Page History

...

• The ITLC meeting will be on Septebmer September 20th. At the moment, UC Berkeley and UC Davis have presented a more detailed plan and gap analysis. UC Berkeley has submitted a resource request totalling $166,000; it was put on hold pending a further review. There is no guaranteed go-ahead to do the work at UC Berkeley.

• UC Davis has raised the topic to their management, but timing-wise they cannot visit this until at least October or NovemnberNovember. They are constrained with resources and budget.

• A question is raised on when InCommon Silver will become a mandate for assurance? Dedra .  Dedra responds that as of the last time there was an update (which was during the Educause security conference), the answer was some time this Fall.

• Dedra mentions that no SP's are requiring InCommon Silver at the moment, but that could change in the future, especially for NIH and NSF applications and possibly for student grant applications. The larger issue is that since we are all self certified to be in compliance with UC Trust Basic, we have to do an audit after 2 years. ITLC originally waived that requirement since we were going to InCommon Silver; however, if we go back to the ITLC in September and tell them that we do not have time to implement InCommon Silver right now, the ITLC may say that they will not waive the audit for UC Trust Basic any longer. As a result, any campus due for their UC Trust Basic audit will have to do sogo through with the process.

• A question is asked if UC Trust is going to the ITLC to request funding and resources for InCommon Silver, or are we handling this at the campus level? Dedra  Dedra responds and says that each campus needs to make a resource plan and take that to each of our CIO's before the September ITLC meeting. At that point, we should know where we stand in terms of resources needed. As of last month, everyone said they were on schedule and were putting together their implementation plans. Dedra asks each campus if they are still on track to create the plans and take them to their CIO's before the September ITLC meeting. As a general consensus, it seemed like most campuses were a little behind, but were willing to try and make it by the September ITLC meeting.

• A new suggestion comes up is brought forth by the workgroup saying that we do both audits (UC Trust Basic and InCommon Silver), with the intention of most likely failing the InCommon Silver audit. There was some discussion of how to coordinate the audit process; perhaps having a collaborative effort would be the most effective. The audit itself is a self assessment process, and then auditors review that process. It would be ideal if we could ask auditors to use both set of criteria (for UC Trust Basic and InCommon Silver) when going through this process. Dedra is willing to make some inquiries to other campuses who are going through this same process. It is suggested that we should have a place on the wiki where we can post questions and solutions in reference to the audit process. Dedra will also make some talking points to the ITLC for moving this effort forward.

...

• Joint Venture update from Hampton: two weeks ago, he met with different groups in Chicago to determine what open source IAM solutions exist today, and to identify what remaining gaps there are. There are three primary areas of functionality - person registry including identity reconciliation, provisioning, and access management. Between now and mid-September, there will be three workgroups form formed based on those primary areas of functionality, and they will be working on a weekly basis gathering requirements and looking at componenents within these areas to see what needs to be enhanced and what pieces are missing entirely. The groups will come together in mid-September and share their findings with the larger group.

• There was discussion on using a vendor soluction solution and Oracle products - but it would cost a lot to convert to a license, and it would require support and professional services. AlternatlyAlternately, we could hire a developer that could contribute back to the Joint Venture project.

...

• In terms of dealing with SP's that want to provide a service to multiple UC schools, there is a suggestion from the workgroup that we create bundles of attributes for SP's; if we pre-negotiate packages based on what type of SP it is, it would streamline the whole process. It would not be efficient to have t to negotiate attribute release for every single SP.

• Dedra notes that while we do have documentation to show SP's that provide services to all UC campuses (https://spaces.ais.ucla.edu/display/uctrustwg/DRAFT+-+UCTrust+SP+Information), and also documentation on SP integration with Shib (https://spaces.ais.ucla.edu/display/iamuclabetadocs/ShibSPPlanningGuideBeta, https://wiki.library.ucsf.edu/display/IAM/MyAccess+Integration+ToolKit+%28Shibboleth%29), we do not have documents to give guidelines on attribute release at multiple schools. Doing this method of bundling attributes to send off to data proprietors could be very useful. 

• There is existing documentation on how each campus handles data release. This will be posted on the UC Trust wiki page.

...