UCTrust Workgroup
Child pages
  • Meeting Notes 2013-01-17 Conference Call

Participants

  • Lee Amenya, UCSD
  • Roger Phillips, UCSD
  • Everett Stauffer, UCSD
  • Warren Leung, UCLA
  • Datta Sharma, UCLA
  • Arlene Allen, UCSB
  • Russ Harvey, UCR
  • Terry Toy, UCR/CDL
  • John Kamminga, UCM
  • Curtis Bray, UCD
  • Dedra Chamberlin, UCB/UCSF
  • Benn Oshirin, UCB/UCSF
  • Bruce James, UCOP
  • Kalpa Barman, UCOP
  • Eric Goodman, UCOP
  • Steve Lau, UCOP
  • Jeffrey Crawford, UCSC

Agenda

Tanya Egloff was introduced in absentia

Tanya will be providing meeting support; scheduling, taking minutes, etc.

UC Trust proposed to be subsumed into ITAG

  • Will continue as a working group of ITAG, that brings information about IAM issues, strategy, etc. to the ITAG group.

Dedra wants to work out leader rotating chair mechanism for UCTrust

  • Suggestion #1: Chair + Vice Chair. 1 year term. After 1 year, Vice Chair takes over as Chair, new Chair selected.
  • General support for this model was expressed on the call.
  • Compared to TAS group, which does "ask for volunteers, then do secret ballot for new VC from among them"
  • If we went to voting (for chairs or otherwise), would we want to formalize voting or who gets to vote. I.e., does everyone vote, or one person per campus.
  • Perhaps UCTLeads perform the actual voting

Eric Goodman and the new IAM Lead position at UCOP

  • Still on the topic of "chairing" meetings
    • Alternative would be to have Eric just be the chair (or a co-chair)
    • Can be beneficial to have campus perspective to drive the agenda (arg to not have Eric be chair)
    • Could be that Eric stays "ex-officio" member, but others (e.g., Bruce) act as campus rep or lead (e.g., Bruce James)
  • What is the appropriate role of this position?
    • If we looked at UCTrust as a managed service (with central direction) could be more efficient;  as opposed to each campus developing processes and UCTrust doing more "corralling of existing process".
      • Can't be done by "overnight emails" and hoping they are responded to.
    • Referred to climate survey and LMS; process was definitely done by individual campuses. Could this position be leveraged to assist in these processes?
  • Asked Eric for input on role of position
    • Not an operational position, so wouldn't be involved in day-to-day approvals. But could definitely involved in defining process, perhaps getting some form of "uber approval process" to avoid each campus having to negotiate release
    • Will look for what common services would be useful for all campuses to leverage in the IDM space. E.g., a central IDM solution more robust than the current UCNetID service.
    • Will also maintain information about what each campus is doing to help with sharing information between the campuses.
  • Agreed that the n ew position won't solve all existing issues and for the near term will likely be focused on Path. But there is a need for some level of planning and direction for commonality of services. Not just "we'll do our thing and collaborate when we feel like it".       

InCommon Silver/LoA

  • InCommon has announced the IAAF framework (not just Silver)
  • Where are campuses in terms of InCommon Silver Cert
    • UCSB: Designed to be InCommon Silver.
      • Waiting for some other campuses nationally to certify before certifying, but think they are compliant
      • Have defaulted to Bronze; force Silver - small % age have gone through the Silver uplift
    • UCSD: They believe they are pretty close. But not looking to intiate an audit.
      • What's the resistance?
      • Not nec. resistance, just not doing it yet.
      • Are actually doing visual evaluation of everyone, including non-employees.    
      • E.g., collecting driver's licenses info. About 90% have been validated.
      • UCOP: Has some work to do. Maybe $60-70K of development to complete the process.
    • UCD: Did not receive funding to implement, but did all the planning.
    • UCB: Did a lot of planning. Got some resources, but InCommon Silver hasn't raised very high in their prioritization process, so there's no real driver?
    • UCLA: Looking to do a 2014 certification. Want to use the upcoming relpacement physical card system to leverage to get to silver.
  • Should campuses go through the process for Bronze just to test drive the process?
  • Does UCTrust want to recommend an LOA requirement for UCPath access?
    • Should we require UCTrustBasic?
    • Should we require InCommon Silver for all users?

      • No, mostly for pragmatic reasons (can't realistically Silver certify all accounts).

    • Should we require InCommon Silver for elevated privilege users?
      • If we did ID a subset of users that are "elevated privilege" users, that might be a good way to get started towards Silver that's not as onerous as "all employees".
  • How would people go about auditing?
    • Karl had talked about getting a group of auditors together and forming a group to collaboratively audit campuses
  •  If anyone initiates a review, please keep the UCTrust list informed!       

Service Provider request process

  • How is the process working?
    • For some it's working really well, but for others it seems pretty arbitrary about whether people are using it and doing the updates.
    • Tanya's time came in via a formal request to ITAG, that may be the correct process to get resources to support the process.
    • Warren (as a new member of the group) found the page helpful in providing guidance.
  • Other elements of UCTrust as a service
    • Berkeley has a new resource working on revamping the Wiki content. Looking to get better admin resources, more of a professional service

   

 

  • No labels