Skip to end of metadata
Go to start of metadata

Date: Tuesday, 5/8/2012, 10:30am to 12:00
Location: 118 Wagner Building
Purpose: Review CSI Project Planning Reports by AIS and CSS.


  • IAM: Richard Dumm, Edward Hayes, Renee Shuey
  • AIS: Dawn Boyer, Kathy Brown, Sara Conkling, Pete Dawson, Jan Grasser, Kelly Hartzfeld, Walter Kay, Ron Rash, Carl Seybold, Cheryl Seybold.
  • AIT: Jeff D’Angelo, Ken Forstmeier, Barb Howie, Steve Kellogg, Robyn Wang, Shawn Smith, Bob Walters
  • Accounts: Kathy Beck, Sue Jones, John Williams

Facilitator: Richard Dumm
Recorder: Richard Dumm, Edward Hayes


  • Level set (Renee)
  • CSS Report Review (Barb)
  • AIS Report Review (Dawn)
  • Next Steps

Summary of Next Steps

Next Steps – Executive/Sponsor Level

Reporting Process

  • prepare reports to Kevin (Renee)
    • option 1 recommendation for AIS
    • copy Ken and Ron and get their comments
  • Kevin engages executive stakeholders
  • project team engages stakeholders (after Kevin authorizes project)

Discussion - project impact with stakeholders

  • part of the discussion should include
    • what is the timeframe?
    • what is the impact on the projects?
  • Kevin will have to make statements about which projects will be impacted
  • need to do address project impacts as quickly as possible

Next steps for AIS, CSS and IAM

  • further engagements between CSS group and IAM
    • purpose: to identity gaps, questions, overlaps
    • should have representative(s) from AIS attend CSS/IAM team meetings and vice versa
  • initiate development of draft project scope – people and resources

Meeting Notes

Level set (Renee)

Project Status Updates

  • IAM reached important milestone on 03/31/2012 with completion of CPR core services
  • IAM Online identity provisioning will soon be finished
  • IAM projects for the next several months
    • development of identity assurance
    • development of relationship link
    • web service for id+ card link

Next steps for CSI

  • Renee take reports back to Kevin
  • also copies Ken and Ron
  • begin looking at how we prioritize tasks
CSS Report Review (Barb)

reference: CSS Report Review  20120408_CACTUSPresentation.docx

report from CSS

  • created as Work Breakdown Structure (WBS)
  • high level tasks are in categories
    • design phase
    • development phase
    • test phase

CSS Report Discussion

  • CPR interactions
    • does the Cactus WBS include interactions with the CPR?
    • how does deprovisioning get sent back to IBIS and ISIS?
    • impact of provisioning/deprovisoning for applications that subscribe to the CPR (e. g. Hershey will have services provisioned off the CPR)
  • believed to be a large gap between quantity of information provided by IAM and the amount of planning/design to be completed by AIT
    • CPR is one piece of the IAM picture
    • other phases of the IAM project have not been started yet
  • Kerberos upgrade project will be completed by the end of June
  • some AIT projects must be completed independent of IAM timelines
  • concerns about what will be affected in DIMC
    • previous statements by IAM suggest there will be minimal changes
    • not sure whether that is short term or long term
    • there has been one DIMC meeting between IAM and CSS
  • AIT is under considerable pressure to upgrade existing systems
  • authorization
    • discussion of authorization raises many questions
      • there are impacts on the directory and object classes,
      • plans for entitlements are also being made
    • IAM consideration of authorization was delayed because CPR had to be completed first
  • Accounts Office concerns
    • there are questions about impact of locked accounts on CPR services
    • duplicate ids
      • will the Accounts Office be responsible for verifying whether there are duplicate ids?
      • Accounts Office may not have sufficient information to do that
      • Renee says
  • registration authorities (RA) should handle management of duplicate ids
  • if IAM is collecting the RA data, it will help to determine who should resolve a duplicate id situation
  • it is preferred that the RAs clean up the duplicate ids
  • password set/reset
    • part under IAM, part under AIT
    • would like to see the similar branding to eliminate confusion among users
    • password reset web application is in production
    • surprising to some that IAM Online included password creation
    • some decisions need to be made with regard to who is doing what
  • risks
    • must have people dedicated to this project
    • Kerberos project is big risk
      • upgrading to Kerberos version 1.10.1 by June 30
      • project is currently on track
    • Cactus service integration
    • DIMC/security console tasks
  • Jimmy will start working on sponsored accounts requirements on May 16
  • signoff for AD-20
    • should it be part of Web Access to check for an AD-20 signoff date
    • AD-20 sign off is in IAM Online provisioning process
    • IAM engaged with Training Services to develop appropriate wording and presentation
    • if initial vetting and setting the password is understood; point was being raised with regard to changing Web Access
    • in general do not want to increase Web Access overhead by adding a check for AD-20 signoff
    • what is the process for existing users who have not signed off on AD-20
    • want to find the right place to enforce this; Bob has suggested the password reset page
  • need to schedule additional meeting(s) between the IAM team and CSS groups to discuss requirements and specifications
  • work on IAM will be competing with AIT projects for storage issues, new equipment installation, recalibration of other system, spinning up of co-location center
  • Ken and Ron will be able to add comments to report prior to being sent to Kevin
  • it is not known who all the stakeholders are for AIT
  • when the Cactus Service Integration testing phase begins, need to determine
    • who will be involved in the testing
    • who has the authority to say go/no go
AIS Report Review (Dawn)

reference: AIS Report Review   AIS Architecture and Impact StatementMay8.docx

report from AIS

  • first two pages have not changed
  • a list of data elements that will be affected has been added to the beginning
  • also tried to make FTEs more consistent
  • only considered production libraries for the report
  • did not consider adhoc libraries; some AIS partners use adhoc libraries
  • there are concerns about record locking
  • AIS prefers option 1

