UCTrust Workgroup
Child pages
  • Meeting Notes - 2008-10-23 at UCI

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

DRAFT Meeting Notes - 2008-10-23 at UCI

Attendees

Greg Ackerman, UCIMC
Arlene Allen, UCSB
Curtis Bray, UCD
Chet Burgess, UCOP
Dedra Chamberlin, UCB
Steve Chen, UCIMC
Adam Cohen, UCB
Josh Drummond, UCI
Holly Eggleston, UCSD

Matt Elder, UCSD
Greg Fellin, UCM
Declan Fleming, UCSD
Jann Fong, UCSF
Eric Goodman, UCSC
Brian Koehmstedt, UCM
Datta Mahabalagiri, UCLA
Neil Matatall, UCI

Jeff McCulough, UCB
Chris Peters, UCI
Tom Poage, UCD
Brian Roode, UCI
Hampton Sublett, UCD
David Walker, UCD
Dana Watanabe, UCI
Albert Wu, UCLA

Summary of Action Items (tick)

  •  It was agreed that campuses would post links to their SP documentation, both policy and technology, on the wiki.
  • Campuses should consider making their first InCommon contact be their help desk.
  • Campuses should review their Shibboleth SP and IdP error pages to ensure users are seeing good information.
    • Matt Elder will post the list of customizable Shibboleth pages.

Updates on Significant Campus Identity Management Activities

  • UCD
    • UCD is currently finalizing the planning for its identity management project, identifying the priorities of and products to support identity "joining" among payroll, student system, etc. (Sun MDM, Mural, Initiate), an application provisioning engine (Sun Identity Manager), and permission management (Sun Role Manager or other).
  • UCSB
    • UCSB is continuing on their implementation of Sun Identity Manager.  They are using it for the identity join.
  • UCSD
    • UCSD is expanding their Shibboleth-supported SPs (constantly).  They are using Shibboleth 2.x for new deployments.
      • The configure UCSD-only SPs with a "WAYF" of their identity management system to avoid the "Where are you from?" prompt by InCommon.
      • They don't register UCSD-only SPs with InCommon.  The SPs, though, do load InCommon metadata for information about IdPs.
    • They're looking at Shibboleth 2 for their IdP, but it will take a while, as they have built a custom data conector that will need some reimplementation.
    • They have a home-grown Java-only SP that they're trying to move away from by having people integrate Apache into their Java environments.
  • UCM
    • They are currently cleaning up their processes so they can start asserting UCTrust Basic.
  • UCB
    • UCB has gotten the go-ahead to implement Sun Identity Manager.  They're trying to get the cost of Role Manager down, but  MDM is likely to be too expensive.
    • They're looking at how to distribute authentication and other critical servers around the campus.
  • UCOP
    • UCOP is looking at moving to a single repository of identity information.
    • They went live with Connexxus on September 19 and have been running President Yudof's Project Tracker application for a number of months.
    • They have tested their IdP with the SumTotal learning management system, but there is no imminent use right now.
    • They're starting to work on interfacing with AYSO and UC Ready.
    • There was some discussion of the new Enterprise Risk Management (ERM) system.  It appears that funding for its UCTrust interface may be cut.  The group's consensus was that this should not be done if it would increase campus administrative burden to support some other authentication scheme.
  • UCSF
    • UCSF's Tivoli-based identity management system, MyAccess, is up.  Mass deployment will start in late October.
    • They're doing a proof of concept with AYSO and are ready to start Connexxus testing.  There's been some confusion within the Connexxus project of who UCSF should work with for testing.
    • They asked for documentation for SP administrators/developers from other campuses.  It was agreed that campuses would post links to their SP documentation, both policy and technology, on the wiki.  (tick)
  • UCSC
    • UCSC is in the final stages of completing their InCommon membership.  Shibboleth should be up very soon.
    • They decided to deploy a new user name / password pair for this project.  It will be LDAP-based.
    • They're in the middle of evaluating what they need to do for UCTrust certification.  They're using Berkeley's principles.
    • For federated applications, they're focused on UC Ready, the learning management system, and Connexxus.
  •  UCI
    • UCI is reimplementing their identity management system.  It will continue to be a local implementation.
      • This is happening at the same time that they will be adding approximately 50,000 applicants to their old system.
    • They've just implemented Connexxus.
      • There have been some problems of help desk coordination, both within Connexxus and within UCI.
      • The first InCommon contact is the one reported by the default configurations of SP and IdP error pages.
        • Campuses should consider making their first InCommon contact be their help desk.  (tick)
        • Campuses should review their Shibboleth SP and IdP error pages to ensure users are seeing good information.  (tick) ***** Matt Elder will post the list of customizable Shibboleth pages.  (tick)
  • UCLA
    •  
  • No labels