Participants
- Lee Amenya, UCSD
- Roger Phillips, UCSD
- Everett Stauffer, UCSD
- Warren Leung, UCLA
- Datta Sharma, UCLA
- Arlene Allen, UCSB
- Russ Harvey, UCR
- Terry Toy, UCR/CDL
- John Kamminga, UCM
- Curtis Bray, UCD
- Dedra Chamberlin, UCB/UCSF
- Benn Oshirin, UCB/UCSF
- Bruce James, UCOP
- Kalpa Barman, UCOP
- Eric Goodman, UCOP
- Steve Lau, UCOP
- Jeffrey Crawford, UCSC
Agenda
Tanya Egloff was introduced in absentia
Tanya will be providing meeting support; scheduling, taking minutes, etc.
UC Trust proposed to be subsumed into ITAG
- Will continue as a working group of ITAG, that brings information about IAM issues, strategy, etc. to the ITAG group.
Dedra wants to work out leader rotating chair mechanism for UCTrust
- Suggestion #1: Chair + Vice Chair. 1 year term. After 1 year, Vice Chair takes over as Chair, new Chair selected.
- General support for this model was expressed on the call.
- Compared to TAS group, which does "ask for volunteers, then do secret ballot for new VC from among them"
- If we went to voting (for chairs or otherwise), would we want to formalize voting or who gets to vote. I.e., does everyone vote, or one person per campus.
- Perhaps UCTLeads perform the actual voting
Eric Goodman and the new IAM Lead position at UCOP
- Still on the topic of "chairing" meetings
- Alternative would be to have Eric just be the chair (or a co-chair)
- Can be beneficial to have campus perspective to drive the agenda (arg to not have Eric be chair)
- Could be that Eric stays "ex-officio" member, but others (e.g., Bruce) act as campus rep or lead (e.g., Bruce James)
- What is the appropriate role of this position?
- If we looked at UCTrust as a managed service (with central direction) could be more efficient; as opposed to each campus developing processes and UCTrust doing more "corralling of existing process".
- Can't be done by "overnight emails" and hoping they are responded to.
- Referred to climate survey and LMS; process was definitely done by individual campuses. Could this position be leveraged to assist in these processes?
- If we looked at UCTrust as a managed service (with central direction) could be more efficient; as opposed to each campus developing processes and UCTrust doing more "corralling of existing process".
- Asked Eric for input on role of position
- Not an operational position, so wouldn't be involved in day-to-day approvals. But could definitely involved in defining process, perhaps getting some form of "uber approval process" to avoid each campus having to negotiate release
- Will look for what common services would be useful for all campuses to leverage in the IDM space. E.g., a central IDM solution more robust than the current UCNetID service.
- Will also maintain information about what each campus is doing to help with sharing information between the campuses.
- Agreed that the n ew position won't solve all existing issues and for the near term will likely be focused on Path. But there is a need for some level of planning and direction for commonality of services. Not just "we'll do our thing and collaborate when we feel like it".
InCommon Silver/LoA
- InCommon has announced the IAAF framework (not just Silver)
- Where are campuses in terms of InCommon Silver Cert
- UCSB: Designed to be InCommon Silver.
- Waiting for some other campuses nationally to certify before certifying, but think they are compliant
- Have defaulted to Bronze; force Silver - small % age have gone through the Silver uplift
- UCSD: They believe they are pretty close. But not looking to intiate an audit.
- What's the resistance?
- Not nec. resistance, just not doing it yet.
- Are actually doing visual evaluation of everyone, including non-employees.
- E.g., collecting driver's licenses info. About 90% have been validated.
- UCOP: Has some work to do. Maybe $60-70K of development to complete the process.
- UCD: Did not receive funding to implement, but did all the planning.
- UCB: Did a lot of planning. Got some resources, but InCommon Silver hasn't raised very high in their prioritization process, so there's no real driver?
- UCLA: Looking to do a 2014 certification. Want to use the upcoming relpacement physical card system to leverage to get to silver.
- UCSB: Designed to be InCommon Silver.
- Should campuses go through the process for Bronze just to test drive the process?
- Does UCTrust want to recommend an LOA requirement for UCPath access?
- Should we require UCTrustBasic?
- Should we require InCommon Silver for all users?
No, mostly for pragmatic reasons (can't realistically Silver certify all accounts).
- Should we require InCommon Silver for elevated privilege users?
- If we did ID a subset of users that are "elevated privilege" users, that might be a good way to get started towards Silver that's not as onerous as "all employees".
- How would people go about auditing?
- Karl had talked about getting a group of auditors together and forming a group to collaboratively audit campuses
- If anyone initiates a review, please keep the UCTrust list informed!
Service Provider request process
- How is the process working?
- For some it's working really well, but for others it seems pretty arbitrary about whether people are using it and doing the updates.
- Tanya's time came in via a formal request to ITAG, that may be the correct process to get resources to support the process.
- Warren (as a new member of the group) found the page helpful in providing guidance.
- Other elements of UCTrust as a service
- Berkeley has a new resource working on revamping the Wiki content. Looking to get better admin resources, more of a professional service