Error!

Spaces has been migrated to the cloud. Please go to https://ucla-confluence.atlassian.net to update your space/s.

IT Services has migrated the content of spaces.ais.ucla.edu to Atlassian Confluence Cloud. Please visit https://ucla-confluence.atlassian.net to update your space/s. Spaces.ais.ucla.edu is now in read-only mode through July 31st, 2024
UCTrust Workgroup
Child pages
  • Meeting Notes - 2010-10-15 Conference call

Versions Compared

Old Version 1

changes.mady.by.user Cheung, Celia

Saved on

compared with

New Version Current

changes.mady.by.user Matt Elder

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

...

Chris Peters, UCI
Chet Burgess, UCOP
Arlene Allen, UCSB
Carl Heins, UCSB

David Walker, UCD
Surya Narayana, UCSF
Datta Mahabalagiri, UCLA
Albert Wu, UCLA

Celia Cheung, UCLA (scribe)
Greg Haverkamp, LBNL
Dedra Chamberlin, UCB
Jeff McCollough, UCB

Matt Elder, UCSD

Notes

User Provisioning Project

...

Question: Are we still using Kuali Rice for middleware?
Answer: It should be considered. The investigation of middleware that ITAG did was an evaluation of Rice. Now it has become bigger - it makes sense to have a common middleware for intercampus use at the UC level, but there hasn't been a firm decision thatRice that Rice is the right thing. In some way it makes the most sense because a number of campuses are deploying applications that use it, but it is less mature than other options out there.

...

  • Right now for UC Trust, there are 5-6 attributes defined. If we move forward with this project, there should be a tremendous increase in the attribute information that we have. We are assuming that the identity management people are the gateway to all of those attributes, in order to create a common interface. But if you don't want to pull from the database that your group maintains and pullfrom pull from something else, that is up to you. The idea is that each campus will have their own common interface. The intent is that the federation can treat the information as authoritative. However, we are not the authoritative owners of the data; we have to ask for the owners to release data. We do not have the authority to do that.

...

  • We are thinking that getting everyone to install Grouper would be a good idea. This would allow us to have a common way of managing groups. If someone was on two differentcampusesdifferent campuses, this would allow us to put them in different groups on the different campuses based on their roles there. Every campus needs to have some way of managing groups. We want to be able to assign ownership of a group to someone at another campus. This way, the identity information could flow over from campus to campus, group to group. It would be easier to do this if we had the same group management system. Also, implementing group management at the same time with other campus will make things easier. A standard format for group management is what is needed, not necessarily a standard implementation.

Question: Now that this proposal has been presented to ITLC, do people feel like we can meet this proposal timeline?
Answer: The timeline begins when the project starts. Reusing Shibboleth foundations will make things easier, but the project is not without effort. However, even though it is a good amount of work, in the medium or long term it will be less work thancontinuing than continuing to do ad hoc provisioning.

...

  • Arlene says that this project isnot is not monolithic; it is broken down into phases. We also still have thedetailed the detailed design phase and a checkpoint with the ITLC before the project is approved. We have been tasked with laying out the detailed design. Phase One includes detailed planning and detailed design of architecture. During Phase Two, we have a year to select the actual technology to be used, write documentation, do testing, QA, and so forth. After that, Phase Three is done at each campus - to implement group management, see targetedID implemented (as the unique ID that never changes in these provisioning streams), and establish relationships around campus for the likely source of these attributes. We will get a common implementation of the interface with the IAM and we need to integrate that with our local systems. Another point is that Phase Three doesn't have to be done on a campus untilthat until that campus needs the capability.

...

Question: What was the response of the ITLC?
Answer: It was positive, and they asked us to continue to look at more detailed design. There weregeneral were general questions, etc. at the meeting but there was no hesitance. ITAG is being charged to identify resources to do the detailed design, and suggest what resources are needed. Funding has been slated by ITLC - they have agreed to cover up to $30,000 for the detailed design phase. ITAG is going to make a proposition to say how these resources will be allocated, and ITLC will review this and decide whether or not to move forward. The real question for this project is not "Is it a good idea?" but "Can we find the resources to do it?" It will mean spending money now, but saving money later.

...

  • There will be another meeting between UC Davis and UC Berkeley in the next few weeks, and the goal is to have a written gap analysis within a month. This will be on the agenda for the in-person meeting to be held in December between UC Davis and UC Berkeley. This joint meeting will hash out what needs to be done in order to comply with InCommon Silver. There are a few possible dates in thefirst the first two weeks of December being suggested for the meeting; each campus isrequested is requested to coordinate availability and report back as soon as possible.