Meeting Notes - 2011-9-29 Conference call

Attendees

(Partial list, please add/edit your names)

Agenda

1. InCommon Silver update
2. HR/PPS update
3. Update on IAM next generation conversations at UCB/UCSF and higher ed open source IAM joint venture - others who would like to participate and how?

InCommon Silver and ITLC update:

The update presented to the ITLC can be found here: https://spaces.ais.ucla.edu/display/uctrustwg/Update+For+ITLC+-+September+2011

This summary page was shared with the ITCL and includes resource estimates. It goes over how we are using the InCommon Silver audit as a replacement for the UC Trust Basic audit that we are all overdue for. Dedra had a conversation with Ann West to re-energize the effort from InCommon to reach out to campuses and federations to see where we are, and how InCommon can help.

As the page states, the CIC schools are targeting the second quarter of next year for their certification attempt. Also, if you are interested in the InterOp testing program mentioned in the update, go to the InCommon website and subscribe to their mailing list.

All the resource estimates are shown on the update page as well. Dedra told the ITLC that this is the amount necessary to get the campuses to InCommon Silver, but not to re-credential people. These estimates also do not include the cost of the actual audit; however, since most of the work is on the Identity Management teams, the total audit cost should not be that high.

UCLA estimate is a total effort and does not include students. our estimate is our total budget. we are not going to be asking for any money; we have funding.
dedra: the idea was to give them an idea of what it will take for our campuses to get to incommon silver. to remind the CIO's that we are all overdue for our uc trust basic, and that the CIO needs to be in touch w/ their identity management lead to see what needs to be done.

resource estimate side: total resource estimate vs resources required - is there asking involved? asking for resources?
ucla has money to do this, anyone else? lbnl will not ask for more money, its part of their identity management strategic plan
ucsc - not money per se, just existing people's time

arlene: what is the meaning of this table? if this is going to be consumed by the existing IT org, then this table is misleading?
dedra: need a new column - for new money needed, vs. existing money

cross institutional audit team - suggested to ITLC lead by carl heinz; definite positive reaction to this idea. endorsed by ITLC (the idea). we shouldn't put this together until we get a couple campuses ready (almost) to certify.

dedra: do anyone have timeline of certification?
albert: does the hR/pps require incommon? because if so then the timeline is jan 2013 for UCLA.
dedra: will they require silver loa?
albert: i would assume they would.
arlene: uc trust basic is loa2, the campuses have the luxury of deciding what they will adhere to.
d: some campuses who are at ucturst basic they might not meet. campus should go through basic audit at minimum. since some might not even meet. for those joining hr/pps - for any campus. but then why not just use incommon silver for the framework?

someone: do audit both ways. silver, when it fails, go against uc trust basic.

d: ask carl to point out differences between silver and basic frameworks so we can know where the differences are?

someone: differences are more in the campuses' assumptions/interpretations. 1/3 of steering committee at ucsc is no longer there. it wasn't an audit, it was just senior management making a decision that their practices match what the requirements should be.

ask hr/ pps to clarify whether or not hr/pps will require incommon silver or basic for hr administrators logging in. us as the uc trust workgroup can ask them , says d.

eric: but the numbers have to be there for us to ask the question so that we can tell them if the answer is yes then UCLA or whoever will have to spend X number of dollars.

berkeley: submitted her proposal for the 156 mil or whatever for certification cost and it has been granted. d will come up w/ project plan within the next month. d asks ucsb - arlene will certify silver but will not offer it as a service to campus yet. d: doing documentation work and submitting to ITLC, will you do it soon? arlene: yes its already done.

d: when should we do this cross campus audit team?

eric: difference between to fill out audit matrix and trying to meet the audit.
arlene: auditors assessment of our own assessment that we've been honest, that's all the audit is.

d: any other campuses ready with documentation for an audit team to review within the next year?
riverside - a year
ucla - next fall
lbnl - at least a year
ucsf - a while
ucberk - next 6-9 months
davis - bob is setting up a workgroup to look at silver, and i believe we are looking starting next year???

d: we're all in the same boat, heavy lifting is documenting what you are doing now; unless its going to change in the next few months. its just a matter of doing what you can to inject some need of our business practices documentation
d: for now, i'll let carl know that it won't be until next spring until we have at least 2 campuses ready for the audit process to get something off the ground. as more campuses go through the audits we'll get more information on how to do this.

