user provisioning project design phase presented to itlc march 24, 2011 david walker, itag co-chair...
DESCRIPTION
Overview Charge from the ITLC Recap of work through September 2010 Actions at September 28, 2010 ITLC meeting Work on design phase Next steps Possible value to shared systems (PPS/HR) DiscussionTRANSCRIPT
![Page 1: User Provisioning Project Design Phase Presented to ITLC March 24, 2011 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary](https://reader034.vdocuments.net/reader034/viewer/2022051200/5a4d1b4f7f8b9ab0599a6e4d/html5/thumbnails/1.jpg)
User Provisioning ProjectDesign Phase
Presented to ITLC March 24, 2011
David Walker, ITAG Co-ChairInformation and Educational Technology, UC Davis
Mary Doyle, ITAG ITLC LiaisonInformation Technology Services, UC Santa Cruz
![Page 2: User Provisioning Project Design Phase Presented to ITLC March 24, 2011 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary](https://reader034.vdocuments.net/reader034/viewer/2022051200/5a4d1b4f7f8b9ab0599a6e4d/html5/thumbnails/2.jpg)
Project TeamDede Bruno, UCOP
Chet Burgess, UCOP
Dedra Chamberlain, UCB
Mary Doyle, UCSC
Datta Mahabalagiri, UCLA
Tony Merriweather, UCLA
Jeff McCullough, UCB
Benn Oshrin, UCB
David Walker, UCD
Albert Wu, UCLA
![Page 3: User Provisioning Project Design Phase Presented to ITLC March 24, 2011 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary](https://reader034.vdocuments.net/reader034/viewer/2022051200/5a4d1b4f7f8b9ab0599a6e4d/html5/thumbnails/3.jpg)
OverviewCharge from the ITLCRecap of work through September 2010Actions at September 28, 2010 ITLC meetingWork on design phaseNext stepsPossible value to shared systems (PPS/HR)Discussion
![Page 4: User Provisioning Project Design Phase Presented to ITLC March 24, 2011 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary](https://reader034.vdocuments.net/reader034/viewer/2022051200/5a4d1b4f7f8b9ab0599a6e4d/html5/thumbnails/4.jpg)
The Charge from ITLC
1. ITAG should recommend a specific middleware platform/approach to evaluate and pilot
2. ITAG should consider various projects/initiatives that could serve as a pilot for the approach
3. ITAG should present thoughts/observations relating to resources required to complete a successful pilot.
![Page 5: User Provisioning Project Design Phase Presented to ITLC March 24, 2011 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary](https://reader034.vdocuments.net/reader034/viewer/2022051200/5a4d1b4f7f8b9ab0599a6e4d/html5/thumbnails/5.jpg)
ITLC Meeting September 28, 2010Recap of work through September 2010Approval to begin work on design phaseFurther work approval contingent on design plan to be
complete in early 2012 (or accelerated depending on PPS/HRIS interface)
Allocation of up to $30k fundingFunding plan proposal needed
![Page 6: User Provisioning Project Design Phase Presented to ITLC March 24, 2011 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary](https://reader034.vdocuments.net/reader034/viewer/2022051200/5a4d1b4f7f8b9ab0599a6e4d/html5/thumbnails/6.jpg)
Work Through September 2010
High level design Roadmap for future phases Potential use cases
![Page 7: User Provisioning Project Design Phase Presented to ITLC March 24, 2011 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary](https://reader034.vdocuments.net/reader034/viewer/2022051200/5a4d1b4f7f8b9ab0599a6e4d/html5/thumbnails/7.jpg)
Proposal for User Provisioning A Service Provider (SP) specifies the identity attributes it
requires and the people it requires those attributes for. Identity Providers (IdP) configure their Attribute Release
Policies (ARP) for the SP. The IdP also defines the group of its community members required by the SP.
At a time determined by the SP, the SP requests all attributes allowed by the ARP.
![Page 8: User Provisioning Project Design Phase Presented to ITLC March 24, 2011 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary](https://reader034.vdocuments.net/reader034/viewer/2022051200/5a4d1b4f7f8b9ab0599a6e4d/html5/thumbnails/8.jpg)
High-Level Design
![Page 9: User Provisioning Project Design Phase Presented to ITLC March 24, 2011 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary](https://reader034.vdocuments.net/reader034/viewer/2022051200/5a4d1b4f7f8b9ab0599a6e4d/html5/thumbnails/9.jpg)
Proposed Project Phases and Tasks
Phase 1Detailed Planning – 16 weeks*
commencing January 28, 2011 and completed April 30, 2011
1.1 Staffing/Recruiting1.2 Develop Detailed Project Plan1.3 Develop Detailed Architecture
(*timing adjusted to reflect actual duration estimates as of March 17, 2011)
![Page 10: User Provisioning Project Design Phase Presented to ITLC March 24, 2011 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary](https://reader034.vdocuments.net/reader034/viewer/2022051200/5a4d1b4f7f8b9ab0599a6e4d/html5/thumbnails/10.jpg)
Phases and Tasks continued….Phase 2
Design, Build, Test – Approximately one year
2.1 Technology evaluation and selection2.2 Develop Communications Plan
2.3 Design and Implement Common IAM Interface2.4 Prepare Product Documentation2.5 Test, QA2.6 Release Product2.7 Pilot Deployment
![Page 11: User Provisioning Project Design Phase Presented to ITLC March 24, 2011 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary](https://reader034.vdocuments.net/reader034/viewer/2022051200/5a4d1b4f7f8b9ab0599a6e4d/html5/thumbnails/11.jpg)
Phases and Tasks, continued…..
