Page Comparison

Legend:

Status
title not started

Status
colour Yellow title IN PROGRESS

Status
colour Red title STALLED

Status
colour Green title decided

Recommendation

Background

Alma (including network zone) requires a 3rd party authentication to login to the system. In order to login to the Alma network zone, the site (campus or CDL) 's authentication will need to integrate with the NZ. All sites that should have access into the NZ environment will need to have their authentication integrated with the NZ.

Dependencies

UCOP (CDL) and UCSD (SCP) staff manage UC-wide services; both sites need authentication within the NZ.

(technical unknown): how many authentication integrations can NZ have? (posed to ExL May 8 )

(technical unknown): any conflicts arising from same authentication integrated at both IZ & NZ (for non-UCOP sites)

Answer needed for “3rd party integrations” due to ExL May 29th.

Questions to consider

Who (aside from those staff directly managing UC-wide services), if any, should have direct access to network zone instance?Use UCOP ITS “Shib proxy” (connects all UC shib directories into one interface) for NZ authentication.

Background

Authentication for accounts to NZ could use either Shibboleth or Ex Libris Identity Service authentication method. Since CDL’s main office is split between those with Shibboleth accounts at UCOP and Shibboleth accounts at UCSD, authentication into the NZ needs to support both types of users. Shibboleth login is more secure and would support SSO for staff logging into the NZ. The UCOP ITS’s Shibboleth proxy service would enable a single integration point with Alma for all UC Shibboleth sites, negating the need for campus Shibboleth services to integrate with both their campus IZ and the NZ.

Dependencies

Questions to consider

Assumptions

Scenarios

Action Log

...