- DRAFT -
UC Identity Management Project
Deliverables
This document is the end-product of Phase I of UC's federated Identity
Management project. It describes what the project will
deliver. While a detailed schedule will be determined in Phase
II, completion is expected in the August, 2004 time frame.
The overall objective of this project is to enable members of UC campus
communities (initially, UCSD, UCI, and UCLA) to access UC For Yourself
(UCFY) and Your Benefits Online (YBO) through
the use of
their local campus login systems. The project will also create
the infrastructure needed to access CDL-licensed resources through the
use of campus login systems, when the vendors for those resources have
implemented Shibboleth. More specifically, the project
will deliver:
- Business criteria governing the use of campus identity
management and authentiction infrastructures by system-wide
services. This will include the distinction between business
and personal use of the campus logins.
- Standards governing the definition, release and appropriate use
of a
set of attributes that may be released from campus identity management
systems to system-wide services.
- An initial set of attributes that will be released to UCFY/YBO
and the CDL's content vendors.
- Technology selection to support federated identity management
within UC. [This has already been determined to be Shibboleth.]
- Integration of Shibboleth "origins" into the identity management
infrastructures at UCLA, UCI, and UCSD.
- Integration of a Shibboleth "target" into UCFY, which bridges
user identity information to YBO.
- Coordination with CDL vendors as they implement Shibboleth
"targets" into their services.
- A support plan that recognizes shared responsibilities between
UCOP's support for UCFY and YBO, as well as the campuses' support for
their authentication infrastructures.
- A production system that provides employees at UCI, UCSD, and
UCLA with access to UCFY and YBO through the use of their respective
campus authentication infrastructures.
Rollout will be phased. We will introduce services to different
communities of users on schedules that match the needs (and capacity
for change) of the services and the services' users.
Division of Labor
The following are links to each of the sub-projects that will be
completed as part of this overall effort.
- Integration of Shibboleth origins into campus identity management
infrastructures
- UCI (Marina Arseniev, Brian Roode)
- UCLA (Don Worth, Albert Wu)
- UCSD (Elazar Harel, Gabe Lawrence)
- Integration of a Shibboleth target into UCFY/YBO
- UCOP (Kalpa Barman, Mitesh Kini)
- Relevant policy criteria and relationship with InCommon
- UCOP (Mike Baptista, Jacqueline Craig, David Wasley)