Error!

Spaces has been migrated to the cloud. Please go to https://ucla-confluence.atlassian.net to update your space/s.

IT Services has migrated the content of spaces.ais.ucla.edu to Atlassian Confluence Cloud. Please visit https://ucla-confluence.atlassian.net to update your space/s. Spaces.ais.ucla.edu is now in read-only mode through July 31st, 2024
UCTrust Workgroup
Child pages
  • Meeting Notes - 2011-09-29 Conference call

Versions Compared

Old Version 5

changes.mady.by.user Cheung, Celia

Saved on

compared with

New Version Current

changes.mady.by.user Cheung, Celia

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

...

Curtis Bray, UCD
Andrew Tristan, UCR
Bob Ono, UCD

Dedra Chamberlin, UCB
Eric Goodman, UCSC
Arlene Allen, UCSB

Celia Cheung, UCLA (scribe)
Albert Wu, UCLA
John Kamminga, UCM

Brian Roode, UCI
Stephen Hock, UCR
Greg, LBNL

Agenda:

  1. InCommon Silver update
  2. HR/PPS update
  3. Update on IAM next generation conversations at UCB/UCSF and higher ed open source IAM joint venture - others who would like to participate and how?

...

  • This summary page was shared with the ITCL ITLC and includes resource estimates. It goes over how we are using the InCommon Silver audit as a replacement for the UC Trust Basic audit that we are all overdue for. Dedra had a conversation with Ann West to re-energize the effort from InCommon to reach out to campuses and federations to see where we are, and how InCommon can help.

...

  • As a side note, the UCLA estimate is for a total effort and does not include students. They will not be asking for any money because they already have the funding to cover the estimated costs.
  • Dedra notes that she will add a column to this table to differentiate between money that will have to be asked for versus existing money.
  • LBNL also says that they will not ask for more money, since this is already part of their Identity Management strategic plan.
    UCSC  UCSC notes that it's not money per se, just asking for existing people's time.
  • A cross institutional audit team was suggested to ITLC, to be lead by Karl Heins; ITLC was in agreement of this idea. However, we probably won't will not put together this team until we have at least a couple campuses that are ready to certify.

...

  • Dedra brings up the point that for some of those who are joining the HR/PPS may not even meet the UC Trust Basic standards, so perhaps those campuses should go through the Basic audit at minimum. But in that case, why not just use the InCommon Silver for the audit framework? A response suggest  Someone responds suggesting that we do the audit both ways; use Silver, but where it fails, use Basic.
  • Dedra mentions that we can ask Karl to point out the differences between the Silver and Basic frameworks so we can know what they are. At the very least we can, we ast as the UC Trust Workgroup can , ask HR/PPS to clarify whether or not the system will require InCommon Silver for the HR administrators logging in. Eric points out that in order for us to even ask this question, the numbers have to be there so that we can tell them if the answer is yes, then each campus will have to spend X number of dollars to meet this requirement.

...

  • Dedra asks the campuses what their timelines are for being ready with documentation for an audit team to review; the responses are:
    • UCR: one year
    • UCLA: next Fall
    • LBNL: at least one year
    • UCSF: at least one year
    • UCB: within 6-9 months
    • UCD: starting some time next year
  • Dedra says that we can all start documenting our business processes, and for now she will let Karl know that it won't be until next Spring at the earliest when we will have at least two campuses ready for the audit process and for us to get something off the ground. As more campuses start going through the audits, we will gain more knowledge and information on how to go through this process.

HR/PPS update:

  • Albert give gave an update from Mark, the technical project manager on for this effortproject. The project started in the beginning of September, and Oracle is holding session sessions to collect information. ITAG members who participated in the RFC process flew up to meet with Oracle. Their  Oracle's intention is to collect data interfaces from each campus, and interface workbooks have already been given to each campus. There is a meeting scheduled for next Tuesday to go through these interfaces. They will be scheduling day-long meetings with individual campuses to go through the interfaces.
  • At the moment, the first wave for the HR/PPS system will be UCLA, UCM, UCOP, UCSD, and UCSC. The project is treating the medical center as a seperate entity. The meetings to come will address identity management concerns for all campuses. We want to do this process as a whole unit, instead of individual campuses. Over the next few months, this will be our IT preparation period. Implementation will start in January 2012. The , and the rollout for the first wave will be in January 2013.

...

  • Someone else points out that although we have been asked to provide some documentation, so far it sounds like the PPS people are thinking they don't need input at this point. To some extent, it is worrisome that we know what data is in the interface today and that's what we do the planning on, but it would be better to not build interfaces based on what the PPS interfaces look like currently. There is a lot of data we are familiar with that is not that important in PPS, but hopefully this new system will include this data. We need to discuss what data is important to identity and access management; the biggest concern is that if we start with what is there, it will not meet the needs of what we need for identity management.
  • Dedra suggests for the people who are in these meetings to report back to the rest of the group..
  • Albert mentios mentions that Mark knows that identity management is something we have to tackle together, not as individual campuses. This is why we should look at it from a UC Trust perspective not from a campus perspective. Mark is willing to drop in on the calls whenever we need him to.

d: shared service center at UCOP, will focus on this project. once that position is filled we can work with that person.

oracle: oracle IM, master data management for hr/pps, more generalized use. oracle server suite, available for general campus use. interesting implementation uses for future identity management implementations.

someone: pricing is completely different. OIM - they don't have a sep charge for ldap services.

arlene: oracle universal directory - made available to us??

a: product license hosted at oracle for hr/pps, nothing else

...

  • Dedra asks about the general interest for the Oracle products. UCSC mentions that they are rebuilding but not with a vendor product.

...

  • UCSB says they are looking at Oracle but may do the same

...

  • thing as UCSC. UCB has come up with some reference architecture and has spoken to people who have used

...

  • Oracle and those who have not. Dedra mentions that if a lot of us are dealing

...

  • with the Sun

...

  • Identity Manager replacement, there is an opportunity for us to

...

  • parther and share resources to deliver parts of

...

  • the Identity Management systems that we need

...

  • , as a UC effort or as a higher ed collaboration. Dedra asks if the group is interested in having a meeting to discuss the next generation

...

  • Identity Managment solutions

...

  • and to share and leverage resources

...

  • ; the UC Trust workgroup agrees to this. Dedra will organize this meeting and put together an agenda; she says that we can also share information from Oracle so that we can negotiate as a group instead of

...

  • as individual campuses.
  • Dedra will also schedule the meeting on SP guidance and onboarding(sp?) at some point within the next three weeks.

Next UC Trust call:

  • The next UC Trust call will be on Thursday, October 27th from 3-4pm.