Attendees:
Dedra Chamberlin (Facilitator)
Tanya Egloff (Note taker)
Karl Grose
Jen Kramer
Michael Leefers
Jonathon Keller
Brian Koehmstedt
John Bartlett
Adele Guerzon
Arlene Allen
Albert Wu
Warren Leung
Terry Toy
Brian Roode
Dana Watanabe
Roger Phillips
Eric Goodman
Steve Lau
Greg Haverkamp
Jerome McEvoy
Bruce James
Safa Hussain
Tricia Edgerton
Patrick Flannery
Russ Bollens
Curtis Bray
Stephen Abrams
- Dedra Chamberlin: UC Trust As a Service -- link on web page
- Definitions for what UC Trust is as a service provider
- Arlene made a rough draft concept document
- How can we get a commitment of resources for UC Trust to support these goals?
- If you have any comments or updates you would like to discuss with Arlene, before the rough draft is more widely circulated, please feel free to contact her by email her or phone.
Action item: Please review the rough draft and have comments for next call (March 21)
- Eric Goodman: UCPath update
- New go-live date – close to finalizing and announcing date.
- Some IDM interfaces have been delivered; still in test mode.
- Still trying to nail down what “testing” and testing processes at campus level means;
- Two big gaps id’ed by IDM folks:
- Desire/need to capture campus id’s at hire
- Identify when UC Path ids are changed or deleted
- Dedra Chamberlin: Non web-based authentication, especially AD - where are there current needs?
- Currently no good federated tools for non-web-based authentication
- CILogon is one tool
- Moonshot(LBNl has been experimenting with it)
- Federating that identity would be really useful
- Federated with CILogon, but it doesn’t work very well, because it’s clunky and requires too much work on the part of the students.
- UCOP: No immediate need for Moonshot , but Eric Goodman could participate in this project.
- Examples applications that require non-web-based authentication:
- Point and Click: New health services application, managed and hosted by UCB but used by students across UC system (out of Grace Crickett’s group)
- Issue: Need to maintain HIPPAA standards.
- Point and Click: New health services application, managed and hosted by UCB but used by students across UC system (out of Grace Crickett’s group)
- Infrastructure services hosted at UC Berkeley and sold to other UC schools (Windows and Linux VMs, SysAdmin services, Database services). Want to make these services accessible to IT staff at other UC schools.
- Are there any UCs that do not use active directory? It appeared that all did, but not in any kind of unified design. Any given UC school might have multiple instances of AD run by multiple departments.
- When asked if any campus other that UC Berkeley saw this as a high priority issue, no one said yes.
- Action items:
- If you know of any other non-web based, please add to list
- Some services are more easily federated than others. Is this worth a further discussion?
- What are the steps to put together a proposal to get project funding for finding solutions to this issue?
- Does this go through ITLC?
- Where is there already funding for this kind of problem/solution?
- How do we improve channels of communications to ITLC and to UC directors, so we would not be overlooked as a service provider.
- Need a service description to provide to our customers.
- Raise awareness at the UCOP level (through Cathy O’Sullivan / Working Smarter?)
- Define some specific areas where we can help
- Next meeting:
- Review and comment: UC Trust As a Service -- link on web page
- Please remember to fill out and send IdP Security Assessment Survey to Dedra / Stan Lee so he can share the results / gaps etc.
- Another call to talk about inCommon Silver?
- Please send specific agenda items to Dedra or Tanya.