1 / 34

Internet2 Middleware and the NSF Middleware Initiative: Meeting Milestones

Internet2 Middleware and the NSF Middleware Initiative: Meeting Milestones. Ken Klingenstein Director, Internet2 Middleware Initiative, Co-PI, NSF Middleware Initiative. Topics. Internet2 Middleware Overview Internet2 Middleware Activities NSF Middleware Initiative

adrianb
Download Presentation

Internet2 Middleware and the NSF Middleware Initiative: Meeting Milestones

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Internet2 Middleware and the NSF Middleware Initiative: Meeting Milestones Ken Klingenstein Director, Internet2 Middleware Initiative, Co-PI, NSF Middleware Initiative

  2. Topics • Internet2 Middleware Overview • Internet2 Middleware Activities • NSF Middleware Initiative • Grid Center and Release 1 • EDIT Work and Release 1 • Testbeds and Outreach • Year 2 Goals • Integration May 8, 2002

  3. A Map of Middleware Land May 8, 2002

  4. Core Middleware Scope • Identity and Identifiers – namespaces, identifier crosswalks, real world levels of assurance, etc. • Authentication – campus technologies and policies, interrealm interoperability via PKI, Kerberos, etc. • Directories – enterprise directory services architectures and tools, standard objectclasses, interrealm and registry services • Authorization – permissions and access controls, delegation, privacy management, etc. • Integration Activities – common management tools, use of virtual, federated and hierarchical organizations May 8, 2002

  5. Making it happen • Much as at the network layer, plumb a ubiquitous common, persistent and robust core middleware infrastructure for the R&E community • Foster effective and consistent campus implementations • Motivate institutional funding and deployment strategies • Solve the real world policy issues • Integrate key applications to leverage the infrastructure • Nurture open-source solutions • Address scaling issues for the user and enterprise • In support of inter-institutional and interrealm collaborations, provide tools and services (e.g. registries, bridge PKI components, root directories) as required May 8, 2002

  6. Internet2 Middleware:Key Concepts • Use federated administration as the lever; have the security domain broker most services (authentication, authorization, resource discovery, etc.) • Provide security while not degrading privacy. • Foster interrealm trust fabrics for both legal and collaborative needs • Leverage campus expertise and build rough consensus • Influence the marketplace; develop where necessary May 8, 2002

  7. Internet2 Middleware: Areas of Activity • General Middleware: Roadmaps and Business Plans • Directories: directory services architectures, objectclasses, tools and techniques, affiliated directories • Shibboleth: interrealm exchange of attributes • PKI • Video on demand and digital rights management • Federated videoconferencing • Medical middleware: scenarios, objectclasses, privacy and security May 8, 2002

  8. PKI Activities • HEPKI-TAG (http://www.educause.edu/hepki/) • CP/CPS draft, S/MIME work • HEPKI-PAG • HEBCA, CP • First Annual Research Conference (http://www.cs.dartmouth.edu/~pki02/) • A Higher Ed Sector CA and CREN’s role May 8, 2002

  9. Access to Digital Materials • Several ways to use digital materials – • personal use – typically purchased by individuals on a subscription or per-use basis. • professional use – typically acquired (for fee or legal agreement) by an organization or university on a bulk basis, with access redistributed freely to members of the organization. • public use – as a citizen, entitled to an information commons, and other basic information rights, such as Fair Use and Freedom of Information May 8, 2002

  10. The different uses of on-line materials have different requirements; they will likely require different technologies. Requirements vary about the needs and controls for privacy, the economic recovery model, the needs and controls for security, etc. Who is developing the digital rights technologies for professional and public use? Digital rights technologies May 8, 2002

  11. Vidmid • Supported by NSF, Internet2, and ViDe • Vidmid – the combined work • Vidmid-vc – led by Egon Verhoren (SURFnet), with conspicuous players Tyler Johnson (UNC), Samir Chatterjee (Claremont), Doug Sicker (Colorado) and Art Vandenburg (Georgia State) • Vidmid-VoD – led by Mairead Martin (UT-Knoxville) with conspicuous players Grace Trauner (Rutgers) and Jim DeRoest (Washington) • Parked work: Metadata, security cameras, hybrid forms • Key vendor participation • http://middleware.internet2.edu/video May 8, 2002

