UCTrust Workgroup
Child pages
  • Meeting Notes - 2011-4-21 Conference call

Meeting Notes - 2011-4-21 Conference call

Agenda

Attendees

(Partial list, please add/edit your names)

David Walker, UCD
Dedra Chamberlin, UCB
Dattathreya Sharma, UCLA
Celia Cheung, UCLA (scribe)

Bob Ono, UCD
Chet Burgess, UCOP
John Kamminga, UCM
Warren Leung, UCLA

Matt Elder, UCSD
Patrick, UCD
Eric Goodman, UCSC
Greg Haverkamp, LBNL

Andrew Tristan, UCR
Steven, UCR
Curtis, UCD
Brian Roode, UCI

Proposal to create UCTrust/UCITPS work group on two-factor/LoA 3 and 4

There is a proposal to create another joint workgroup between UCTrust and UCITPS. The work that the joint group did for Incommon Silver went very well, so the proposal is for this new cross functional group to work together on coordinating a plan to come with the following items:

  • Use cases for authentication
  • Explore technical alternatives and assess what campuses are using currently
  • Put together recommendations for the ITLC

This will be a preliminary exploratory building of a recommendation; if it is endorsed by the ITLC then the group will carry on and do more detailed work.

The UCTrust workgroup decides that to start off with, each UCTrust represenative from each campus will provide use cases for their campus on two-factor authentication. Also, if the reps have any useful documentation in this area, please upload these as well to the wiki. Dedra will coordinate this effort. Once your campus has use cases and documentation posted, please send a note out on the mailing list to let others know so that the content can be reviewed.

Shibboleth Survey - response from our federation?

The survey talks about how Shibboleth has been a project of Internet2, but is important to a number of other federations around the world. It discusses how to fund Shibboleth for support as well. It asks about how important Shibboleth is to you and has questions about paying money for Shibboleth. Obviously, Shibboleth is important to us so we want to know that it will continue to be supported.

We will have more clout if the federation responds to this survey together.

The UCTrust workgroup decides that we should each do our own institutionalized responses (i.e. every campus submits a survey) while making note of the issues that are important to you and then we can fill out another response as a federation. As you fill out your survey, please send any ideas for the federated response to the mailing list for discussion. Please fill out the campus surveys by the end of next week (April 29th) so that we can begin coordinating our federated response after that.

The UC response will be sending a letter to the appropriate person in Internet2; UCTrust would ask whoever is chairing the ITLC now to forward along that message. David is going to ensure that the ITLC knows about the survey and that part of it is asking about investments in order to gauge their response.

Updated work plan:

High Priority

  • Complete the strategy for alignment between InCommon Silver and UCTrust Basic (in conjunction with UCITPS)
  • Guidance for service providers in the following areas (in conjunction with ITAG)
    • Assessment to determine the appropriate level of assurance
    • Guidance on the selection and use of identifiers and other attributes
    • When applications should be federated
    • Discovery service options
      • Central "WAYF"
      • Internal to SP
      • Create a UC-only discovery service?
  • The following will be driven by other UC-wide projects
    • User Provisioning
      • Support for targetedID
      • Support for groups
    • Support for the new HR/Payroll system

Medium Priority

  • User-approved attribute release (uApprove)
  • An infrastructure to support collaboration (COManage)

Other items that may need to be added to this list:

  1. Two-factor authentication
  2. Sun identity management/IAM component
  3. Entitlement
  4. Support for other attributes
  5. Shibboleth migration/upgrade (several campuses are on 1.3)

Side notes during this topic:

  • David mentions that we have to use software that is recommended by Incommon, and that we must follow their sliding window.
  • A question is asked on when Incommon is going to be accepting audit results for Incommon Silver; it seems like the specifications are out now but it is not yet finalized.

Incommon Silver meeting review (4/21, 9am):

The meeting reviewed work done by the group and discussed the gap analysis done by UC Davis and UC Berkeley. The group would like to get the rest of the UC campuses to commit to a gap analysis relative to the Incommon Silver identity assurance profile and to estimate the resources each campus would need in order to comply with the Incommon Silver so that the group can go back to the ITLC and give them an estimate.

Targeted date for all campuses to have done their high level gap analysis is in one month's time, i.e. May 21st. We should share these project plans among ourselves to help each other. After each campus has done the gap analysis, that should help set the timeline and expectations for switching to Incommon Silver and shutting of UCTrust Basic.

Dedra and David say that the ITLC already agrees that supplanting UCTrust Basic with Incommon Silver is a good idea, but they want to know what resources will be involved in this process.

There is a page for the project up on the wiki: https://spaces.ais.ucla.edu/display/uctrustwg/InCommon+Silver+Integration

Dedra, Doreen, David and Bob will come up with a template for other campuses to follow in terms of going through the Identity Assurance Profile and identifying the low, medium and high priorities for the campus in terms of the 8 different categories. They will put this template up on the wiki and send out a notice to the mailing list.

Next UCTrust call:

Thursday, May 26th from 3-4pm.

  • No labels