UCTrust Workgroup
Child pages
  • Meeting Notes - 2011-5-26 Conference call

Meeting Notes - 2011-5-26 Conference call

Agenda

Attendees

(Partial list, please add/edit your names)

David Walker, UCD
Dedra Chamberlin, UCB
Bruce James, UCOP
Celia Cheung, UCLA (scribe)

Stephen Hock, UCR
Chet Burgess, UCOP
John Kamminga, UCM
Greg Haverkamp, LBNL

Matt Elder, UCSD
Curtis Bray, UCD
Eric Goodman, UCSC
Albert Wu, UCLA

Incommon Silver Integration

At the moment, some campuses have not yet responded to the High Level Gap Analysis. The page can be found here: https://spaces.ais.ucla.edu/display/uctrustwg/High+Level+Gap+Analysis+Input+Page

We are not in bad shape for those campuses that have responded. It looks like there is the most work to be done in the Identity Proofing and Credential Technology areas.

As a side note, UCSB is about to bring up their Incommon IdP. They have always been shooting for Incommon Silver; in fact, they have been shooting for the old Incommon Silver, which was more stringent. So UCSB should be fairly low in their gap analysis columns. Also, UCSF is about to start their gap analysis, and will probably have a lot of moderate and high areas, since they are combining several different areas including the main campus and their medical center.

There are some talking points proposed to take to the ITLC - David and Dedra will be meeting with them on June 9th. Some of the points include:

  1. Translating the Low/Moderate/High rankings in the gap analysis into a level of resource for your campus, i.e. how much money will you have to ask for on your campus in order to certify to Incommon Silver (if any)? Do you have to organize and allocate resources? Dedra gave an example for Berkeley - after the gap analysis, take the number of hours and multiply by the hourly rate for an employee, which will cost approximately $160,000 for Berkeley to certify.
  2. We are going beyond what a lot of other schools are trying to do with certifying Incommon Silver for all staff and faculty. Other campuses are doing it for a small subset of their staff and faculty that might need it for something specialized (like NIH access). We need to set the expectations of the UC CIO's and let them know that while we may not be the first out the door with this certification, we are trying to do this on a much broader scale.
  3. There must be allocation of resources at the UC Trust level if we are going to work on this; the CIO's need to commit resources to each campus.
  4. In June we need to start on the project plan/proposal for Incommon Silver.
  5. We are proposing that the next phase can be done within 2-3 months, given that the IAM teams on each campus have the resources. However, we must take into account that some IAM teams have other more pressing problems to address, so we should not make a blanket 2 month deadline for all schools. We want the ITLC as a group to commit to getting these project plans in place.
  6. The CIO's as a group need to understand that for each campus there are different efforts and priorities for Identity Management and they need to determine where what those priorities are on their campuses. They need to work their their campus Identity Management teams to figure this out. What is most effective will vary by location based on the relation of the Identity Management team to the CIO and also to what degree the CIO already understands the benefits of the project.

The general gist is that we've done this gap analysis, and if the ITLC wants us to follow through with the certification we will need some resources to do this. We will work among the campuses and the CIC schools as well, but keep in mind that it will take us longer to certify than the CIC schools since they are just doing a pocket of their population. We need to start the project plan/proposal, a more detailed analysis and request resources. It may be that we need more resources to even conduct further analysis.

Other points:

  1. Most campuses are still at the high level of the gap analysis, and have not done a cost analysis yet.
  2. After this initial estimate, do we want to deliver a full estimate across all the UC's, or should we just make sure each campus knows what they need?
  3. This shouldn't be a problem that campuses solve independently; we should pool resources, requirement documents for IAM systems, etc.
  4. Since doing work for UC Trust is voluntary right now, members of the group can't always commit to working on UC Trust items even if the interest is there, because we need the allocation of resources from our repsective CIO's.
  5. It is assumed that we are all keeping our CIO's up to date, i.e. the campus CIO's should know about the Incommon Silver certification needs.
  6. We have not completed an assessment template to use for self assessment in a more formal way that convinces us that we need Incommon Silver; also, this would be used by auditors to verify our certification. Also, we are not doing these templates in isolation; CIC is working on this as well so we may be able to adopt what they have in order to save some time.
  7. We should keep in mind that some of the Identity Management staff don't have as close of a working relationship with their CIO's as other campuses.
  8. David and Dedra will put together some talking points for the CIO's and will send these out to the list to see if we are on the same page.

New HR/Payroll system

The UC Provisioning group suggests that eh Payroll system will be the first project done with the UC Provisioning project. However, since it has many users and is a source of identity for a lot of us, the flow from HR/Payroll to the Identity Management systems must be ironed out.

A point is brought up that while there may be pressure to install one monolithic product on our campuses (like Oracle Identity Manager), this may not be the best route. By using an approach where you don't just pick one vendor product, you can get a lot more flexibility over time. Also, it must be made clear to the CIO's and others in charge that buying and implementing a huge system like Oracle Identity Manager is not something that you just install and turn on; instead, you still have to pay consultants a lot of money to glue all the pieces together.

By July 2011, the implementation wave for this project will be announced (i.e. which campus will go first for implementation and which campuses will follow); the first campus will complete deployment by 2013. The plan is to completely deploy to all campuses by 2014-2015. By this date, all UC's will be transitioned to the new system and will have to integrate with the new HR/PPS system. This integration project is looming.

We will discuss the user provisioning project more on our next call on Thursday, June 23rd at 3pm.

  • No labels