  12. NSF Middleware Initiative • GRID Consortium and Release 1 • EDIT Consortium and Release 1 • Testbeds and Outreach • Year 2 Goals • Integration May 8, 2002

  13. EDIT Consortium • Enterprise and Desktop Integration Technologies Consortium (EDIT) • Internet2 – primary on grant and research • EDUCAUSE – primary on outreach • Southeastern Universities Research Association (SURA) – testbed May 8, 2002

  14. NMI-EDIT Plan • Foster the development of campus enterprise middleware to leverage both the academic and administrative missions. • Coordinate a common substrate across higher ed middleware implementations that would permit inter-institutional efforts such as Grids, digital libraries, and collaboratories to scale and leverage • In some instances, build collaboration tools for particularly important inter-institutional and government interactions, such as web services, PKI and video. • Insure that distinctive higher ed requirements, from privacy and academic freedom to multi-realm portals, are served in the marketplace. May 8, 2002

  15. Sample NMI-EDIT Process (Directories ) • MACE-DIR prioritizes needed materials • Subgroups established: • revision of basic documents (LDAP Recipe) • new best practices in groups and metadirectories • standards development for eduPerson 1.5 and eduOrg 1.0 • Subgroups work in enhanced IETF approach, with scenarios, requirements, architectures and recommended standards stages. • WG Deliverables announced; input and conference call feedback processes start for RPR status; work groups reconvene as needed • Seems to take around 4-6 months, depending on product • 6-8 people seem to drive, 15-50 schools participate May 8, 2002

  16. NMI-EDIT Development Stages • Works in Progress • Under development by working group; to shape directions • Labeled as Draft • Experimental • Reviewed within the working group; for review within the EDIT Community • Labeled as EXP • Released for Public Review • For broad review, including international and vendor communities • Labeled as RPR • Final • Labeled as FIN May 8, 2002

  17. NMI-EDIT Participants • Higher Ed – 15-20 leadership institutions, with 50 more campuses members of working groups; readership around 2000 institutions. • Corporate - (IBM, Microsoft, SUN, Intel, Liberty Alliance, DST, MitreTek, Radvision, Polycom, EBSCO, Elsevier, OCLC, Metamerge, Baltimore, etc.) • Government – NSF, NIST, NIH, Federal CIO Council, etc • International – Terena, JISC, REDIRIS, AARnet, etc. May 8, 2002

  18. A Few Year One Milestones • Sept 1, 2001 – Grant awarded • Oct 2001– eduPerson 1.0 finalized; outreach begins with multiple full day workshops • Jan 2002 – HEBCA tested; first CAMP held • Feb 2002 – PKI Lite CP/CPS; e-Gov and Management and Leadership Best Practice Awards • April 2002 – Shibboleth alpha ships; testbeds selected; NIST/NIH PKI workshop • May 2002 – NMI release, with eduPerson 1.5, pubcookie, KX.509, groups and metadirectories, video white papers • June 2002 – affiliated directories to begin; basic CAMP; testbed kickoff • July 2002 – Shibboleth beta to ship; advanced CAMP May 8, 2002

  19. Specific Deliverables Release 1 • Software • KX.509 and KCA • Certificate Profile Maker • Pubcookie • Object Classes • eduPerson 1.0 • eduPerson 1.5 • eduOrg 1.0 • commObject 1.0 • Service • Certificate Profile Registry May 8, 2002

  20. Specific Deliverables Release 1 • Conventions and Practices • Practices in Directory Groups 1.0 • LDAP Recipe 2.0 • Metadirectory Practices for the Enterprise Directory in Higher Education 1.0 • White Papers • Shibboleth Architecture v4 • Policies • Campus Certificate Policy for use at the Higher Education Bridge Certificate Authority (HEBCA) • Lightweight Campus Certificate Policy and Practice Statement (PKI-Lite) • Sample Campus Account Management Policy May 8, 2002

