UCTrust Workgroup
Child pages
  • Meeting Notes - 2010-12-08 at UC Berkeley

Versions Compared

Old Version 5

changes.mady.by.user dedra@berkeley.edu

Saved on

compared with

New Version 6

changes.mady.by.user Brian Roode

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Developing roadmap for IAM framework, post Sun IdM
  • Guest access management
  • Completing rollout of InCommon Certificate service
  • Two-factor authentication pilot with Yubikey
  • Seeking resources to contribute to jasig OpenRegistry project
  • Have completed report on Group Management options and resource requirements for implementing grouper
  • January starting Proof of Concept project to implement ApacheServiceMix ESB to integrate Identity Management System with one downstream app
  • Just completed InCommon Silver Certification gap analysis

UCI - Brian

...

Roode (by phone)

  • Upgraded our Shibboleth IdP to version 2.1.5 back in June. The upgrade brought to light the potential ongoing compatibility issues we will have between the various versions of Shibboleth components. One of our ongoing challenges has been identifying local supporters for Shibboleth service providers. The risk in not doing so is that we will become the default local supporter. Sharepoint, UCReady/UC Action/UC Tracker and ERMIS are all good examples of this issue.
  • UCI is now providing the option for students to use Google Apps for Education for email - there are plans to use Shibboleth/SAML 2.0 to authenticate users to Google. We're currently using local Google accounts and are working on the transition plan.
  • Requiring that all our SP's join InCommon has been a bit of a challenge. ALEKS Corporation (math placement testing) was one of them that joined at our request. Standardizing on InCommon has a lot of advantages to us.
  • As for core infrastructure; we are working our the final phases of the development of a new campus Identity Management directory system to replace our "Ph/Qi" directory. We are currently running the two directory systems in parallel (read/write) and resolving discrepancies. The new in-house system is written using Ruby, the Rails framework, Active Record, MySQL. We employed much more rigid development standards, review, and testing for this deployment and it serves as a model for how we will develop applications in the future.

...