Meeting Notes - 2011-9-29 Conference call

Attendees

(Partial list, please add/edit your names)

Agenda

1. InCommon Silver update
2. HR/PPS update
3. Update on IAM next generation conversations at UCB/UCSF and higher ed open source IAM joint venture - others who would like to participate and how?

InCommon Silver and ITLC update:

The update presented to the ITLC can be found here: https://spaces.ais.ucla.edu/display/uctrustwg/Update+For+ITLC+-+September+2011

This summary page was shared with the ITCL and includes resource estimates. It goes over how we are using the InCommon Silver audit as a replacement for the UC Trust Basic audit that we are all overdue for. Dedra had a conversation with Ann West to re-energize the effort from InCommon to reach out to campuses and federations to see where we are, and how InCommon can help.

As the page states, the CIC schools are targeting the second quarter of next year for their certification attempt. Also, if you are interested in the InterOp testing program mentioned in the update, go to the InCommon website and subscribe to their mailing list.

All the resource estimates are shown on the update page as well. Dedra told the ITLC that this is the amount necessary to get the campuses to InCommon Silver, but not to re-credential people. These estimates also do not include the cost of the actual audit; however, since most of the work is on the Identity Management teams, the total audit cost should not be that high.

As a side note, the UCLA estimate is a total effort and does not include students. They will not be asking for any money because they already have the funding to cover the estimated costs.

Dedra notes that she will add a column to this table to differentiate between money that will have to be asked for versus existing money.

LBNL also says that they will not ask for more money, since this is already part of their Identity Management strategic plan.
UCSC notes that it's not money per se, just asking for existing people's time.

A cross institutional audit team was suggested to ITLC, to be lead by Karl Heins; ITLC was in agreement of this idea. However, we probably won't put together this team until we have at least a couple campuses that are ready to certify.

Dedra asks the group if anyone has a timeline of certification. Albert responds that if HR/PPS requires InCommon Silver, then the timeline will be January 2013 for UCLA.

Dedra brings up the point that for some of those joining the HR/PPS may not even meet the UC Trust Basic standards, so perhaps those campuses should go through the Basic audit at minimum. But in that case, why not just use the InCommon Silver for the audit framework? A response suggest that we do the audit both ways; use Silver, but where it fails, use Basic.

Dedra mentions that we can ask Karl to point out the differences between the Silver and Basic frameworks so we can know what they are. At the very least, we ast the UC Trust Workgroup can ask HR/PPS to clarify whether or not the system will require InCommon Silver for the HR administrators logging in. Eric points out that in order for us to even ask this question, the numbers have to be there so that we can tell them if the answer is yes, then each campus will have to spend X number of dollars to meet this requirement.

UC Berkeley has submitted the proposal for the certification costs and it has been granted. They will come up with a project plan within the next month.

Dedra asks the campuses what their timelines are for being ready with documentation for an audit team to review; the responses are:

UCR: one year
UCLA: next Fall
LBNL: at least one year
UCSF: at least one year
UCB: within 6-9 months
UCD: starting next year

Dedra says that we can all start documenting our business processes, and for now she will let Karl know that it won't be until next Spring at the earliest when we will have at least two campuses ready for the audit process and for us to get something off the ground. As more campuses start going through the audits, we will gain more knowledge and information on how to go through this process.

HR/PPS update:

Albert's update: tech project manager said - technical part of project started in beginning of sept. oracle holding sessions to collect information. itag members who participated in RFC process flew up and met w/ oracle. their intention is to collect data interfaces form each campus. interface workbook given to each campus. meeting next tues in oakland go through the interfaces. they are scheduling a interview w/ each campus octobert 10 for UCLA. to go through these interfaces.

d: we have identified an IT lead from each campus?
albert: there is supposed to be
d: public now for waves?
a: UCLA, UCM, UCOP, UCSD, UCSC in first wave. Don't remember the other waves. project is treating medical center as separate entity. meeting next week with all campuses present. ucla session will address identity management concerns (for all campuses will have this). as much as possible we want to do this in a coherent and lockstep manner. we want to do this once. not each campus separately w/ oracle??? not a lot of info on how the interface works or looks like but thats what we will find out in the next months.
IT preparation period in the next few months. interface issues, implementation starting in january 2012. rollout for first wave in january 2013.

d: influence the technical design to make our lives easier? any ideas?
a: last weeks' SC, Irvine, Berk, UCOP at last wee'ks meeting. albert was the only UC Trust person there. get in touch with your respective hr/pps tech lead because they are being asked to collect their technical interfaces. your tech lead is going to be from payroll side; they won't necessarily consider the student side or non-employee side of things.

someone: have been asked to provide some documentation, but so far it sounds like the PPS people are thinking they don't need input at this point. to some extent he is worried that we know what data is in the interface today and that's what we do the planning on, but i would rathe rnot build interfaces based on what PPS interfaces look like. there's a lot of data we are familiar with that is not that important in pps but hopefully this new system we have. want to discuss what info is important to identity management, accessmanagemet. my biggest concern is that if we start with what is there, it won't meet the needs of what we need for identity management.

d: mark xianca. have people who are in these meetings report back to the group on the discussions.

a: mark knows that identity management is something we have to tackle together, not as individual campuses. this is why we should look at it from a UC Trust perspective not from a campus perspective. Mark is willing to drop in on the calls whenever we need him to.
d: shared service center at UCOP, will focus on this project. once that position is filled we can work with that person.

oracle: oracle IM, master data management for hr/pps, more generalized use. oracle server suite, available for general campus use. interesting implementation uses for future identity management implementations.

someone: pricing is completely different. OIM - they don't have a sep charge for ldap services.

arlene: oracle universal directory - made available to us??

a: product license hosted at oracle for hr/pps, nothing else

d: general interest of oracle products?
eric: talked about pricing but didn't get a quote. UCSC is rebuilding not with a vendor product. internal campus politics.
arlene: is looking at oracle, might do the same as eric
d: berk come up w/ reference architecture, spoken to people who have used oracle and those who have not. if a lot of us are dealing w/ the Sun IM replacement, there is opportunity for us to partner and share resources to deliver parts of IM systems that we need. as a UC effort or higher ed collaboration. next generation IM solutions - share and leverage resources in a future meeting?

group: sure
d: will organize that convo and has materials that they've been putting together. will put together agenda. we can share info also from oracle so we can negotiate as a group instead of just one campus.
arlene: oracle prices should be the same across the campuses.
d: sp guidance and onboarding - will schedule this as well. sometime in the next 3 weeks or so. will get both of these meeting scheduled.

user facing UI's in java due to limitations of SIM UI Framework. at davis.
d: can share front end components
someone: more piecemeal solution, not sure if ppl will want to use
d: data modeling info - can collaborate on this with other campuses
albert: where does data come from question already came up at the last hr/pps meeting and it will keep coming up. eventually we will have to worry about federated access management.
eric: students make their changes through student system and we consume it but that data doesn't exist in the payroll system. if there is no way to hold it in the pps system then we'll have to hold it externally.
d: separate convo about where data comes from etc.
next call is october 27