ITAC Agenda, November 7

Micronet & Campus Security Admins:

 

Here is the agenda for Tuesday217;s meeting. Look forward to seeing you.

 

Tessa

Dear ITAC,

 

Here is the agenda for our meeting next Tuesday – note UHall location. We have a packed agenda, so please get there for a close to 3p start. Look forward to seeing you.

 

This is the follow up discussion from our last meeting on the architecture of UCB’s Identity Management and Calnet systems going forward. You will recall that the purpose of the larger space is to accommodate your staff and team members that you’d like to be part of this discussion. We will also invite the CISC group to join us and the security SIG group as well.

 

 

 

IT Architecture Committee Meeting

November 7, 2006, 3:00-5:00 pm
150 University Hall

AGENDA

1. Welcome and Announcements          ;          ;           ;    (Patricia Donnelly, Tessa Michaels)

2. Calnet Directory Services /LDAP infrastructure    ;     (Rob Chevalier, 30 minutes)

   Update on the new LDAP schema and software – what does it mean for LDAP users.

3. Calnet Authentication  ;           ;           ;                    ;     (Karl Grose, 30 minutes)

    Discuss transitioning from MIT Kerberos to Active Directory for the Key Distribution Center (KDC).

4. Identity management and single sign-on        ;          ;   (Green, Schulden, Ballew, Grose, Chevalier, 35 minutes)

    IST to bring the discussion around Identity Management to UCB IT staff to update us and to get input.

3. Questions / input / next steps         ;           ;           ;      (ITAC, 25 minutes)

 

Identity management and single sign-on background and details

 

Last year the campus gave funds to IST via e-Berkeley for the Identity Management project. IST engaged the Burton Group to help us analyze identity management solutions and develop an overall approach to implementation.  You may read the Burton Group report and the IST project proposal for identity management here: https://webfiles.berkeley.edu/~mhgreen/.

 

There has been quite a bit of discussion in IST around whether we should be focusing on single sign-on or on a more comprehensive identity management solution for the campus.  The advantage of single sign-on, for which we strongly favor CAS as a solution, is that it is widely deployed in higher education and many open source projects targeted at education already integrate with CAS.  The limitation of CAS is that it does not directly support identity management.  Many of us have systems where we need to manage access to applications or data based on the role of the individual.  Managing these roles, such as: system administrator, member of the HR Staff, or person authorized to approve expenses; can be challenging.  An identity management system attempts to provide a central repository of roles that applications can consult to determine whether someone requesting access is authorized.  We favor Sun's Access Manager for identity management - it was the recommended solution from the Burton Group study, and we have experience with Sun's security software as that is what we use for LDAP. IST may need to implement both CAS and Sun's Access Manager, or it might make more sense to just implement one of the two solutions.

 

Michael Green will moderate the discussion; JR Schulden and Randy Ballew will discuss the advantages of CAS; Karl Grose and Rob Chevalier will discuss the advantages of Sun's Access Manager.

 

More information on CAS may be found here:

http://www.ja-sig.org/products/cas/

More information on Sun's Access Manager may be found here:

http://www.sun.com/software/products/access_mgr/

 

Michael Green has created a mailing list so that persons on campus that are interested in what we are doing with security infrastructure can provide comments: lists.berkeley.edu">security-infrastructurelists.berkeley.edu.

 

Best,

Tessa

Tessa Michaels
CTO-Administration, Executive Director,
Business and Technology Solutions
University of California, Berkeley
Tel: 510.642.5441