Skip to Content

ITPG Meeting 2009-11-19

Printer-friendly versionPrinter-friendly version
Date and Time: 
November 19, 2009 - 9:00am - 11:00am
Location: 
Cheadle 5123
Agenda: 

Administrative Items

  1. Minutes of October 15 meeting posted on 11/2/09

Informational Items

  1. Member Announcements
  2. CIO Report - Tom Putnam
  3. CISO Report - Karl Heins
  4. Subcommittee Reports
    1. Backbone Engineering Group (BEG)
    2. Security Working Group (SEC-WG)
    3. Web Standards and Content Working Group (WSG)
    4. ITPG Communications
    5. Calendaring Survey
  5. Liaison Reports
    1. Information Technology Board (ITB) – Bruce Miller
    2. Academic Technology Planning Group (ATPG) - Alan Moses
    3. Enterprise Information Systems Planning Group (EISPG) -Deborah Scott
    4. Cyber Infrastructure

Action Items

  1. Meeting schedule going forward

Discussion Items

  1. Campus Directory/Identity/Authentication Update/Issues – Arlene Allen
  2. ITPG/IT Collaboration Web Site – Communications Subcommittee

Call for Agenda Items

Notes: 

Present: John Ajao, Arlene Allen, Jeffrey Barteet, Sean Bennett, David Bosso, Polly Bustillos, Michael Colee, Saturnino Doctor, Mark Dotson, Ann Dundon, Matthew Dunham, Randall Ehren, Chuck Haines, Karl Heins, Aaron Martin, Elise Meyer, Steve Miley, Bruce Miller, Alan Moses, Mike Oliva, Josh Preston, Tom Putnam, Hank Ratzesberger, Fuzzy Rogers, Andy Satomi, Glenn Schiferl, Kevin Schmidt, Chris Sneathen, Heidi Straub, Chas Thompson, Colin Thompson, Don Voita, Jim Woods.

Administrative Items

Minutes of the October 15, 2009 ITPG meeting, posted on 11/2/09, were approved.

Informational Items

Institutional Advancement (Polly Bustillos): They are in the process of moving all servers from HRC to North Hall and people to Phelps.

ICESS & Crustal Studies (Mike Colee): Typical.

L&SIT (Chas Thompson): They are still trying to get moved into SSMS while parts of it remain under construction.

L&SIT (David Bosso): They have a one-ton cooling fan available to a good home.

Mathematics (Fuzzy Rogers): They are beginning the formal push to involve both ABOG and the Faculty Legislature to get course evaluations online. Campus-wide, this represents 300,000 pieces of paper per year. Will this replace ESCI? No, these can still be scanned and would be easy to put online compared to course evaluations. Who is in charge of this decision? The Academic Senate (Undergraduate Council)?

MRL (Jeffrey Barteet): Just below the crisis level.

Instructional Development (Sean Bennett): ID did a pilot podcast using the latest version of Podcast Producer for the Web Standards Group's November training workshop. ID has developed their delivery and pricing structure for podcasting. ID is holding a meeting regarding how to get ESCI data online as part of the green initiatives. One proposal (Math’s or ID’s ?) is that you must fill out a course evaluation before you can see your grades. This is both a technology and pedagogy issue. Student Affairs currently displays grades as they show up. George Michaels needs to be involved in this discussion. [George Michaels subsequently provided further information, which will be forwarded to the ITPG.]

Communications Services (Bruce Miller): They are updating their VOIP paper, which is currently 2-3 years old. He may ask current VOIP users, Glenn (Physics) and others, to give a presentation to the ITPG.

L&SIT (Alan Moses): Alan is still working on the L&S Instructional Technology Enhancement Initiative fee.

Instructional Computing (Steve Miley): This quarter GauchoSpace has more than 600 courses, with more than 35% of student enrollment. Things are being used that were not used before, so instructors need more support. They are learning about features, and adding enhancements for bulk uploads and downloads of assignments, e.g., bio scantron or documents. There are 366 course waiting lists for winter quarter, and they are finding lots of edge cases. For example, courses are getting cancelled and they are not getting that data from SA, or they are missing data items. Someone asked whether our enhancements get pushed to open source, and the answer is no, they stay proprietary at UCSB. One needs to work through UC legal group to contribute back to the open source effort. They would also need to improve their code first. UCLA does contribute.

Office of Information Technology (Elise Meyer): The OIT is continuing to work to bring up the Radio Link connecting New West Campus to the campus data backbone network. A group of units who will be occupying the North Hall Data Center during the construction project have begun meeting to coordinate their needs. The RUAC proposal will be submitted to the Income & Recharge Committee this Friday.

