1 / 12

TIER: Quick Preview

TIER: Quick Preview. Steven Zoppi. AVP, NET+ Services Integration and Architecture . 14 May 2014 / Notre Dame [CSG]. TIER Objective. Build upon all of the great work the community has already done!

anahid
Download Presentation

TIER: Quick Preview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TIER: Quick Preview Steven Zoppi AVP, NET+ Services Integration and Architecture 14 May 2014 / Notre Dame [CSG]

  2. TIER Objective • Build upon all of the great work the community has already done! • This is a systems integration problem first, then an invention problem thereafter … • Extend what works: e.g. NMI-EDITTaking into consideration all of the landscape that Ken K presented earlier – but delivering iteratively, at a regular cadence

  3. Begin With the End In-Mind • Start With a SandboxShow What WorksEvolve Over Time • Thanks to Keith Hazelton, Jim Jokl, Michael Gettes, Nate Klingenstein, Bill Yock • Reference Architecture • Canonical Implementation

  4. What’s the problem again? • To Enable The Community to Consume and Integrated with Cloud Services Most Efficiently • Mandate: Emergence of Viable and Varied Cloud Services + Increasing Geographic Diversity of Research and Education • It’s no longer just about who you are – it’s about the spheres of influence in which you operate combined with the means to find the resources necessary to do research, education, collaboration – and do these things, in scalable, elastic, and manageable ways.

  5. Balanced Scorecard of Control Individual Identity is the sum of all MetaData known by all affiliates.

  6. *By the way … • Most service providers are not cluefulabout identity • Most service providers do not understand groups • Within Enterprise • Across Enterprises • Must be achieved at GLOBAL SCALE across Enterprises while maintaining MetaData/Attribute control at the Enterprise • It will be a multi-year effort • Must enable smooth migration or implementation over time • Must support management of one’s own identity and have the ability for discretionary MetaData/Attribute Release

  7. Encapsulate and Empower SPs • Provide a series of services end-points to which the candidate SPs will connect. • Provide services which augment or replace SP-AUTHN or AUTHZ “machinery” with those provided by TIER. • Enable • Faster Integration • Greater Flexibility • Greater Value to the Community and the SP

  8. Challenges CAS, Shibboleth, Grouper, KIM, OpenReg, CPR, Identity Match, CoManage/CoCoA, InCert, uApprove, InCommon Assurance, CommIT, ORCID, OpenIDM, Syncope, iRODS, CILogon, u-Prove, FICAM, NSTIC IDESG, InCommon Federation, SimpleSAML.php, IRMA, PubCookie, InCommon Quilt, Kerberos, ConnID, OpenIDConnect, Oauth, OpenICF, SCIM, XACML, Social2SAML, MDX, Metadata Aggregator, ABC4Trust, NSTIC Scalable Privacy, KOM, OpenIdM, EduGain, Moonshot • The core needs are for AuthN and AuthZ for Interrealm Use • A wide assortment of open source software has been developed by the community to address parts of those needs. • Excellent, Inconsistent, Non-Interoperable, Hard to Sustain / Maintain, Still has significant gaps. • Lacking a common approach has led to a proliferation of approaches.

  9. Requirements The definitive source of Scholarly Identity and Affiliation across Virtual Organizations … In The Cloud • Scalable, Multi-Enterprise, Resilient Solution • Rationalized and Accessible API and Grammar • Federation-Enabled • Extensible • Plug-in Architecture • Support for Matrices within/without Organizations • Support for Institutional, Statutory and Regulatory Constraint in the Semantic Layers for AuthZ

  10. Generalized Design • Terminology: “Façade” design pattern (Software Engineering) “A Façade provides a unified interface to a set of interfaces in a subsystem. Façade defines a higher-level interface that makes the subsystem easier to use. Wrap a complicated subsystem with a simpler interface.”

  11. The TIER Façade Acts Like A Broker  Contained Within the Enterprise Decision making for which subsystem receives the target request remains within the enterprise. Cloud-Based Service 

  12. Internet2 Middleware: Proposed Unified Model

More Related