UCTrust Workgroup
Child pages
  • Meeting Notes - 2008-03-26 at UCSB

Versions Compared

Old Version 10

changes.mady.by.user WALKER, DAVID

Saved on

compared with

New Version Current

changes.mady.by.user WALKER, DAVID

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

...

  • AYSO
    • Bruce James presented a few slides showing AYSO use via UCTrust to date.
    • UCD, UCI, UCR, and UCSD are enabled for UCTrust access to AYSO.  UCI and UCSD have rolled it out to their communities.
    • The usage statistics show that there is no strong preference among AYSO users regarding the option to continue to prompt for the AYSO password at the start of a session.  It appears that giving users the choice was the right thing to do. It did create some minor confusion at UCI about the difference between the AYSO password and the UCInetID password.
  • Connexxus
    • David Walker discussed the two documents that were distributed with the agenda, SystemIssues-2008-03-20.doc and Re: Trondent Standard Profile fields.
    • Connexxus's UCTrust interface will use eduPersonPrincipleName to identify the user and will require UCTrust Basic assurance.
    • There will be two versions of the profile feeds.  Version 1 will address the first two locations' needs (UCR and UCSD), and Version 2 will address all locations' needs.  Version 1 should be final very soon.
  • HR LMS (aka UC Learning Center)
    • The UC Learning Center's UCTrust interface is in production and is starting to see use from the campuses.
  • Recent InCommon Level of Assurance discussions
    • The registration requirements for UCTrust, InCommon Silver, and eAuthentication level 2 are still difficult for campuses, particularly for remote users.
      • There is at least one service that can call a telephone and "speak" some information.  Such a service could be used to "...confirm existing records of the registrant's electronic mail address, telephone number, or postal address," as described in UCTrust's remote registration requirements.
      • Notary Publics were also suggested to support remote registration processes.

IdM-Based Architecture

  • Wiki Markup_\[Note: The version of the survey distributed with the agenda was incorrect.    Arlene Allen distributed the correct version was distributed during the meeting.\]_
  • Arlene Allen discussed the proposed survey.  The idea is to focus on identity information flows within processes, rather than specific systems.
  • It was the consensus that the survey's scope was very broad.  We will limit it by focusing on the system-wide process flows for the following systems:
    • Employee systems (payroll, benefits)
    • Student systems (Pathways)
    • Selected Corporate Data Warehouse systems
    • System-wide applications, specifically UC Learning Center and Connexxus

The UCTrust Work Group Wiki

  • The new UCTrust Work Group Wiki was presented by David Walker.  Thanks to UCLA for hosting it on their Confluence server.
  • It was agreed that anyone would be allowed to read the information on the wiki, except for a specific section that restricts access to authorized members of the UCTrust Work Group.
    • This same group of authorized members will be able to modify any of the pages on the wiki.
    • Campuses will provide the list of their authorized members to David Walker, who will work with UCLA to provide the access rights.
  • UCLA's Confluence server requires the release of eduPersonPrincipleName to be used via Shibboleth.  email and displayName are also used to populate Confluence's electronic mail and name fields, if they're available, the first time a user connects to the server. After that, the Confluence user interface can be used to set electronic mail address and name.
  • Assertion Consumer Service and Single Sign-On URLs will be added to the (retricted access) table of IdPs and SPs.

...