Building Identity Trust Federations Conference Call

February 16, 2011

1) In Attendance

  • Suresh Balakrishnan (University System of Maryland)
  • David Bantz (University of Alaska)
  • Tim Calhoun (California Community Colleges)
  • David Ernst (UCOP)
  • Guy Jones (University System of Maryland – MDREN)
  • Joseph Giroux (California Community Colleges)
  • Keith Hazelton (UW-Madison)
  • George Laskaris (NJ Edge)
  • Benn Oshrin (Internet2)
  • Carol Rapps (UT San Antonio)
  • Mark Scheible (NCSU)
  • Craig Stephenson (UW-Madison)
  • Jack Suess (UMBC)
  • Valerie Vogel (EDUCAUSE)
  • Albert Wu (UCLA)

2) UCTrust: The University of California Identity Management Federation

  • Guest speakers: David Ernst, CIO and Associate Vice President, University of California Office of the President and Albert Wu, Director, Middleware Services, UCLA
  • UCTrust was created by the University of California Information Technology Leadership Council on April 17, 2006 as the basis for a unified identity and access management infrastructure for the University of California system. UCTrust enables authorized campus individuals to use their local campus electronic credential to gain access, as appropriate, to participating services (Resource Providers) throughout the UC system. UCTrust is based on industry standard technologies and a common set of identity attributes and identity management practices. See http://www.ucop.edu/irc/itlc/uctrust/ for more information.
  • UCTrust has made remarkable changes in terms of shared services. These universities are adopting common best business practices so they can share common administrative systems instead of having different general ledgers, procurement systems, etc. This effort may have caught on partly because of recent budget cuts.
  • Last July, the Board of Regents passed a resolution that institutions must follow established best practices when purchasing new systems. They’re about to test this with an RFP for a new HR system.
  • UCTrust consists of identity providers within UC – 10 campuses plus 2 labs. The intent of UCTrust is to have a group of InCommon members addressing issues specific to UC campuses.
  • With the exception of 1 campus, all are currently running Shibboleth as their technology, and they have a number of applications that are Shib-enabled.
  • The challenge now is moving towards shared services. They try to leverage existing accounts (so you wouldn’t have to create a new account for someone from UCSB at UCLA). UCTrust is also working on a number of partial integrations.
  • UCTrust is aiming to have all campuses certified as InCommon Silver by 2013.
  • Federated access management – trying to figure out how to manage access in a federated space (especially in the case of payroll).
  • The campuses use Moodle for their Course Management System. That application is fully integrated with Shib (one of the earliest adopters).
  • Related to InCommon Silver certification, they’re tracking work at NIH since NIH is joining InCommon and adopting Shibboleth.
  • They are discussing how to manage data release effectively. Each campus has a different data release policy, so they may address this on a campus by campus basis.
  • UCTrust hasn’t provided a lot of operational support across the federation.
  • Defining identifiers is an interesting challenge. UC Net ID – applicable to employees only, but there are always exceptions. Now they try not to carve out populations, if possible.
  • UCTrust focuses only on Universities of California. Has there been a discussion of something broader that extends to community colleges, etc.? They’ve always assumed that would be up to InCommon.
  • A presentation developed before the Board of Regents passed the resolution last year noted the amount of money being wasted by not having a more common set of systems. Analysts are pulling specific numbers together for the regents now and they plan to present that in the summer or fall.
    • David would be happy to share this use case when it’s ready. He also offered to share numbers on the HR project in a few months.
  • Links to projects/groups mentioned during this call:

Next Call: March 16