CIO Report – Tom Putnam

Tom Putnam and Alan Moses have been participating in a faculty-led ad hoc committee regarding online courses. These faculty are primarily interested in "blended" instruction that supplements classroom learning, but the discussion extends to the potential for full courses. A UC committee report says online courses might save the university money and/or improve education. There is a proposal for UCOP to fund some pilot projects. There may be other people on campus working toward the same end. If you have faculty working on this, contact either Tom or Alan for coordination. (Carol Genetti will be contacting faculty.) Online learning is different from course management, but there is a possibility that access control could come from the CMS. This is a UC-wide Academic Senate initiative which is at the formative, pre-proposal stage. Steve’s take on the project is that the big effort would be on authoring tools to develop the content.

CISO Report – Karl Heins

Karl is going through the risk assessment process with departments that have restricted information. Our submission is due to UCOP by the end of January 2010. These will be aggregated to present campuses posture and then aggregated for the Regents. One department’s information has come back. He is going through the sensitive data inventory to identify contacts. Please contact him if you have SSN, Protected Health Information, or Credit Card data in use in your department.

Karl is developing security training for staff. It is almost ready to roll out via the UC Learning Center, which was upgraded to a new version on November 18. The training will start with one department to test it to see if it makes sense and works. It consists of a slide presentation with an audio track and tests. The Learning Center tracks who takes it and when they take it. The target audience is staff, so it is fairly general. It addresses desktop issues, anyone handling sensitive information, and non-technical staff. Is there any motivation to get people to do it? Currently, no. However the risk assessment survey asks about training of individuals. UCOP is discussing mandatory security training (as part of IS-3), which would involve minimum standards that are tailored locally.

There has been a fair amount of phishing targeted to compromise email systems (other campuses have had systems with restricted information compromised, and are currently going through a notification process).

The risk assessment survey does include department business continuity. UCSB now has a resource to help departments develop business continuity plans. Amy Ramos works two days a week through the risk management group. She will be using the UC Ready software to develop the business side of the plan.

Subcommittee Reports

Backbone Engineering Group (BEG)

The co-chairs are going through the final version of the standards documents for typos. After that they will be posted, there will be a BEG meeting, and then the BEG will bring it to the ITPG for approval.

Security Working Group (SEC-WG)

The ECP is undergoing some near-term changes to address monitoring access to medical data. There are both policy and legal issues. Monitoring will be under either the direction or authorization of the CISO. The changes also include requirements for access to electronic communications records with respect to litigation. Other changes held for a later revision. Logs exist for access, but is this an audit process? The ECP currently allows monitoring for security and reliable operation, but it is not always obvious whether legitimate access is appropriate. An example would be medical center staff who do have access permission, accessing records for patients who are not under their care. This should not be done by an IT person. Monitor for policy issues.

Regarding phishing: it is difficult to advise people how to judge whether a message is legitimate; e.g., there are legitimate reasons why someone would ask for a username. The SEC-WG will try to develop guidelines/message about what is legitimate.

The campus is also seeing the appearance of GoToMyPC TeamViewer. Local IT staff may have no clue that it is on a LAN. There have been instances where a legitimate installation was hijacked and also instances where the hijacked installation was not legitimate. We need to try to find where these installations exist and alert local IT staff. Tom Lawton has developed tools to detect them.

Web Standards and Content Working Group (WSG)

On November 18, the WSG held an intermediate-level Web Applications Security Workshop. The presenter was Marco Cova, Ph.D. candidate in Computer Science; the workshop was attended by 30 staff. The WSG received positive responses to the event in their feedback survey. Online materials from the workshop include Marco's slides and demo and the Web Applications Security Workshop Podcast.

The WSG will now get back to content and accessibility standards. They will review one each meeting to see if there needs to be any updates or changes.

The WSG asks if the campus would be interested in providing drupal hosting and/or log server hosting to evaluate for id and security violations.

ITPG Communications

The group is meeting every two weeks. It is developing a prototype website that both the ITPG and the campus IT community can use. If there is time, there will be a demo of the site at end of meeting. [The demo was postponed until the January meeting.]

Calendaring Survey

Based on the survey that was mailed out, there are a lot of people using Oracle Calendar and a large number using Exchange. Jamie has scheduled the HR Learning Center on 12/2 for a meeting of those who responded to the survey and are using different services. The goal of the meeting is to explore ways to cross–calendar. There are some groups that are using Google calendars to provide publically accessible calendars, but both Oracle Calendar and Exchange have the ability to make a calendar publicly accessible. Others send Ical or Vcal cards out and ship calendars around. Jamie will come back to the ITPG with plans for going forward. There is a UC-wide project to replace Oracle Calendar. UCB is committed to have a full replacement in October 2010, using an open source solution. Jamie is exploring offering a public calendar for campus closures.

