Presentation is loading. Please wait.

Presentation is loading. Please wait.

User Provisioning Project Presented to ITLC September 28, 2010 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary Doyle,

Published byBernice Burns Modified over 9 years ago

Similar presentations

Presentation on theme: "User Provisioning Project Presented to ITLC September 28, 2010 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary Doyle,"— Presentation transcript:

1 User Provisioning Project Presented to ITLC September 28, 2010 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary Doyle, ITAG ITLC Liaison Information Technology Services, UC Santa Cruz

2 Project Team Arlene Allen, UCSB Dede Bruno, UCOP Mary Doyle, UCSC Max Garrick, UCI David Walker, UCD Albert Wu, UCLA

3 Overview The Charge from ITLC What UCTrust does Currently What we are Proposing High-level Design Proposal for Provisioning Resource Assumptions Current status Discussion

4 The Charge from ITLC 1.ITAG should recommend a specific middleware platform/approach to evaluate and pilot 2.ITAG should consider various projects/initiatives that could serve as a pilot for the approach 3.ITAG should present thoughts/observations relating to resources required to complete a successful pilot.

5 What UCTrust Does Now  A Service Provider (SP) specifies the identity attributes it requires.  Identity Providers (IdP) configure their Attribute Release Policies (ARP) for the SP.  At the start of a session, the SP requests attributes from the IdP for the current user. The IdP returns requested attributes that are allowed by the ARP.

6 What Are We Proposing, and How Does it Differ?  UCTrust federates authentication and identity information during a session.  Many applications need information about their users at other times (e.g., Connexxus, SumTotal.)  We propose extending UCTrust to exchange identity information when the user is not online.  This was a pain point for SumTotal and Connexxus, among other UC-wide projects.

7 Proposal for User Provisioning  A Service Provider (SP) specifies the identity attributes it requires and the people it requires those attributes for.  Identity Providers (IdP) configure their Attribute Release Policies (ARP) for the SP. The IdP also defines the group of its community members required by the SP.  At a time determined by the SP, the SP requests all attributes allowed by the ARP.

8 Four Types of Requests  Snapshot  All identity information for all people.  Subscription  Identity information will be transmitted to the application as add, delete, and update transactions on an event-driven basis.  Change Log  All add, delete, and update transactions that have been generated since the last Snapshot, Subscription, or Change Log.  SSO Event  The existing Shibboleth access type.

9 High-Level Design

10 Proposed Project Phases and Tasks Phase 1Detailed Planning – 8 weeks 1.1Staffing/Recruiting 1.2Develop Detailed Project Plan 1.3Develop Detailed Architecture Phase 2Design, Build, Test – Approximately one year 2.1Technology evaluation and selection 2.2Develop Communications Plan 2.3Design and Implement Common IAM Interface 2.4Prepare Product Documentation 2.5Test, QA 2.6Release Product 2.7Pilot Deployment

11 Phases and Tasks, continued….. Phase 3Deployment (~ 9 months done by each UC location) 3.1Implement Group Manager (Grouper) 3.2Implement eduPersonTargetedID 3.3Campus policy, procedure, relationships for brokering requests 3.4Integrate Common IAM Interface with local IAM (Snapshot) 3.5Integrate Common IAM with local IAM (Subscription and Change Log)

12 Resource Assumptions - Roles RoleStaffing (mostly fractions of time TBD) Project Management1 Outreach/Change Management1 Technical Architect/Lead1 Software Development3 Technical Writer/Logistics1 Total7 Campus Deployment Resource (per campus) Each campus will likely require between 1 and 3 FTE during Phase 3 to complete deployment. The number of FTE required will depend on the specific configuration of each campus’s identity management infrastructure.

13 Potential Pilot Projects Addition of UCSB to UCLA Administrative Services ServiceNow.com (if UC-wide Agreement in place)

14 Current Status  The high level design has been vetted with the IT Architecture Group and the UCTrust Work Group.  The proposal is now presented for ITLC consideration and direction to move forward (or not).  Assuming approval, next phase of project will commence in early 2011.

15 Discussion Questions/comments? Is ITLC ready to endorse moving forward with the proposed project?

Download ppt "User Provisioning Project Presented to ITLC September 28, 2010 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary Doyle,"

Similar presentations

Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008.

Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008.
1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.

1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.
<<replace with Customer Logo>>

<<replace with Customer Logo>>
Enterprise Architecture 2014 EAAF as a vehicle for LoA Using EAAF processes to incrementally approach InCommon/UCTrust certification.

Enterprise Architecture 2014 EAAF as a vehicle for LoA Using EAAF processes to incrementally approach InCommon/UCTrust certification.
Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.

Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.
Financial Systems Needs Assessment Project Update Monthly Research Administrators Meeting March 11, 2010.

Financial Systems Needs Assessment Project Update Monthly Research Administrators Meeting March 11, 2010.
John Langsford 13 September 2006 CI Implementation Project.

John Langsford 13 September 2006 CI Implementation Project.
© 2003 Open Mobile Alliance Ltd. All Rights Reserved. Used with the permission of the Open Mobile Alliance Ltd. under the terms as stated in this document.

© 2003 Open Mobile Alliance Ltd. All Rights Reserved. Used with the permission of the Open Mobile Alliance Ltd. under the terms as stated in this document.
Information Technology Architecture Group (ITAG)‏ David Walker Information & Educational Technology University of California, Davis

Information Technology Architecture Group (ITAG)‏ David Walker Information & Educational Technology University of California, Davis
UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.

UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.
SIMI: Secure Identity Management Infrastructure for the CSU A. Michael Berman, Cal Poly Pomona.

SIMI: Secure Identity Management Infrastructure for the CSU A. Michael Berman, Cal Poly Pomona.
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
The Information Technology Architecture Group (ITAG) David Walker, UCD Arlene Allen, UCSB.

The Information Technology Architecture Group (ITAG) David Walker, UCD Arlene Allen, UCSB.
2006 © SWITCH SWITCH Plans for Shibboleth and Grid GGF16 Feb 14, 2006 Christoph Witzig (Thomas Lenggenhager, Valery Tschopp, Placi Flury) SWITCH.

2006 © SWITCH SWITCH Plans for Shibboleth and Grid GGF16 Feb 14, 2006 Christoph Witzig (Thomas Lenggenhager, Valery Tschopp, Placi Flury) SWITCH.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Meeting InCommon Silver Profile Standards at UCD and UCB Bob Ono, UC Davis, Dedra Chamberlin, UC Berkeley, David Walker, UC Davis, Doreen Meyer, UC Davis.

Meeting InCommon Silver Profile Standards at UCD and UCB Bob Ono, UC Davis, Dedra Chamberlin, UC Berkeley, David Walker, UC Davis, Doreen Meyer, UC Davis.
Mapping an Electronic Research Administration System Discussion and Review Points for UC Davis.

Mapping an Electronic Research Administration System Discussion and Review Points for UC Davis.
Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March 3. 2008.

Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March
Shibboleth Case Studies: Shibboleth as the Campus Web SSO Albert Wu, UCLA Datta Mahabalagiri, UCLA.

Shibboleth Case Studies: Shibboleth as the Campus Web SSO Albert Wu, UCLA Datta Mahabalagiri, UCLA.
Release & Deployment ITIL Version 3

Release & Deployment ITIL Version 3

Similar presentations

Ads by Google