UCTrust Workgroup
Child pages
  • Meeting Notes - 2011-10-27 Conference call

Meeting Notes - 2011-10-27 Conference call

Agenda

Attendees

(Partial list, please add/edit your names)

Curtis Bray, UCD
Hampton Sublett, UCD
Matt Elder, UCSD
John OBer, UCOP/CDL

Dedra Chamberlin, UCB
Celia Cheung, UCLA (scribe)
Arlene Allen, UCSB

Warren Leung, UCLA
Dana Watanabe, UCI
Brian Roode, UCI

Update from UC Trust SP subgroup

A small group (Dedra, Arlene, Eric and Bruce) volunteered on the last conference call to have a conversation on how we might streamline the process for Service Providers for schools that provide attribute release for Identity Mangement systems. A few key points:

  • There are certain attributes that SP's often request. Often, these are bundles of attributes. Some of the data is low risk and do not expose identity, but some are high risk attributes.
  • We want to determine what categories/bundles are often requested so that we can document this and bundle data to certain types of SP's. This way, when new SP's come on board, there is a clear process and set of requirements for the steps they need to take in order to get the data they need.
  • The group brainstormed different data attribute bundles, as well as low/medium/high categories. Once a recommended process is set, it can be taken to the ITLC for endorsement. Afterwards, the ITLC could reach out to the data proprietors of each campus.
  • Arlene says that the focus is on the UC system and not a generic InCommon-wide solution.
  • InCommon has bundles that can be released to research-type providers. We can look at them to avoid duplication of effort.
  • Dedra says that we can also talk to other SP's that are coming online to see what their requirements are; this could help us better develop these sets of attributes.
  • Dedra asks what each campus has to go through in terms of talking to their data proprietors for the release of information. The response is that it generally varies widely from campus to campus. Some campuses have a very lengthy process while others do not.

More information about this will be posted on the wiki.

HR/PPS

The Oracle team is kicking off the project and is initiating conversations with each school and their Identity Management leads. They are resource gathering to determing how HR data is being pulled into the existing Identity Management systems.

  • Arlene says that Oracle has informed them that there are no connectors that are included as a part of the contract. Dedra says that it appears that none of the connectors are out of the box; each is sold separately.
  • Oracle is saying that they want one standard way to interface with Identity Management systems across the board. If this is the case, it makes it difficult for all campuses (including those who are Wave 2 and 3) to have to define all their interfaces now.
  • It seems that the current round of meetings is more high level resource gathering to determine what each campuses identity infrastructure is like, and that they will do another more detailed discussion with everyone.
  • Dedra says that if they are trying to define a single way to interact with Identity Management systems in Wave 1, it seems like it would be better for us to define that than the other way around. It would be nice for all of us, as Identity Managment leads, to come up with that strategy ourselves. This way, we can ensure that we can give our own input.
  • Dedra says that the more we understand the general priorities and desired outcomes, the more we can help shape the end product and how we integrate with the new HR system. We can help the Wave 1 schools now and then understand the design considerations of the schools coming in the later waves.
  • Matt says that as a future agenda item, perhaps we can brainstorm together what the architecture should look like.
  • Dedra says that she will send out an invite via the mailing list to ask anyone who is interested to participate in early design conversations regarding the new interface to the new system.
  • Several people say that it seemed like the current plan was a checklist of current PPS integrations to be migrated to the new system. If they are just re-implementing existing PPS with the new tool, then we are losing the value of this deployment. We need to re-engineer and re-analyze what we currently have to determine the best way to do things.
  • Dedra will notify Mark about this effort. Hopefully as a result of this, we will generate something that will help the whole migration go more smoothly for everyone.

In conjunction with InCommon Silver

  • Dedra says that they are hoping to leverage the identity vetting process that occurs when someone gets hired to meet the requirements for InCommon Silver. Tony Lowe(sp?) is curently working with the HR leads on a business harmonization process. We can send a message to Tony to make this process InCommon Silver compliant; he can be informed about what InCommon Silver entails. This information can be sent to Mark as well.
  • Dedra says that we can go through the identity vetting requirements in the IAP and summarize those, or confirm with InCommon that the I9 is InCommon Silver compliant.
  • Arlene says that there has to be no breaks in the chain of trust. However, the current PPS doesn't give you the ability to do this.
  • Dedra makes a suggestion to create a sub-email list that will only be for the Identity Management leads, and everyone agrees to this.

Open source for education Identity Management effort

  • Hampton says that they are going to try and re-energize the UC Sun Identity Management workgroup. He will send out email and ask us to update matrix from a few years ago in regards to where are you in your implementation lifecycle. This is so that we can better understand each campuses level of urgency. We will try to figure out where there is common need and the urgency level to find a solution.

UC Discovery service

  • Jeff from Berkeley has agreed to support a Discovery Service for UC Trust.
  • No labels