Meeting Date: August 5 th, 2010Time:2:00 PM – 3:00 PM Facilitator:Garry GilletteRecorder: G. Gillette Location:FCC2A Conference RoomNumber of Pages:1 Topic Time Frame Start Time Responsible Meeting Kick Off5 minutes2:00Facilitator Agenda45 minutes2:05Facilitator Open Discussion5 minutes2:50Project team Wrap Up5 Minutes2:55Facilitator Fermilab Identity Management (FIdM) Project Briefing Agenda Tom AckenhusenSripada JoshiAmanda Petersen Bill BoroskiMark O Kaletka Vacation Jack Schmidt Vacation Eileen Berman Vacation Rich Karuhn Nelly Stanfield Dave Shuman Vacation Rob Kennedy Peter Stomenhoff Dave Coder Mark Leininger Laura Stover Irwin GainesGriselda Lopez Mark Thoms Anil GargAl LilianstromJulie Trumbo Garry Gillette Patty Mcbride Vicky White Vacation Gerald Guglielmo Vacation Scott Nolan

AGENDA: Introductions Project Directives FidM Definition FIdM Agile Deployment Timeline Project Deliverable Review Fidm & PeopleSoft Integration

Project Directives » Single Source of Truth » Bidirectional Interface to Applications » Traceability of Computer Services Usage » Authorization Mechanism » Single Cut Off Point » Connection with External Entities (Shib-other LDAP) » Lightweight Guest ID

Fermilab Identity Management (FIdM) Identity Management (IdM) -- the set of business processes—and the supporting infrastructure service components—that create, maintain, and use digital identities within legal and policy contexts. Identity Management architectures integrate core components such as user provisioning, access management, identity lifecycle management, directory services, identity data content integration technologies, role management, federation, and identity audit. Why implement next generation FIdM? Streamline and automate biz process (on-boarding, reorg, etc.) Role and Request-based Access and Authorization Management Eliminate duplication of information Improve security – password management, authentication services, real-time deprovisioning TCO reduction for FIdM Improve end-user experience Keep current FIdM Systems supportable and maintainable (Oracle 10g  11g) Regulatory compliance

Deliverable #1 Deliverable #2 Deliverable #3 Deliverable#4 Deliverable #2 Deliverable #3 Deliverable #4 Deliverable # 2 Deliverable # 3 Deliverable # 4 Development Environment Staging Environment PROD Environment Deliverable #3 Pilot Environment FIdM Agile Deployment Timeline Deliverable # 1 Dependency on resource commitment and availability Deliverable # 2

Development Transition Deliverables 1 and 2 from Pilot  Dev (+ implement remaining Use-Cases) Complete Deliverables 3 and 4 Knowledge Transfer and Support for Team Fermilab Team Fermilab are implementing D1-2 in Staging and Prod Achieve Functional Parity with legacy Fermilab Infrastructure Pilot Implement initial Use-Cases Fully functional Pilot FIdM approved by FIdM Steering Committee Multiple Pilot iterations expected to reach that point) 75% FIdM Infrastructure is online 10g vs. 11g software decision Virtual vs. Physical Environment Decision (Staging & Prod) Project Plan, Finalize Detailed Requirements, Design and Architecture Documentation Deliverables Documentation for Deliverables 1,2 and (partial) 3 complete Team Fermilab ready to begin Staging and Prod Deployments FIdm Project Pilot and Development Stages

FIdM Project Staging and Prod Stages Staging Fermilab Staff implements FidM Knowledge Transfer and Support provided to Team Fermilab Unit/Load/Acceptance Testing Documentation End-User Training Prod Team Fermilab implements FidM per Unit/Load/Acceptance Testing Documentation Transition and Go-Live / CNAS to FIdM cut-over Post Go-Live Support Establish Framework to Manage new FidM Functionality Requests