HR/PPS update:

Albert's update: tech project manager said - technical part of project started in beginning of sept. oracle holding sessions to collect information. itag members who participated in RFC process flew up and met w/ oracle. their intention is to collect data interfaces form each campus. interface workbook given to each campus. meeting next tues in oakland go through the interfaces. they are scheduling a interview w/ each campus octobert 10 for UCLA. to go through these interfaces.

d: we have identified an IT lead from each campus?
albert: there is supposed to be
d: public now for waves?
a: UCLA, UCM, UCOP, UCSD, UCSC in first wave. Don't remember the other waves. project is treating medical center as separate entity. meeting next week with all campuses present. ucla session will address identity management concerns (for all campuses will have this). as much as possible we want to do this in a coherent and lockstep manner. we want to do this once. not each campus separately w/ oracle??? not a lot of info on how the interface works or looks like but thats what we will find out in the next months.
IT preparation period in the next few months. interface issues, implementation starting in january 2012. rollout for first wave in january 2013.

d: influence the technical design to make our lives easier? any ideas?
a: last weeks' SC, Irvine, Berk, UCOP at last wee'ks meeting. albert was the only UC Trust person there. get in touch with your respective hr/pps tech lead because they are being asked to collect their technical interfaces. your tech lead is going to be from payroll side; they won't necessarily consider the student side or non-employee side of things.

someone: have been asked to provide some documentation, but so far it sounds like the PPS people are thinking they don't need input at this point. to some extent he is worried that we know what data is in the interface today and that's what we do the planning on, but i would rathe rnot build interfaces based on what PPS interfaces look like. there's a lot of data we are familiar with that is not that important in pps but hopefully this new system we have. want to discuss what info is important to identity management, accessmanagemet. my biggest concern is that if we start with what is there, it won't meet the needs of what we need for identity management.

d: mark xianca. have people who are in these meetings report back to the group on the discussions.

a: mark knows that identity management is something we have to tackle together, not as individual campuses. this is why we should look at it from a UC Trust perspective not from a campus perspective. Mark is willing to drop in on the calls whenever we need him to.
d: shared service center at UCOP, will focus on this project. once that position is filled we can work with that person.

oracle: oracle IM, master data management for hr/pps, more generalized use. oracle server suite, available for general campus use. interesting implementation uses for future identity management implementations.

someone: pricing is completely different. OIM - they don't have a sep charge for ldap services.

arlene: oracle universal directory - made available to us??

a: product license hosted at oracle for hr/pps, nothing else

d: general interest of oracle products?
eric: talked about pricing but didn't get a quote. UCSC is rebuilding not with a vendor product. internal campus politics.
arlene: is looking at oracle, might do the same as eric
d: berk come up w/ reference architecture, spoken to people who have used oracle and those who have not. if a lot of us are dealing w/ the Sun IM replacement, there is opportunity for us to partner and share resources to deliver parts of IM systems that we need. as a UC effort or higher ed collaboration. next generation IM solutions - share and leverage resources in a future meeting?

group: sure
d: will organize that convo and has materials that they've been putting together. will put together agenda. we can share info also from oracle so we can negotiate as a group instead of just one campus.
arlene: oracle prices should be the same across the campuses.
d: sp guidance and onboarding - will schedule this as well. sometime in the next 3 weeks or so. will get both of these meeting scheduled.

user facing UI's in java due to limitations of SIM UI Framework. at davis.
d: can share front end components
someone: more piecemeal solution, not sure if ppl will want to use
d: data modeling info - can collaborate on this with other campuses
albert: where does data come from question already came up at the last hr/pps meeting and it will keep coming up. eventually we will have to worry about federated access management.
eric: students make their changes through student system and we consume it but that data doesn't exist in the payroll system. if there is no way to hold it in the pps system then we'll have to hold it externally.
d: separate convo about where data comes from etc.
next call is october 27