Common Systems Group (CSG)
Meeting Summary
Tuesday, January 22, 2008
From 2:00 p.m. to 4:00 p.m.
11348 Young Research Library

CSG Attendees: Julie Austin, Ross Bollens, Paul Craft, Carmela Cunningham, Jim Davis, Steve Duim, Carol King, Michelle Lew, Max Kopelevich, Tom Phelan, Nick Reddingius, Terry Ryan, Mike Schilling, David Snow, Kent Wada, Don Worth

Guests: Margo Reveil, Jackie Reynolds, Karen Ribback

The meeting was called to order at 2:03 p.m. on January 22, 2008.

Agenda Item 1: Update on CITI funding process. (Karen Ribback, 30 minutes)

• Background Information:
  
  • During the summer, 15 project proposals were presented to the Committee on IT Infrastructure (CITI) requesting funding from the Chancellor’s Fund of $15 million dollars. CITI reviewed each proposal individually and ranked each project based on a predetermined criterion. The Chancellor approved the CITI’s proposal to award funds to the top eight projects. Funding will be provided for 18 months for each project. After the 18 months, a progress report will be sent to CITI for review. The funds from fiscal year 2007-2008 will fund the top eight projects and funds from FY08/09 will go into an escrow. CITI has not awarded funds to Project #8. CITI is interested in the project but does not have enough information to make a decision to fund. The committee will make a decision after it receives more information. All of the projects are still in the planning stages. For example, EDIMI (now renamed as IamUCLA) is still planning its strategy to implement its project.
• Discussion Points:
  • The problem of limited funding should be mitigated by researching methods of reducing costs. For example, looking for shared space to lower costs. This is a method that the Disaster Recovery project is in the process of researching.
  • It was recommended that there should be documentation of the process of replacing legacy systems in all of the departments. A legacy system is an old computer or application system that is still being used because the user or organization has not yet replaced, redesigned, or upgraded it.

Agenda Item 2: IamUCLA update. (Jackie Reynolds, 20 minutes)

• Background Information:
  
  • The Enterprise Directory & Identity Management Infrastructure (EDIMI) has been renamed as Identity & Access Management (IamUCLA). The IamUCLA’s Identity project is to shift from the Integrated Secuirty Information Services (ISIS) system to the Shibboleth authentication system. The Access Management (am) project is to simplify the granting and purging of privileges for users. CITI has awarded funding to IamUCLA’s project for 18 months. Funding was only awarded for one of the three consultants/researchers.
• Discussion Points:
  • It was recommended that IamUCLA enter a Request for Proposal (RFP).
  • The Common Collaboration and Learning Environment (CCLE) is currently using Shibboleth. Also, some applications in the engineering department already use Shibboleth.
  • The University Records System Access (URSA) is in the process of restructuring their authorization and validation system and is interested in implementing the Shibboleth system from the beginning of this restructuring process.
  • Implementing Shibboleth throughout the campus is relatively easier than working with outside vendors.
  • IamUCLA’s goals are to allow users to use one login id and be able to jump from web application to web application with that single log-on and to simplify the authentication system. The complication with the single log-on Identity system is the difference of identity match levels from application and to application. Different applications have different security levels (e.g. some web applications require a more secure password than another web application so a single log-on that complies with the lower security application may not satisfy the security level of another). The recommended solution is to heighten the security level on the lower identity match level applications so that they are at the same level as the high identity match applications.

Agenda Item 3: Formation of campus Compliance Officer Group. (Jackie Reynolds, 20 minutes)

• Background Information:
  
  • The formation of a campus Compliance Officer Group has been in planning during the last couple of CSG meetings. “Compliance Office Group” is not the official name that the group plans to use. Currently, Senate Bill 1386 (SB1386) coordinators are the liaisons to different groups/departments regarding security issues. The formation of this group is to help ensure better compliance with all personnel. The plan is to have the “Compliance Officer Group” be held accountable for security issues as well as other policy regulations.
• Discussion Points:
  • The committee is looking for feedback from all the departments and organizations on campus to find out what methods or systems have been proven effective for getting faculty to be compliant with policies.
  • The committee wants to achieve wide-spread compliance throughout the campus but will need to collaborate with all the departments and organizations on campus to do so.
  • One recommendation was to make an example out of a faculty member to grab the attention of other faculty members.
  • The recommendation was made to appoint a faculty member to be the “Compliance Officer.” This “Compliance officer” will report to the compliance group monthly.
  • Another recommendation is to model the security compliance after the sexual harassment policy and ethics training compliance. The problem with these two policies, however, is that there is no enforcement for compliance (e.g. enforcing a consequence for not attending the training).

Agenda Item 4: CENIC Report on Utilization of Internet2 and NLR Services. (Jim Davis, 20 minutes)

• Background Information:
  
  • Negotiations between Internet2 (I2) and National Lambda Rail (NLR) did not result in an agreement to merge. Therefore, the committee needs to research and strategize its plan to retain networking services. Each company has their own infrastructure. These infrastructures connect UCLA’s network to outside higher education institutes. Each company has their own list of institutes which UCLA can connect to. The committee is gathering information from all parts of campus to find out what services are needed for the campus network. Appendix A (referencing the handout) shows a list of all the reachable IP networks via I2 and not NLR. The Appendix A also shows a list of all the reachable IP networks via NLR and not I2. The campus will need both services to reach all of the networks. There is a problem that is limited resources. A solution is to find revenue from commodity sharing (a commodity pool) which is a resource that I2 wants to tap into.

Action: Each committee member will take this issue back to their respective organizations and departments. They will gather and send feedback to Mike Van Norman and Jim Davis.

The meeting was adjourned at 3:35 p.m. on January 22, 2008.