Information Resources and Communications University of California, Office of the President

UCTrust

David WalkerOffice of the President

University of CaliforniaDavid.Walker@ucop.edu

Information Resources and Communications University of California, Office of the President

Overview Goals for UCTrust What UCTrust Is UCTrust Basic Assurance Organizational Structure Future

Information Resources and Communications University of California, Office of the President

The University of California Ten campuses Five medical centers National labs Office of the President Nearly all operational responsibility is

distributed to the campuses, medical centers, and labs

Information Resources and Communications University of California, Office of the President

Changing Model for IT Services Individuals use many applications Applications have become integral parts of

business units, not adjuncts Applications (and business units) have

become interdependent This is also occurring among campuses, largely

driven by overburdened CIOs All of this must be done securely with

appropriate access controls

Information Resources and Communications University of California, Office of the President

UCTrust's Goals Provide a secure identity and access

management infrastructure for the University of California E.g., business applications and employee self-

service Leverage existing campus identity

management efforts Interoperate with similar infrastructures

nationally and internationally, particularly within higher education

Information Resources and Communications University of California, Office of the President

UCTrust is Not (Really) a Federation

UCTrust is really the UC members of InCommon

UCTrust is about the assurance required to accomplish trusted access management

This requires policies describing appropriate identification, registration, authentication, and other factors that are required to meet UCTrust's basic level of assurance

Also, a little technology and process

Information Resources and Communications University of California, Office of the President

UCTrust Basic Assurance Modeled on eAuthentication Level 2 Identification can be the hiring process or

involve a government photo ID Sometimes excludes students, but that's OK

Registration in-person with photo ID or unattended with confirmation step

Authentication must encrypt secrets Help desk, logs, etc.

Information Resources and Communications University of California, Office of the President

Organizational Structure Participants

Credential Providers Resource Providers Community Members

UCTrust Identity Management Work Group UCTrust Federation Administration Information Technology Leadership Council

Information Resources and Communications University of California, Office of the President

Future Applications (and attributes)

More business applications UC Grid Course management Collaboration tools

InCommon Bronze and Silver / Federal eAuthentication

Applications shared by multiple campuses, but not all