Pilot -- Deliverables: Deliverable #1 –Stand up Environments, Infrastructure, DB, App Servers –Install and Configure new Products –Next Generation Directory Services (11g) –Stand up Oracle Virtual Directory Services –Directory Services integrations: AD, LDAP, possibly KDC –Document all deliverables Deliverable #1 Accomplishments »Single Source of Truth »Connection Interfaces for External Entities »New 11g Infrastructure -- providing underpinning baseline for other components; also maintains vendor support »FSST Virtualization layer installed August T0 September2010August T0 September2010 Pilot Phase : The Pilot phase constitutes the bulk of work to validate the FIdM roadmap. This deployment phase will be done in accordance with the project plan and initial design specifications identified in the discovery phase.

Pilot Phase Continued : Deliverable #2: AAAAA Service Framework AAAAA Services Framework will Provide: Authentication– framework to consolidate existing authentication mechanisms Authorization – showcase RBAC Audit – “Who, accessed What, When” reports Administration – Full Centralized Life-Cycle Management Framework for Accounts, Groups, Org-Unit, etc. Automation – Identity Workflow and Approval Engine, Self and Delegated Administration Services Accomplishments: Traceability of Fermilab IT Services Use Single Cut-Off Point (PoC mode) Authorization Mechanisms Lightweight Guest Self Registration Interface for Connection to External Entities (Shib, Fed ID) Sign-off on all Pilot Deliverables August T0 September2010August T0 September2010

OAM, OIM and 10g vs. 11g Release – Pilot/Dev to be implemented on OAM 10g (per original plan) – NEW: Also stand up IdM 11g in parallel in Pilot – Provide Cost/Benefit Analysis of 10g vs. 11g – Pilot Decision Point: 10g vs. 11g

Oracle IdM Product 11g Release

–Deliverable #3 – Replace CNAS Interfaces with FSST Replace CNAS Interfaces with FSST Bridge the gap from Pilot to Development Full Documentation Support Team Fermilab for Staging and Prod Unit Testing Acceptance Testing by Stakeholders – FSST –Sign off on FSST Deliverable –Accomplishments –Single Source of Truth –Bidirectional Interface to Applications –Traceability of Computer Services Usage –Authorization Mechanism October to December 2010October to December 2010 Development Phase : The Development phase constitutes the bulk of the hours as will iteratively deploy the FIdm solution. The development phase will be done in accordance with the project plan and final design specifications uncovered in the previous phase

Deliverable #3 FSST Replaces 14 CNAS Interfaces

Development Phase Continued : –Deliverable #4 -- FSST Integration Development with HRMS –Integrate FidM with HRMS solution –FSST, OIM, HRMS replace remaining CNAS Stub –Establish Framework to Manage new FidM Functionality Request s October to December 2010October to December 2010

–Resourcing Requirements during Deliverables 1- 4: FIdM Platform (hardware, VMWare, OS) Networking CNAS Active Directory OID LDAP PeopleSoft EBS –Resourcing recommendations for Staging, Prod and Beyond – 1-2 FTEs –5 % FidM Steering Committee –5% DBA and Platform Admins –90% FIdM Maintenance & Continuous Integration 10% Maintenance and Operations of FIdM 80% Continuous Fermilab App Integration and Business Process Implementation Staging and Prod Deployments: Fermilab Resourcing Recommendations

Summary Pilot -- 9/27 Fully functional Pilot FIdM Approved and Accepted by Steering Committee (multiple iterations expected to reach that point) 75% FIdM Infrastructure is online 10g vs. 11g software decision is made Project Plan, Final Requirements, Design and Architecture Documentation Deliverables Documentation for Deliverables 1,2 and (partial) 3 complete Team Fermilab ready to begin Staging and Prod Deployments Development -- 12/31 Complete Deliverables 3 and 4 End-to-end Unit and Acceptance Testing Knowledge Transfer and Support for Team Fermilab (Staging & Prod) (In progress) Team Fermilab are implementing D1 and D2 in Staging and Prod Establish Framework to Manage new FidM Functionality Requests

Q&A ?