audit cost should not be that high.

• As a side note, the UCLA estimate is for a total effort and does not include students. They will not be asking for any money because they already have the funding to cover the estimated costs.

• Dedra notes that she will add a column to this table to differentiate between money to be asked for versus existing money.

• LBNL also says that they will not ask for more money, since this is already part of their Identity Management strategic plan.  UCSC notes that it's not money per se, just asking for existing people's time.

• A cross institutional audit team was suggested to ITLC, to be lead by Karl Heins; ITLC was in agreement of this idea. However, we probably will not put together this team until we have at least a couple campuses that are ready to certify.

• Dedra asks the group if anyone has a timeline of certification. Albert responds that if HR/PPS requires InCommon Silver, then the timeline will be January 2013 for UCLA.

• Dedra brings up the point that some who are joining the HR/PPS may not even meet the UC Trust Basic standards, so perhaps those campuses should go through the Basic audit at minimum. But in that case, why not just use the InCommon Silver for the audit framework?  Someone responds suggesting that we do the audit both ways; use Silver, but where it fails, use Basic.

• Dedra mentions that we can ask Karl to point out the differences between the Silver and Basic frameworks so we can know what they are. At the very least we can, as the UC Trust Workgroup, ask HR/PPS to clarify whether or not the system will require InCommon Silver for the HR administrators logging in. Eric points out that in order for us to even ask this question, the numbers have to be there so that we can tell them if the answer is yes, then each campus will have to spend X number of dollars to meet this requirement.

• UC Berkeley has submitted the proposal for the certification costs and it has been granted. They will come up with a project plan within the next month.

• Dedra asks the campuses what their timelines are for being ready with documentation for an audit team to review; the responses are:
  • UCR: one year
  • UCLA: next Fall
  • LBNL: at least one year
  • UCSF: at least one year
  • UCB: within 6-9 months
  • UCD: some time next year

• Dedra says that we can all start documenting our business processes, and for now she will let Karl know that it won't be until next Spring at the earliest when we will have at least two campuses ready for the audit process and for us to get something off the ground. As more campuses start going through the audits, we will gain more knowledge and information on how to go through this process.

HR/PPS update:

• Albert gave an update from Mark, the technical project manager for this project. The project started in the beginning of September, and Oracle is holding sessions to collect information. ITAG members who participated in the RFC process flew up to meet with Oracle.  Oracle's intention is to collect data interfaces from each campus, and interface workbooks have already been given to each campus. There is a meeting scheduled for next Tuesday to go through these interfaces. They will be scheduling day-long meetings with individual campuses to go through the interfaces.

• At the moment, the first wave for the HR/PPS system will be UCLA, UCM, UCOP, UCSD, and UCSC. The project is treating the medical center as a seperate entity. The meetings to come will address identity management concerns for all campuses. We want to do this process as a whole unit, instead of individual campuses. Over the next few months, this will be our IT preparation period. Implementation will start in January 2012, and the rollout for the first wave will be in January 2013.

• Albert suggests we get in touch with your respective HR/PPS technical leads because they are being asked to collect their technical interfaces. Your technical lead is going to be from payroll side; they won't necessarily consider the student side or non-employee side of things.

• Someone else points out that although we have been asked to provide some documentation, so far it sounds like the PPS people are thinking they don't need input at this point. To some extent, it is worrisome that we know what data is in the interface today and that's what we do the planning on, but it would be better to not build interfaces based on what the PPS interfaces look like currently. There is a lot of data we are familiar with that is not that important in PPS, but hopefully this new system will include this data. We need to discuss what data is important to identity and access management; the biggest concern is that if we start with what is there, it will not meet the needs of what we need for identity management.

• Dedra suggests for the people who are in these meetings to report back to the rest of the group..

• Albert mentions that Mark knows that identity management is something we have to tackle together, not as individual campuses. This is why we should look at it from a UC Trust perspective not from a campus perspective. Mark is willing to drop in on the calls whenever we need him to.

• Dedra asks about the general interest for the Oracle products. UCSC mentions that they are rebuilding but not with a vendor product. UCSB says they are looking at Oracle but may do the same thing as UCSC. UCB has come up with some reference architecture and has spoken to people who have used Oracle and those who have not. Dedra mentions that if a lot of us are dealing with the Sun Identity Manager replacement, there is an opportunity for us to parther and share resources to deliver parts of the Identity Management systems that we need, as a UC effort or as a higher ed collaboration. Dedra asks if the group is interested in having a meeting to discuss the next generation Identity Managment solutions and to share and leverage resources; the UC Trust workgroup agrees to this. Dedra will organize this meeting and put together an agenda; she says that we can also share information from Oracle so that we can negotiate as a group instead of as individual campuses.

• Dedra will also schedule the meeting on SP guidance and onboarding(sp?) at some point within the next three weeks.

Next UC Trust call:

• The next UC Trust call will be on Thursday, October 27th from 3-4pm.