UCTrust Workgroup
Child pages
  • Notes from 1-10-2012 UCPath, Oracle, UCTrust meeting

Versions Compared

Old Version 3

changes.mady.by.user user-f5373

Saved on

compared with

New Version 4

changes.mady.by.user user-f5373

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added some use cases and responsibilities per conversation with Marina at UCI.

...

  • Capture the process of user transitions from campus 1 to campus 2: user provisioning, data entry and data reconciliation processes.
  • How do you deal with InCommon Silver/UCTrust Basic certification of an individual during a transition from one campus to another? (E.g., we may need to generate a new validation code for the second campus to use)
  • Users being provisioned in advance (e.g., like UCSC DivData, future appointments)
  • Are users ever required to log in prior to being provisioned to a campus? E.g., prospects. How would logging those people in be handled.
  • Campuses should consider DR options (see campus responsibilities note, below)
  • Existing campus user (e.g., consultant, student) needs access to PeopleSoft; how can data entry be done to simplify match with local campus IDM after entry into PeopleSoft. 
    • Entry of student ID, etc during account creation.
    • Oracle intent is to allow campuses to have more than one "external id" per user.
  • What is the process for merging UCPath records, to correct errors in data entry/data duplication? 
  • Employee returns to a different campus after 10 years of separation (so user is not currently in UCPath, but does have a local "ex-employee" identity at first institution)  

InCommon Silver

  • Is there possibility for some sort of retroactive assertion process; e.g., postal mail validation codes to home address of  some such, to allow all campuses to meet InCommon Silver
  • PS SP should be configured to accept either UCTrustBasic or InCommon Silver IAQ

...

  • Would be nice to have a corresponding "Summary UCOP/Oracle responsibilities" slide
  • Conversion will have data for employees from the last two years. Older employees will essentially lose their EIDs, and we (UCOP UDIR? campuses?) will be required to add the value back in.
  • Assuming someone is active, with old (>2 years) affiliation with a different campus, will the conversion have both sets of employee info (e.g., EID) or, just the data from one of the PPS systems?
    • UCOP will discuss using UDIR matching to get old EIDs added for current employees
  • What SAML attribute name/OID/URN should be used for transmitting with the emplid? Does Oracle have a standard OID for emplid? Should we use inetOrgPerson/employeeNumber?
  • Work with the UCPath PMO and Oracle to review their DR plans to make sure IP infrastructure and support are consistent with the DR requirements of the Peoplesoft investment

Central LDAP

  • Discussion on hold for now. Discussed a little bit what the scope should be. 

...