Liaison Reports

Information Technology Board (ITB) – Bruce Miller

The ITB did not meet last or this month.

Academic Technology Planning Group (ATPG) – Alan Moses

The ATPG did not meet last or this month.

Enterprise Information Systems Planning Group (EISPG) – Deborah Scott

The EISPG met in October. They discussed getting a presentation on the PPS project. They have asked the Academic Senate for some faculty representatives to the group. The four faculty who were on the steering committee for SAIL have all agreed to participate. The meeting regarding the Financial System demo from UCLA was actually a meeting to plan for UCLA to come and present the demo. They want to present it at the January 2010 ITB meeting. In December the EISPG will explore the current risks of our administrative computing environment. The risks are a deep hole and we are still digging. The scope of the UCLA system includes GLO accounting and purchasing. It might incorporate AR/AP, but not BARC.

Cyber Infrastructure

This group did not meet last or this month.

Action Items

Meeting schedule going forward: Does the current time slot work? Yes! How about the meeting format? Thumbs up!

It was proposed and agreed that our December meeting will be an afternoon social meeting with refreshments. We hope to find a facility such as Mosher, Loma Pelona, or Cliff House for the location. The format will be an open house get-together. [The December ITPG/CSF/IT Gathering will be held 12/17/09 beginning at 2:30pm at the Mosher House.]

Discussion Items

Campus Directory, Identity, and Authentication Update and Issues
Powerpoint Presentation (pdf) – Arlene Allen

In 1997 the campus LDAP was created as a white pages, not as a repository for Identity Management – LDAP directories are not good for that, you need something with a database management system instead. We started with an open source solution, then Netscape, which evolved in to iPlanet, and now Sun. In 2003 we chose Oblix Netpoint as our web authorization method. We are still using Netpoint, but in FY 05/06 we went off maintenance and upgrades. UCOP wanted a global foreign key, but their UCNETID attempt failed. Now there is a legacy global key.

In 2007 we had the Password Reset event, which included:

  • Removing the functionality that allowed people to change their own passwords.
  • Using the Student Affairs Ureset application to enforce password strength rules.
  • Removing the functionality that allowed self activation and password reset.

This led to reengineering the design to be more appropriate, and to recreate old functions. We have moved forward with Sun software, but so far there are no third-party support organizations. The new design features a multi-master architecture.

For password reset there are secret questions, which are currently being refined. We need to dialogue to figure out what these questions should be. When a user does not remember any of their answers, they will go to the identity helpdesk. People in town are comfortable with process. Out-of-town people have a different process.

Karl will chair a group to explore and inform the process. There was a motion to reactivate the old Identity group. Matthew Dunham was the chair of the old group. The committee should define its scope for advice. It should examine common approach to authorizations. Initially, there will be a need for educating the committee on the issues/technologies. Authorization is a large issue. The current implementation does not support roles. There is no funded project for authorization.

The next steps:

  • Finish tech development by 12/31/09 (but they keep running into issues), then start coordination of cutover.
  • Customer acceptance of new system.
  • Run two systems in parallel.

What changes need to be made by application developers? None, there is absolute forward compatibility.

Espresso depends on Netpoint. It will continue to work, but uses unmaintained software that cannot be moved forward and this is a risk. Once we go live with the new architecture, we can no longer allow direct editing of ldap. It is the plan to use OpenSSO, but we have no ability to actually do any of this until identity management costs are stabilized by the campus.

One major component of the new design is decoupling the student UCSBNetID from the Umail account. New student UCSBNetIDs are not created until they have SIR’ed (i.e., filed an intent to register), but other providers may want to access the student prior to this step. They could now be created at the admit stage.

There are also issues, such as those for GauchoSpace, with non-regular students such as Extension students. There is not a smooth process for "miscellaneous demographics." There is a need to allow these external processes to integrate with the existing processes for populations. The hurdle is the funding to create such processes and to establish functional ownership of each miscellaneous process that might be created.

Internet2 MACE projects are Signet and Grouper. Neither of these adapts in a seamless fashion to our current engineering, but they do provide conceptual food for thought on methods for meeting needs in this space.

Upcoming Items

  • January: ITPG/IT Collaboration Web Site demo – Communications Subcommittee
AttachmentSize
IdM@UCSB.pdf838.57 KB