IT Services will migrate spaces.ais.ucla.edu content to the Atlassian Confluence Cloud. Spaces will be in read-only mode after June 22nd.
UCTrust Workgroup
Child pages
  • Meeting Notes - 2011-09-29 Conference call

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Meeting Notes - 2011-9-29 Conference call

Attendees

(Partial list, please add/edit your names)

Curtis Bray, UCD
Andrew Tristan, UCR
Bob Ono, UCD

Dedra Chamberlin, UCB
Eric Goodman, UCSC
Arlene Allen, UCSB

Celia Cheung, UCLA (scribe)
Albert Wu, UCLA
John Kamminga, UCM

Brian Roode, UCI
Stephen Hock, UCR
Greg, LBNL

Agenda

  1. InCommon Silver update
  2. HR/PPS update
  3. Update on IAM next generation conversations at UCB/UCSF and higher ed open source IAM joint venture - others who would like to participate and how?

InCommon Silver and ITLC update:

  • This summary page was shared with the ITCL and includes resource estimates. It goes over how we are using the InCommon Silver audit as a replacement for the UC Trust Basic audit that we are all overdue for. Dedra had a conversation with Ann West to re-energize the effort from InCommon to reach out to campuses and federations to see where we are, and how InCommon can help.
  • As the page states, the CIC schools are targeting the second quarter of next year for their certification attempt. Also, if you are interested in the InterOp testing program mentioned in the update, go to the InCommon website and subscribe to their mailing list.
  • All the resource estimates are shown on the update page as well. Dedra told the ITLC that this is the amount necessary to get the campuses to InCommon Silver, but not to re-credential people. These estimates also do not include the cost of the actual audit; however, since most of the work is on the Identity Management teams, the total audit cost should not be that high.
  • As a side note, the UCLA estimate is a total effort and does not include students. They will not be asking for any money because they already have the funding to cover the estimated costs.
  • Dedra notes that she will add a column to this table to differentiate between money that will have to be asked for versus existing money.
  • LBNL also says that they will not ask for more money, since this is already part of their Identity Management strategic plan.
    UCSC notes that it's not money per se, just asking for existing people's time.
  • A cross institutional audit team was suggested to ITLC, to be lead by Karl Heins; ITLC was in agreement of this idea. However, we probably won't put together this team until we have at least a couple campuses that are ready to certify.
  • Dedra asks the group if anyone has a timeline of certification. Albert responds that if HR/PPS requires InCommon Silver, then the timeline will be January 2013 for UCLA.
  • Dedra brings up the point that for some of those joining the HR/PPS may not even meet the UC Trust Basic standards, so perhaps those campuses should go through the Basic audit at minimum. But in that case, why not just use the InCommon Silver for the audit framework? A response suggest that we do the audit both ways; use Silver, but where it fails, use Basic.
  • Dedra mentions that we can ask Karl to point out the differences between the Silver and Basic frameworks so we can know what they are. At the very least, we ast the UC Trust Workgroup can ask HR/PPS to clarify whether or not the system will require InCommon Silver for the HR administrators logging in. Eric points out that in order for us to even ask this question, the numbers have to be there so that we can tell them if the answer is yes, then each campus will have to spend X number of dollars to meet this requirement.
  • UC Berkeley has submitted the proposal for the certification costs and it has been granted. They will come up with a project plan within the next month.
  • Dedra asks the campuses what their timelines are for being ready with documentation for an audit team to review; the responses are:
    • UCR: one year
    • UCLA: next Fall
    • LBNL: at least one year
    • UCSF: at least one year
    • UCB: within 6-9 months
    • UCD: starting next year
  • Dedra says that we can all start documenting our business processes, and for now she will let Karl know that it won't be until next Spring at the earliest when we will have at least two campuses ready for the audit process and for us to get something off the ground. As more campuses start going through the audits, we will gain more knowledge and information on how to go through this process.

HR/PPS update:

  • Albert give an update from Mark, the technical project manager on this effort. The project started in the beginning of September, and Oracle is holding session to collect information. ITAG members who participated in the RFC process flew up to meet with Oracle. Their intention is to collect data interfaces from each campus, and interface workbooks have already been given to each campus. There is a meeting scheduled for next Tuesday to go through these interfaces. They will be scheduling day-long meetings with individual campuses to go through the interfaces.
  • At the moment, the first wave for the HR/PPS system will be UCLA, UCM, UCOP, UCSD, and UCSC. The project is treating the medical center as a seperate entity. The meetings to come will address identity management concerns for all campuses. We want to do this process as a whole unit, instead of individual campuses. Over the next few months, this will be our IT preparation period. Implementation will start in January 2012. The rollout for the first wave will be in January 2013.
  • Albert suggests we get in touch with your respective HR/PPS technical leads because they are being asked to collect their technical interfaces. Your technical lead is going to be from payroll side; they won't necessarily consider the student side or non-employee side of things.
  • Someone else points out that although we have been asked to provide some documentation, so far it sounds like the PPS people are thinking they don't need input at this point. To some extent, it is worrisome that we know what data is in the interface today and that's what we do the planning on, but it would be better to not build interfaces based on what PPS interfaces look like currently. There is a lot of data we are familiar with that is not that important in PPS, but hopefully this new system will include this data. We need to discuss what data is important to identity and access management; the biggest concern is that if we start with what is there, it will not meet the needs of what we need for identity management.
  • Dedra suggests for the people who are in these meetings to report back to the rest of the group..
  • Albert mentios that Mark knows that identity management is something we have to tackle together, not as individual campuses. This is why we should look at it from a UC Trust perspective not from a campus perspective. Mark is willing to drop in on the calls whenever we need him to.

d: shared service center at UCOP, will focus on this project. once that position is filled we can work with that person.

oracle: oracle IM, master data management for hr/pps, more generalized use. oracle server suite, available for general campus use. interesting implementation uses for future identity management implementations.

someone: pricing is completely different. OIM - they don't have a sep charge for ldap services.

arlene: oracle universal directory - made available to us??

a: product license hosted at oracle for hr/pps, nothing else

d: general interest of oracle products?
eric: talked about pricing but didn't get a quote. UCSC is rebuilding not with a vendor product. internal campus politics.
arlene: is looking at oracle, might do the same as eric
d: berk come up w/ reference architecture, spoken to people who have used oracle and those who have not. if a lot of us are dealing w/ the Sun IM replacement, there is opportunity for us to partner and share resources to deliver parts of IM systems that we need. as a UC effort or higher ed collaboration. next generation IM solutions - share and leverage resources in a future meeting?

group: sure
d: will organize that convo and has materials that they've been putting together. will put together agenda. we can share info also from oracle so we can negotiate as a group instead of just one campus.
arlene: oracle prices should be the same across the campuses.
d: sp guidance and onboarding - will schedule this as well. sometime in the next 3 weeks or so. will get both of these meeting scheduled.

user facing UI's in java due to limitations of SIM UI Framework. at davis.
d: can share front end components
someone: more piecemeal solution, not sure if ppl will want to use
d: data modeling info - can collaborate on this with other campuses
albert: where does data come from question already came up at the last hr/pps meeting and it will keep coming up. eventually we will have to worry about federated access management.
eric: students make their changes through student system and we consume it but that data doesn't exist in the payroll system. if there is no way to hold it in the pps system then we'll have to hold it externally.
d: separate convo about where data comes from etc.
next call is october 27

  • No labels