UCTrust Workgroup
Child pages
  • Meeting Notes - 2008-03-26 at UCSB

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Meeting Notes - 2008-03-26 at UCSB

(DRAFT in progress...) 

Attendees 

Arlene Allen, UCSB
Curtis Bray, UCD
Chet Burgess, UCOP
Dedra Chamberlin, UCB
Matt Elder, UCSD
Greg Fellin, UCM
Eric Goodman, UCSC
Karl Heins, UCOP
Steve Hock, UCR
Bruce James, UCOP

Mike Kennedy, UCR
Datta Mahabalagiri, UCLA
Jeff Mccullough, UCB
Chris Peters, UCI
Brian Roode, UCI
Heidi Schmidt, UCSF
Adam Stone, LBNL
Hampton Sublett, UCD
Andrew Tristan, UCR

Significant Campus Activities  

  • UCR
    • UCR recently brought AYSO up in production.  They plan a campus rollout in April.
    • The HR LMS is also in production.
  • UCB
    • UCB just certified for UCTrust.
    • They are working with Infosys to to implement Sun Identity Manager
  • LBNL
    • LBNL is working on completing their UCTrust certification.
  • UCSF
    • UCSF is working on an implementation of the Tivoli identity and access manager.
  • UCM
    • UCM uses Sun Identity Manager for most applications.
  • UCOP
    • UCOP has an IdP running, using Active Directory for authentication, and is ready to integrate with the HR LMS.
    • They are working on UCTrust certification.
  • UCR
    • UCR is working on two-factor authentication using SafeWord.  (Presentation later in the meeting.)
    • They are rolling Kerberos out for system administration.  It is provisioned from their identity management system.
  • UCI
    • AYSO is in production, as is the HR LMS.
    • They are reimplementing their identity and access management systems, which date back to the '90s ('80s?).  The new system will be developed locally.
    • UCI would like the ability to add student IDs to PPS.
      • So would everyone else.  This will be proposed to the ITLC.
      • There was also discussion of assigning UCnetIDs to students.  There are some issues with the business process that may preclude this.  UCSC and UCSB have "fuzzy" algorithms for uniquely identifying students that work pretty well (~30 mismatches/quarter for UCSB, 0.7%-0.9% for UCSC).
  • UCSB
    • UCSB is using the Sun JES identity suite and is hiring Sun to do the implementation.
  • UCSC
    • UCSC is using the Sun JES product, contracting Aegis for implementation.
      • They're managing only identities, not authentication.
    • The issue of implementing a single login has become a sticking point for them. Many legacy applications don't want shared userids and passwords.  (Discussion later in the meeting.
  • UCLA
    • UCLA has had Shibboleth 1.3 in production for over a year and plan to migrate campus applications to Shibboleth over the next 6-12 months.
  • UCD
    • UCD is implementing CAS in a high-availability configuration and is upgrading their Kerberos service.
    • They're looking at the right model for integrating with their medical center.
      • This is a common issue for all medical center campuses.  For now, medical centers are part of the campus identity management service, but often also have one of their own; UCSF, however, is integrated.
  • UCSD
    • UCSD just went live with AYSO.
    • They're implementing access for non-student / non-employee members of their community.
  • Internal Audit
    • Karl Heins recently had a discussion with PWC about auditing identity management services, both for UCtrust and InCommon.  The goal is to identify what controls and procedures need testing, as well as identifying (and, possibly, certifying) who should do such audits.

Updates

  • AYSO
    • Bruce James presented a few slides showing AYSO use via UCTrust to date.
    • UCD, UCI, UCR, and UCSD are enabled for UCTrust access to AYSO.  UCI and UCSD have rolled it out to their communities.
    • The usage statistics show that there is no strong preference among AYSO users regarding the option to continue to prompt for the AYSO password at the start of a session.  It appears that giving users the choice was the right thing to do. It did create some minor confusion at UCI about the difference between the AYSO password and the UCInetID password.
  • Connexxus
    • David Walker discussed the two documents that were distributed with the agenda, SystemIssues-2008-03-20.doc and Trondent Standard Profile fields.
    • Connexxus's UCTrust interface will use eduPersonPrincipleName to identify the user and will require UCTrust Basic assurance.
    • There will be two versions of the profile feeds.  Version 1 will address the first two locations' needs (UCR and UCSD), and Version 2 will address all locations' needs.  Version 1 should be final very soon.
    •  
  • No labels