  21. Specific Deliverables Release 1 • Works in Progress: White Papers • Role of Directories in Video-on-Demand • Resource Discovery for Videoconferencing • commObject: Directory Services Architecture for Video and Voice Conferencing over IP May 8, 2002

  22. NMI Participation USERS CONTRIBUTORS Targeted User Communities Other Interested Implementers DEVELOPERS - Develop NMI-related or derived components- Support NMI components - Campuses - Industry - Government - Campuses - GriPhyN, NEES, etc NMI Testbed Participants SUPPORTERS - Determined by Call For Participation • Repackage NMI components and distribute under own label NMI Outreach:Participation Opportunities May 8, 2002

  23. Networking and Education • Held four workshops • Reached 117 U.S. schools • Participants include CIOs, management, and technical IT staff • Additional participants from international, research, and vendor communities • Not just the usual suspects • Denison University • Clark Atlanta University • Ogala Lakota College May 8, 2002

  24. Networking and Education:Next Steps Campus Architectural and Middleware Planning • June and July • CIOs and technical staff • Introductory/advanced workshops held twice per year Tutorials • Annual and regional EDUCAUSE/Internet2 meetings • Others upon request and as schedules permit Email lists • EDUCAUSE and Internet2 email lists May 8, 2002

  25. NMI Integration Testbed: Overview • Focus on the integration of released middleware components with real life use and conditions • Elements: Sites, Manager, Workshop • Integration is the point - could think of it as… • Where “EDIT” meets “GRIDS” • Where enterprise needs meet research needs • Where NMI components meet reality May 8, 2002

  26. NMI Outreach:Participation Opportunities • NSF-middleware.org (NMI site) • www.nmi-edit.org (EDIT site) • www.grids-center.org (GRIDs Center site) May 8, 2002

  27. Year Two Work Areas • Authorization, Authorization, Authorization • Shibboleth and PKI • Integration with the Grid • HEBCA • Affiliated directories • Federated digital rights management • Video • Registry Services • Research medical middleware May 8, 2002

  28. Some Year 2 Deliverables • Options and Architectures for the N-Tier Problem -white paper August 2002 • Federated DRM workshop – August 2002 • Affiliated directories – white paper Aug 2002; pilots end of 2002 • Registry services – as needed; first one in Sept 2002 • Shibboleth 1.0 – code released in NMI 1.5 • eduOrg 1.0 - final, end 2002 • 2nd PKI Research Conference – April 2003 May 8, 2002

  29. Issue: International • Our technologies are international but our standards, best practices, etc are largely US centric, by authority and in order to facilitate convergence. • Grids and other networked science activities are international • International trust structures are undefined, in particular the role of governments as trust intermediaries May 8, 2002

  30. Issue: Integration • We understand, somewhat, the technical issues involved in integration. • how can we get technical consensus • how can we meet in the future versus retrofit the existing • who will plug the gaps • We do not understand the policy issues: • who will fund and support the integration • how will institutional policies affect the management decisions for networked resources • how do governments participate May 8, 2002

  31. Integration Issues • What needs integration? • Core middleware components • Plumbing the campus core for Grids • New NMI components into the existing base • What are the desired outcomes of integration • To the user • Relatively single-sign on/limited credentials • Enterprise directory data supplied to Grids and other apps • Behind the scenes • Integrated accounting, security, management May 8, 2002

  32. Integration Issues • What are the barriers to integration • Embedded bases • Different priorities • Gaps May 8, 2002

  33. Coexistence, then integration • Coexistence • Converting campus Kerberos tickets to temporary X.509 certs • Classification of NMI deliverables • Testbeds for multiple agendas • Identifier cross-walks • Integration • Web services • Metadirectories • Identifier reduction • Accounting and resource control May 8, 2002

  34. The pieces fit together… Campus infrastructure Name space and identifiers Directories Enterprise authentication and authorization Inter-realm infrastructure edu object classes Exchange of attributes Inter-realm Upperware Grids Digital libraries Video May 8, 2002

More Related