Skip to Content

UCTrust

Printer-friendly versionPrinter-friendly version

History

The UCTrust was a project mutually agreed upon by the central IT leaders at the ten campuses in 2004. The first phase was a technology proof of concept (POC) that was completed successfully. This was followed by a general agreement / mandate in 2006 that all campuses would create and support the UCTrust. The general use case was any application system that would be used by more than one campus. Think Software as a Service (SaaS), although we did not yet call it that. The first such system brought online was AYSO.

Currently

All of the campuses, except UCSB, are now UCTrust enabled. Application (SaaS) systems specifying support for UCTrust are: AYSO, Connexxus, Effort Reporting (ERS), SumTotal (UC Learning), UC Ready, Enterprise Risk Management. Some are still in various stages of rollout.

Technology

UCTrust was initially designed around and installed via the Internet2 Shibboleth project. The version of Shibboleth used for UCTrust was built around the OASIS SAML 1.1 standards, and the UCTrust is now looking at a near term migration to Shibboleth based on SAML 2.0. See Shibboleth at Internet2 for more information. While the 1.1 version was incompatible with commercial software supporting the OASIS standards, the 2.0 version is much closer to full interoperability. This means it is possible to use commercial software, such as the OpenSSO in our case, for implementing the UCTrust federation.

Whichever federating software is used, it must be driven from an identity repository that is compliant with the standards of the UCTrust, and more importantly, the standards of the federating organization - in this case InCommon. In the context of an Enterprise Identity repository, i.e. a single union name space, it is necessary to design a data structure that allows the dynamic inclusion or exclusion of individuals from the federating processes. The engineering of the UCTrust federation at UCSB will be an infrastructure that allows for the business rules of identity management to shift without breaking the functionality.

The InCommon Federation

In a somewhat gravitational fashion, InCommon has become the de facto authority for higher education's use of federation. The original specification of the UCTrust was set to higher levels of assurance than the InCommon Basic service, now bronze level. Recently, InCommon has designed and specified a silver level that includes NIST Level 2 requirements, and is parallel to the UCTrust. As such, the UC wide group managing UCTrust is actively planning the evolution of UCTrust Basic to InCommon Silver.