AIS Report Discussion

  • new report section on affiliation
    • business side
      • IBIS sends file to OHR
      • HR sends information to Cactus
    • student side
      • smaller amount of data than currently sent
      • student status (e. .g. paid accept)
      • student level (e. g. undergraduate)
      • classification (e. g.. 01 or 02)
      • leave of absence
      • close to 400 modules doing updates to all those elements
    • numerous processes will also need to be updated
      • still need to continue to send batch file scaled down
      • have looked at ADABAS for potential use of triggers
  • AIS has concerns about doing things real time
  • a potential impact on the integration of IAM is that AIS priorities are changing frequently
  • report lists existing AIS projects that could be impacted by IAM
  • it should be noted that the impact is on the whole university
  • AIS report assumes one FTE (for most of the work packages) at this time, can add more as needed
  • completion
    • not all tasks have to be completed before bringing in stakeholders
    • there may be a period of time where identity information has to be entered more than once; it is important to have that conversation with stakeholders as soon as possible
    • when you look at the time estimates, can we afford to wait three years? Answer: no
    • determine what needs to be done and what needs to be put on hold
    • some interim solutions may have to be implemented
  • option 1 vs. option 2
    • final decision must be made by Kevin using input CSI group
    • recommended option is clearly option 1
    • every item on the project list has an exec sponsor that needs to be involved in discussion of impact
    • no matter what decision is made, there needs to be a clear executive statement
    • partner offices must be engaged no matter what option is selected
    • option 1 is the right thing to do not just because it is less work to do
    • even if we choose option 1, it will be necessary to resolve issues like where to get the PSU id
  • when would conversation with AIS partner offices take place
    • could address issues at AIS bi-monthly meeting with senior business execs (next meeting: June 15)
      • IT directors for those departments attend also
      • attendees of the meeting set the priorities
      • Kevin could attend one of the meetings
      • need a unified front from executive level
    • 99% of the project sponsors are not ITS people
  • impact of impending student system selection
    • impact on student system is less clear because of student system choices
    • the next student system choices are
      • do nothing
      • delay
      • build
      • buy
    • must understand the IAM product and get requirements defined so that potential vendors can respond to the requirements
  • Cactus interfaces
    • DIMC interface currently feeds into Cactus
    • locked account is fed into Cactus which is then feeds into IBIS/ISIS
    • should that information be coming from multiple sources or from one central source
    • DIMC is a consultant view of Cactus
    • have Cactus interface, the security interface and DIMC
    • your role dictates what you have access to
  • CPR is intended to be the authoritative source
  • IAM would like to have roles in Grouper
  • must proceed carefully with Grouper, Grouper may not be the answer; can affect directory services
Next Steps Discussion – Executive / Sponsor
  • final reporting process
    • prepare reports to Kevin (Renee)
      • option 1 recommendation for AIS
      • copy Ken and Ron and get their comments
    • Kevin engages executive stakeholders
    • project team engages stakeholders
    • Kevin authorizes project

Final Report Discussion

  • project impact
    • part of the discussion has to be
      • what is the timeframe?
      • what is the impact on the projects”
    • Kevin will have to make statements about which projects will be impacted
    • need to do address project impacts as quickly as possible
  • project flow
    • AIT engagement is implicit, however affects university wide processes/systems
    • AIS side a little more complex given the relationships with partner offices
    • IAM project will have to compete with high profile projects such as Polaris project
  • Will the reports be consolidated? Answer: yes
  • permanent IAM office
    • we need to start thinking about a more permanent IAM office
    • where does an IAM unit reside?
    • how do we provide consultant service?
    • IAM consultant skills don’t exist within our areas today
  • next steps for teams
    • further engagement with CSS group and IAM-- identify gaps, questions and overlaps
      • should have representative(s) from AIS attend CSS/IAM team meetings and vice versa
    • initiate development of draft project scope – people and resources
  • Ron requests questions from AIS staff attending – there are none
  • policy
    • formal IAM policy (institutional) will created by end of May
    • operational policy will be rolled in as we go along
  • While waiting on the outcome from the reports presented to Kevin, should there be any project management taking place? Renee says we probably need to wait.
  • skills sets
    • what type of skills do we need tactically and hierarchically?
    • what is the impact if those people can not be hired
    • motivated user offices may be willing to contribute resources; example: Outreach is wants to have Destiny One involved in IAM by Q1 2013


  • No labels