UC Identity Management Conference Call
- 11/17/2004 - Notes
Participants
- Mike Baptista, UCOP
- Jacqueline Craig, UCOP
- Elazar Harel, UCSD
- Bruce James, UCOP
- Gabe Lawrence, UCSD
- Paul Main, UCI
- Brian Roode, UCI
- David Walker, UCOP
- Jerry Wilcox, UCOP
UCTrust Identity Attributes
The latest draft of UCTrust:
Common Identity Attributes was discussed.
- The current definition of UCnetID says that it is a 10-character
field with trailing spaces. It may be better, however, not to put
trailing spaces into our SAML assertions. Everyone was asked to
find out what they have already done. For the campuses, the
question is whether the trailing spaces are in the directory. For
UCFY, the question is whether the trailing spaces are used. Once
we have this input, we'll make a decision.
Current State of Implementation Efforts
- Work progresses on UCFY, under the assumption that users will be
prompted for their UCFY passwords when entering via UCTrust. The
design is such that it would not be too hard to implement a different
process (e.g., prompting for
birth date or zip code) if such a decision were made, although it would
likely impact a December rollout.
- UCSD is ready to go.
- UCI has a number of UCnetID mismatches that need to be resolved
before going live.
- We still need to resolve help desk referral issues and service
metadata sharing. David Walker will get something moving for
those.
- The three campuses were encouraged to start working with their
libraries. UCSD has already started and expects to have something
working around January.
Current Events
- The NSF Middleware Initiative has convened a group to build a
document that will serve as an overall roadmap or framework for
identity management from multiple points of view: policy,
business drivers, and ability to implement, as well as
technology. Jacqueline Craig, David Walker, and Karl Heins of
UC's Internal Audit are members of that group. Its first
conference call was yesterday, but it expects to have a draft document
out by the middle of December.
- Our project was described at last week's meeting of the Academic
Senate's Information Technology and Telecommunications Policy (ITTP)
committee. They were very excited about what we're doing,
particularly with respect to systems that are currently being developed
for members of the Academic Senate.
CIO Conference Call
Our project will be discussed at tomorrow's (11/18/2004) CIO conference
call. The main topic will be the issue of appropriate prompting
for identity information within an application like UCFY after a campus
has authenticated the user. The following are thoughts that were
expressed:
- The decision needs to be made at a high level, higher than the
CIOs - probably Vice Chancellor level. We'll need to develop a
one-page issue paper to present to them.
- The campuses should assume responsibility for failures in the
operation of their identity management infrastructures.
- Perhaps we should implement multiple levels of assurance.
This would allow applications like UCFY to behave differently, based on
each campus's policies, processes, and technology for identity
management. It was felt that somewhere around 2-3 levels would
probably suffice.
Next Call
The next call will be Wednesday, 12/1/2004:
Date
and Time: Wednesday, 12/1/2004, 9:00a-10:00a
Call-in Number: 866-740-1260
Access
Code: 9870500
David
Walker - 11/17/2004