IT Services has migrated the content of spaces.ais.ucla.edu to Atlassian Confluence Cloud. Please visit https://ucla-confluence.atlassian.net to update your space/s. Spaces.ais.ucla.edu is now in read-only mode through July 31st, 2024
...
John Ober reports that the Task Force has submitted its report to the campus libraries. It appears that the libraries will accept and endorse all the recommendations in the report. John expects that decision to arrive on 9/16 and will distribute the final report to UC Trust members as soon as it becomes official.
A likely next step for the project will be to
eAcademy update
Microsoft responded to UCLA's inquiry. It wants the campuses to assert who is eligible (instead of eAcadamy's suggestion that the individual can self certify license entitlement).
This means campuses will need to track and assert an individual's eligibility to participate in the Work At Home license. The assertion will likely be made through IDP Attribute Responses(perhaps a value in eduPersonEntitlement).
Albert will schedule a follow up call between eAcademy and interested UC campuses representatives in the next 2 weeks.
ITAG's User Provisioning/Middleware Project
The project is looking to create a definition/description for a bus-orientated service to enable cross-campus user provisioning. Existing use cases include user provisioning needs in LMS, Connexxus, (and UC Ready?)
A working group, consist of 5 people from ITAG already exists. David is looking for additional UC Trust volunteers. Interested party please contact David.
Agenda Items
InCommon Silver Update
- News from InCommon TAC - InCommon is working with federal agencies to review
whethere InCommon Silver can be considered equivlaent to NIST LOA2 - Several campuses have reviewed the requirements, some are concerned about the ability to meet the requirements:
- UCLA will need to make substantial procedural and technical changes to its credentialing process - it's already planned and will be underway in 2010.
- Berkeley (and several other campuses) continued to be concerned with the clause requiring the IDM system to store SB1386 sensitive ID numbers. It isn't clear as to whether the ID numbers need
to be stored. If so, does it have to be stored electronically? Will paper records count? What is the retention requirement?
- David will follow up with InCommon TAC to reiterate UC's concern regarding the collection/storage of ID numbers.
Library's Use for Shibboleth
- The library side is working to contact each campus's IDP to respond to the questionnaire.
- UC Trust WG will put up a page on wiki to collect responses from campus IDP reps.
- The Library side is forming a technical group.
Discussion of SAML2 usage (not Shib)
Several campuses are running (or will soon be running) IDP 2.
A few campuses supports/will support SAML 2 through IDP 2.
Reminder: Internet2's Shibboleth 1.3 support ends on June 30, 2010.
There are some well known SAML 2 SP's (Google), though it's not yet widely requested.
InCommon's WAFY does not yet fully work with SAML2. Is this a priority to pursue
with InCommon
- Do we want a UCTrust specific discovery service?
Face-to-face meeting
The chairs will schedule a face-to-face meeting in September. Please send agenda suggestions to Dedra and/or David. Current agenda ideas include:
- Provisioning
- InCommon Silver
We may possibly combine the meeting with a face-to-face Sun IDM SIG meeting.
to conduct a proof of concept deployement with HathiTrust. UCLA and UCSD already support the attributes required for the POC, and the respective libraries will likely soon contact the campus IDM offices.
Beyond, the Task Force recommends approaching content vendors and e-journal vendors. Many are already Shibboleth-enabled due to mandates from UK federation.
There was a brief discussion regarding challenges working with Innovative Interfaces, who has been reluctant to integrate its solutions with Shibboleth. More to come on this.
eAcademy update
Representatives from several campuses met with eAcademy via a conference call in early August. The eAcademy call was to discuss possible methods for the campus to transmit a user's MCCA Work at Home eligibility to eAcademy. eAcademy is generally willing to accomodate a variety of interfaces. The suggested mechanisms were documented here.
Albert's observation is that overall, transmitting entitlement data is a preferred mechanism over a separate feed. However, there are concerns regarding the campus' ability to calculate eligibility based on available data. The general consensus seems to be that the responsibility of determining eligibility should not lie with the IDM offices. The question is, who is responsible on each campus?
Another question is whether this needs to be a UC Trust implementation, or whether it can be left to campuses to tackle individually with eAcademy.
Regardless, the general issue of asserting service eligibility is coming up in a variety of projects. The group will tackle this topic in greater detail during the upcoming face-to-face meeting.
Face-to-face meeting
The group agreed tentatively to schedule a face-to-face meeting at Berkeley in early December.
UC User Provisioning Project
The group was running out of time on the call. David gave a quick update: The User Provisioning Project's report will be presented to ITLC at its September meeting. David asks everyone to read the User Provisioning documents
Next Month
Discussion topic for the October call: InCommon Silver certification and the UC User Provisioning ProjectThe group had agreed to move to a bi-monthly call schedule, but decided to continue the call monthly until the September face-to-face meeting. The group will determine future meeting schedules at the face-to-face meeting.