UC Identity Management Conference Call
- 6/2/2004 - Notes
Participants
- Jacqueline Craig, UCOP
- Elazar Harel, UCSD
- Bruce James, UCOP
- Gabe Lawrence, UCSD
- Datta Mahabalagiri, UCLA
- Brian Roode, UCI
- David Walker, UCOP
- Jerry Wilcox, UCOP
[The call started late at 9:15, due to confusion over the conference
call administration.]
Responses to the Federated Identity Management Criteria Questionaire
- Responses have be submitted from UCSD and UCLA. UCI was
publicly shamed.
- David Walker mentioned that the responses were a little weak on
the initial identitification process. We need to flesh that out,
but it turns out that the federal Justice Department's "I-9" hiring
requirements provide a lot of structure that we can use. (In
particular, the I-9 form lists acceptable forms of personal
identification, both for US citizens and for non-citizens.) Jerry
Wilcox will research the University's guidelines for implementing the
I-9 requirements.
- David Wasley asked UCSD about the people they call
"affiliates." Basically, the requirement to become a UCSD
"affiliate" is that some department sponsors them as someone who has a
non-employee, non-student relationship with UCSD.
- David Walker observed that identity management will probably be
different for different types of affiliation in the eduPerson context
(eduPersonAffiliation - e.g.,
student, staff, faculty). We should recognize that as we develop
policy and practice for identity management.
- David Wasley asked if the set of questions were reasonable, since
he is also working with InCommon for the development of their
questions. People will send their comments to (that) David.
Status of InCommon and Certificate Authorities
- InCommon is on track. David Wasley will see if we can get
server certificates from them ahead of that schedule. If not, we
will use HEPKI certificates for our testing.
Review of the Project Schedule
- Due to lack of time, David Walker will distribute a draft
revision of the project schedule via electronic mail later today, and
project members will send corrections by the end of the week (6/4/2004).
Other Issues
- UCLA is going to the Shibboleth CAMP (June 28-30); UCI is
considering it.
- Everyone is looking at using Shibboleth 1.2 for this project.
- There was discussion of whether eduPersonAffiliation should be
one
of the attributes passed to UCFY/YBO, as it would provide more
information for debugging. The consensus was that the extra
information would not help in many cases, and that we should maintain
our minimalist approach and not includeeduPersonAffiliation.
- There was discussion of how we will diagnose problems and user
confusion when they occur. We'll need to flesh this out, but one
component of this might be to allow campuses to pass URLs of error
screens to UCFY.
Our Next Meeting
- The next conference call will be at 9:00a on June 16, 2004.
David
Walker - 6/2/2004