Rationale/Purpose for InCommon Silver Certification Effort
- InCommon Silver as replacement for UC Trust basic audit
- Upcoming requirement for federated login to NIH Grant Submission, CILogon, National Student Clearinghouse
State of InCommon Silver Assurance in Higher Ed
- CIC schools targeted second quarter of next year for certification attempt
- InCommon managing an InterOp testing program with 3 IdPs (University of Florida, Virginia Tech, and UW-Milaukee) and 1 SP (CILogon) to provide implementation guidelines for campuses attempting certification
UC Resource Estimate Assumptions
- For campuses who submitted hours estimates, the dollar estimates below are based on a rate of $80/hour.
- Includes the cost of bringing existing systems into compliance with InCommon Silver. Assumes that existing account holders will not have to be re-credentialed
- Covers the costs of InCommon Silver compliance for all campus members who might log in to AYSO (with the exception of UCLA, which includes students)
- Estimates do not include the cost of engaging audit staff
Campus |
Resource Estimate |
Notes |
---|---|---|
LBNL |
$64,000 |
|
UCB |
$166,000 |
|
UCD |
|
Pending |
UCI |
$80,000 |
Plus cost for two-factor |
UCLA |
$359,800 |
Includes students |
UCM |
|
Pending |
UCOP |
$47,000 |
Plus $14,000 annual |
UCSB |
$0 |
New system design includes InCommon Silver, no new resources |
UCSC |
$51,000 - $ 160,000 |
Range from optimistic to pessimistic |
UCSD |
$304,000 - $470,000 |
|
UCSF |
$200,000 |
|
UCR |
$96,000 |
|
Recommendations
- Waive UC Trust Basic audit requirement for minimum one more year
- Create audit team comprised of representatives from 3-5 campuses (Karl Heins has volunteered to chair this group)
- Identify three campuses to begin audit process sometime before June 2012 (UC Trust workgroup agreed we should use the InCommon Silver audit framework even if we thought an audit might fail in the first round, given that the assurance framework is still new and no campus has yet tested it. We need an actual review to help tease out compliance issues).
- Set timelines for putting together audit team beginning January 2012 and conducting first 1-3 audits beginning March 2012