DRAFT Meeting Notes - 2008-10-23 at UCI
Attendees
Greg Ackerman, UCIMC |
Matt Elder, UCSD |
Jeff McCulough, UCB |
Summary of Action Items
- It was agreed that campuses would post links to their SP documentation, both policy and technology, on the wiki.
- Campuses should consider making their first InCommon contact be their help desk.
- Campuses should review their Shibboleth SP and IdP error pages to ensure users are seeing good information.
- Matt Elder will post the list of customizable Shibboleth pages.
Updates on Significant Campus Identity Management Activities
- UCD
- UCD is currently finalizing the planning for its identity management project, identifying the priorities of and products to support identity "joining" among payroll, student system, etc. (Sun MDM, Mural, Initiate), an application provisioning engine (Sun Identity Manager), and permission management (Sun Role Manager or other).
- UCSB
- UCSB is continuing on their implementation of Sun Identity Manager. They are using it for the identity join.
- UCSD
- UCSD is expanding their Shibboleth-supported SPs (constantly). They are using Shibboleth 2.x for new deployments.
- They're looking at Shibboleth 2 for their IdP, but it will take a while, as they have built a custom data conector that will need some reimplementation.
- They have a home-grown Java-only SP that they're trying to move away from by having people integrate Apache into their Java environments.
- UCM
- They are currently cleaning up their processes so they can start asserting UCTrust Basic.
- UCB
- UCB has gotten the go-ahead to implement Sun Identity Manager. They're trying to get the cost of Role Manager down, but MDM is likely to be too expensive.
- They're looking at how to distribute authentication and other critical servers around the campus.
- UCOP
- UCOP is looking at moving to a single repository of identity information.
- They went live with Connexxus on September 19 and have been running President Yudof's Project Tracker application for a number of months.
- They have tested their IdP with the SumTotal learning management system, but there is no imminent use right now.
- They're starting to work on interfacing with AYSO and UC Ready.
- There was some discussion of the new Enterprise Risk Management (ERM) system. It appears that funding for its UCTrust interface may be cut. The group's consensus was that this should not be done if it would increase campus administrative burden to support some other authentication scheme.
- UCSF
- UCSF's Tivoli-based identity management system, MyAccess, is up. Mass deployment will start in late October.
- They're doing a proof of concept with AYSO and are ready to start Connexxus testing. There's been some confusion within the Connexxus project of who UCSF should work with for testing.
- They asked for documentation for SP administrators/developers from other campuses. It was agreed that campuses would post links to their SP documentation, both policy and technology, on the wiki.
- UCSC
- UCSC is in the final stages of completing their InCommon membership. Shibboleth should be up very soon.
- They decided to deploy a new user name / password pair for this project. It will be LDAP-based.
- They're in the middle of evaluating what they need to do for UCTrust certification. They're using Berkeley's principles.
- For federated applications, they're focused on UC Ready, the learning management system, and Connexxus.
- UCI
- UCI is reimplementing their identity management system. It will continue to be a local implementation.
- This is happening at the same time that they will be adding approximately 50,000 applicants to their old system.
- They've just implemented Connexxus.
- There have been some problems of help desk coordination, both within Connexxus and within UCI.
- The first InCommon contact is the one reported by the default configurations of SP and IdP error pages.
- Campuses should consider making their first InCommon contact be their help desk.
- Campuses should review their Shibboleth SP and IdP error pages to ensure users are seeing good information. ***** Matt Elder will post the list of customizable Shibboleth pages.
- UCI is reimplementing their identity management system. It will continue to be a local implementation.
- UCLA