240 likes | 330 Vues
Welcome to CAMP!. Ken Klingenstein, Director, Internet2 Middleware Initiative. Overview. CAMP Goals Workshop Context A word from our sponsors A word about NMI-EDIT. Goals of CAMP: Authentication Overview/Deployment. Overview of deploying authentication WebISO technologies
E N D
Welcome to CAMP! Ken Klingenstein, Director, Internet2 Middleware Initiative
Overview • CAMP Goals • Workshop Context • A word from our sponsors • A word about NMI-EDIT 2
Goals of CAMP: Authentication Overview/Deployment • Overview of deploying authentication • WebISO technologies • Update on directory activities • Inter-institutional authorization and leveraging campus authentication 3
Goals of CAMP • Develop contacts from other institutions implementing middleware • Learn about current research • Take home ideas to help remove those roadblocks on your campus • Benchmark your own implementation against current higher-ed practices 4
Thanks to our CAMP “Program Committee” • Mike Berman • CSU Pomona • Kent McKinney • CSU Hayward • Bill Winn • Bradley University 5
A Word From Our Sponsors • National Science Foundation’s Middleware Initiative (NMI) • NMI – Enterprise Desktop Integration Technologies (EDIT) Consortium • Internet2 – primary on grant and research • EDUCAUSE – primary on outreach • Southeastern Universities Research Association (SURA) – primary on NMI Integration Testbed …with support from Sun Microsystems Inc. 6
NMI-EDIT: Goals • Create a ubiquitous common, persistent and robust core middleware infrastructure for the R&E community • Provide tools and services (e.g. registries, bridge PKI components, schemas, root directories) to support inter-institutional and inter-realm collaborations 7
NMI-EDIT: Core Middleware Scope • Identity and Identifiers – namespaces, identifier crosswalks, real world levels of assurance • Authentication – campus technologies and policies, inter-realm interoperability via PKI, Kerberos • Directories – enterprise directory services architectures and tools, standard object classes, inter-realm and registry services • Authorization – permissions and access controls, delegation, privacy management • Integration Activities – common management tools, use of virtual, federated and hierarchical organizations 8
NMI-EDIT: Strategic Direction • Overall technical direction set by MACE • Middleware Architecture Committee for Education (MACE) • Bob Morgan, University of Washington, Chair • Campus IT architects and representatives from Grids and International Communities • Directions set via • NSF and NMI management team • Internet2 Network Planning and Policy Advisory Council • PKI, FOO and Directory Technical Advisory Boards • Internet2 members 10
Sample NMI-EDIT Process: Directories • MACE-DIR Working Group • Prioritize needed materials • Establish subgroups • revision of basic documents (LDAP Recipe) • new best practices in groups and metadirectories • standards development for eduPerson 1.5 and eduOrg 1.0 • Workin enhanced IETF approach: scenarios, requirements, architectures, recommended standards stages • Announce deliverables; start input and conference call review/feedback processes; reconvene work groups as needed • Process schedule and requirements • 4-6 months for completion, depending on product • 6-8 primary contributors • 15-50 schools participating 11
NMI-EDIT: Participants • Higher Ed • 15-20 leadership institutions, with 50 more campuses represented as members of working groups; readership around 2000 institutions • Corporate • (IBM/Metamerge, Microsoft, SUN, Liberty Alliance, DST, MitreTek, Radvision, Polycom, EBSCO, Elsevier, OCLC, Baltimore Technologies) • Government • NSF, NIST, NIH, Federal CIO Council • International • Terena, JISC, REDIRIS, AARnet, SWITCH 12
The pieces fit together… Campus infrastructure Name space, identifiers, directories Enterprise authentication and authorization Portals and LMS’s Inter-realm infrastructure edu schemas Exchange of attributes Inter-realm Upperware Grids Digital libraries Video 13
Middleware as Infrastructure • It serves both academic and administrative units • It serves both instructional and research missions • It must be reliable, scalable, extensible, ubiquitous, and transparent. • It must be deployed, which requires real technical, financial and political processes. 14
Middleware as Art • There is no proven policy path • Much depends on local legacy systems • Much depends on local legacy people • Much of the technology base is being invented as we meet 15
The Last Six Months in Middleware • Directories • Eduperson – new attributes, passions about vocabulary, new pressures for internationalization • CommObject becomes H.350 • Metadirectories… • Shibboleth – grows to v1.0, libraries and content providers drive deployments, federations take shape • Enterprise, federated Chandler is hatched 16
The Last Six Months in Middleware • Desktop video – what’s proving hard • PKI – needs grew, CREN died… • DRM – wins and losses • OKI – fits and starts • Portals – growing consensus on a few standards 17
Drivers for federations • At least four technologies… • Shibboleth, Liberty Alliance, Federated .NET, PAPI from RedIris (Spain), perhaps PKI • Several business needs • Internal exchanges • Inter-institutional collaboration • Federal e-authentication initiative • Deployments now beginning 18
The Next Six Months in parts of Middleware • Federations • A Higher Ed CA • Chandler • Signed email • Credential convertors and identity mapping • OGSA • Shibbing collaboration tools • DRM 20
Federations and Classic PKI • They are very similar • Both imply trust models • Federations are a enterprise-enterprise PKI • Local authentication may well be end-entity certs • Name-space control is a critical issue • And they are very different • End user authentication a local decision • Flat set of relationships; little hierarchy • Focus as much on privacy as security • Web Services only right now: no other apps, no encryption • We get to define… 21
The Next Two Years in parts of Middleware • Desktop video • Authzanity • A Higher Ed Bridge CA • Federated enterprise P2P • Virtual organization support • Federated directories • Middleware diagnostics 23
Getting the Most Out of CAMP • Conventional wisdom is not wisdom • Its about deployments • We have met the enemy… • Friday morning consulting • Netequitte • The creek path • Stay engaged 24