Phase 3Deployment (~ 9 months done by each UC location)
3.1 Implement Group Manager (Grouper)3.2 Implement eduPersonTargetedID3.3 Campus policy, procedure, relationships for
brokering requests3.4 Integrate Common IAM Interface with local
IAM (Snapshot)3.5 Integrate Common IAM with local IAM
(Subscription and Change Log)
![Page 12: User Provisioning Project Design Phase Presented to ITLC March 24, 2011 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary](https://reader034.vdocuments.net/reader034/viewer/2022051200/5a4d1b4f7f8b9ab0599a6e4d/html5/thumbnails/12.jpg)
Design Phase Kick-off meeting @ UCOP January 28th Create conceptual design Create component diagram Create use case diagram Complete detailed design – end of April Review of design – early May Request approval to move forward at May ITLC meeting
![Page 13: User Provisioning Project Design Phase Presented to ITLC March 24, 2011 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary](https://reader034.vdocuments.net/reader034/viewer/2022051200/5a4d1b4f7f8b9ab0599a6e4d/html5/thumbnails/13.jpg)
Conceptual Design
![Page 14: User Provisioning Project Design Phase Presented to ITLC March 24, 2011 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary](https://reader034.vdocuments.net/reader034/viewer/2022051200/5a4d1b4f7f8b9ab0599a6e4d/html5/thumbnails/14.jpg)
Component Diagram
![Page 15: User Provisioning Project Design Phase Presented to ITLC March 24, 2011 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary](https://reader034.vdocuments.net/reader034/viewer/2022051200/5a4d1b4f7f8b9ab0599a6e4d/html5/thumbnails/15.jpg)
Use Case Diagram
![Page 16: User Provisioning Project Design Phase Presented to ITLC March 24, 2011 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary](https://reader034.vdocuments.net/reader034/viewer/2022051200/5a4d1b4f7f8b9ab0599a6e4d/html5/thumbnails/16.jpg)
Next Steps
• Gain understanding of similar work occurring outside UC through consultation with non-UC IdM resources to validate approach and finalize design
• Complete detailed design• Continue to conduct bi-weekly check-ins• Explore potential relationship to PPS/HRIS project
needs
![Page 17: User Provisioning Project Design Phase Presented to ITLC March 24, 2011 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary](https://reader034.vdocuments.net/reader034/viewer/2022051200/5a4d1b4f7f8b9ab0599a6e4d/html5/thumbnails/17.jpg)
Funding Proposal
Travel reimbursement for in-person meetings
January 28, 2011
next meeting TBD
![Page 18: User Provisioning Project Design Phase Presented to ITLC March 24, 2011 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary](https://reader034.vdocuments.net/reader034/viewer/2022051200/5a4d1b4f7f8b9ab0599a6e4d/html5/thumbnails/18.jpg)
Can User Provisioning Support PPS/HRIS?
With the release of the PPS/HRIS rfp and the impending selection of a vendor, depending on the winning proposal, is there an opportunity to leverage the work of the user provisioning project in the PPS/HRIS project?
![Page 19: User Provisioning Project Design Phase Presented to ITLC March 24, 2011 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary](https://reader034.vdocuments.net/reader034/viewer/2022051200/5a4d1b4f7f8b9ab0599a6e4d/html5/thumbnails/19.jpg)
Discussion
• Questions/comments?
![Page 20: User Provisioning Project Design Phase Presented to ITLC March 24, 2011 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary](https://reader034.vdocuments.net/reader034/viewer/2022051200/5a4d1b4f7f8b9ab0599a6e4d/html5/thumbnails/20.jpg)
UCTrust StatusPresented to ITLC March 24,
2011
David Walker, UCTrust Work Group Co-ChairUC Davis
Dedra Chamberlin, UCTrust Work Group Co-ChairUC Berkeley
![Page 21: User Provisioning Project Design Phase Presented to ITLC March 24, 2011 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary](https://reader034.vdocuments.net/reader034/viewer/2022051200/5a4d1b4f7f8b9ab0599a6e4d/html5/thumbnails/21.jpg)
Current State UCTrust Basic certifications
All campuses, plus LBNL and UCOP, except... UCSB very soon
Current UCTrust Work Group Activities Assessment of InCommon Silver with UCITPS
Interoperability with UCTrust Basic Single certification process
Next generation campus IAM software components
The user provisioning project
![Page 22: User Provisioning Project Design Phase Presented to ITLC March 24, 2011 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary](https://reader034.vdocuments.net/reader034/viewer/2022051200/5a4d1b4f7f8b9ab0599a6e4d/html5/thumbnails/22.jpg)
Potential 2011 UCTrust Activities
Required by user provisioning project Group management TargetedID
User-controlled attribute release Administration of virtual organizations Guidance for service providers
Useful attributes and identifiers Determination of required level of assurance When should an application be federated?