Skip to Content

ITPG-IdM Meeting Minutes - 4/18/2012

Printer-friendly versionPrinter-friendly version

Minutes from yesterday's meeting (from memory). Please send corrections my way.

Randall Ehren - OIST
John Goubeaux - Education
Andy Satomi - EVC/Senate
Bruce Miller - Comm Services
Karl Heinz - OIST
Tom Putnam - OIST
Matthew Dunham - OIST
Henry Shavatsky - ASIT
Richard Kip - ECI
Noah Spahn - OIST
Alan Moses - LSIT
Jerry Baltes - IA

- Karl presented the current status of InCommon Silver standards. Much work has been done by the standards group over the past few months and we expect to have a final standard very soon. Included in this work are recommended audit practices for ensuring Silver-level compliance. In related work, InCommon Bronze-level compliance standards were also revised recently.

- Matt presented the proposed policy for adding new Service Providers to our Identity Federation service, which entails an individual at UCSB to act as "sponsor" for any new SP (application). The goal is to have a low-barrier "gatekeeper" process to ensure that the integration work done by the Identity team has sufficient value to UCSB business. Alan suggested we need to address the support requirements around UCTrust and InCommon SPs, and we agreed to discuss this topic at our next meeting. This proposal was approved and the process will be documented on the identity site.

- Matt discussed the progress of the Identity Migrator outreach process. As of 4/18, 1800 individuals have not yet been through the migrator. Getting the lion's share of our non-migrated individuals to step through this process is in the critical path for rolling out new SPs because all federated applications require a "migrated" netid to sign-in. It was agreed that that next step in this process would be a second targeted mailing to these individuals, preceded by a note to CSF so that edge support providers are aware that it's coming.

- The technology to prevent email address harvesting is in place, but the eventual solution will entail a change to the directory.ucsb.edu service to prevent off-campus access. Individuals that use e-mail clients off-campus that are configured to lookup addresses at directory.ucsb.edu will need to change their configuration to ldap.ucsb.edu based on our updated mail client configuration instructions. Once we have agreement from edge support organizations on a transition timeline a sunset date for directory.ucsb.edu off-campus access will be published and communicated accordingly.

- A draft of a new Identity Services SLA was presented for review. We discussed the purpose of the SLA and what it's meant to include and exclude. We ran out of time during this discussion and agreed to follow up at our next meeting