250 likes | 263 Views
Middleware Picture in Australia. Alex Reid Director, eResearch/Middleware, AARNet. National Research Infrastructure. Backing Australia’s Ability – An Innovation Action Plan for the Future 2001/2004: http://backingaus.innovation.gov.au/ $3 billion over 5 years from 2000-1
E N D
Middleware Picture in Australia Alex Reid Director, eResearch/Middleware, AARNet Alex Reid: Australian Middleware
National Research Infrastructure Backing Australia’s Ability – An Innovation Action Plan for the Future 2001/2004:http://backingaus.innovation.gov.au/ $3 billion over 5 years from 2000-1 $5.3 billion over 7 years from 2004-5 Systemic Infrastructure Initiative (SII) to upgrade research infrastructure at Australian universities: $246m over 5 years from 2000-1 to 2005-6 $542m over 6 years from 2005-6 to 2010-11 • HEBAC (Higher Education Bandwidth Advisory Committee) 2002-3http://www.dest.gov.au/highered/research/pdf/aren.pdf • ARENAC (Australian Research and Education Network Advisory Committee) 2003+http://www.dest.gov.au/sectors/research_sector/programmes_funding/programme_categories/key_research_priorities/australian_research_and_education_network/arenac.htm • HEIIAC -> ARIIC (Australian Research Information Infrastructure Committee) 2003+http://www.dest.gov.au/highered/research/ariic.htm • NRIT (National Research Infrastructure Task Force) 2003-4http://www.dest.gov.au/sectors/research_sector/policies_issues_reviews/reviews/previous_reviews/national_research_infrastructure_taskforce_framework/default.htm • NCRIS (National Collaborative Research Infrastructure Strategy) 2004-5http://www.dest.gov.au/sectors/research_sector/policies_issues_reviews/key_issues/ncris/default.htm • eResearch Coordinating Committee 2005+http://www.dest.gov.au/sectors/research_sector/policies_issues_reviews/key_issues/e_research_consult/default.htm/ Alex Reid: Australian Middleware
AARNet3 Components • APL Tender for v3 of AARNet mid-2004 • ARENAC $70m + APL own reserves • National Backbone: own 2 fibre pairs across the country – deployed since 2004 at 10Gbps • Regional Network: diverse routes, using DWDM, up to 320Gbps • International Links: IRU on 2x 10Gbps fibres across the Pacific (SCCN) – PoPs in Seattle, LA • “Commodity” connectivity in Australia & USA (Seattle, Palo Alto) • Participate in TEIN2 – PoPs in Singapore & Frankfurt Alex Reid: Australian Middleware
AARNet3 Infrastructure – National Alex Reid: Australian Middleware
AARNet3 Infrastructure – Regional Alex Reid: Australian Middleware
AARNet3 Infrastructure – Comparison Alex Reid: Australian Middleware
AARNet3 Infrastructure – Comparison Alex Reid: Australian Middleware
AARNet3 Infrastructure – International Alex Reid: Australian Middleware
AARNet3 Infrastructure – Global Alex Reid: Australian Middleware
Middleware Definition • All those systems, services, tools, agreements, arrangements and processes that are necessary in order to make the task of utilising a diverse, global collection of devices, data, processing and services for a wide variety of research and educational applications as easy to use as if they were all homogeneous, located locally and under the direct control of the researcher or scholar. • Roughly equivalent to but rather broader than other “national” definitions (eg JISC, Internet2) Alex Reid: Australian Middleware
Place of Middleware Users Applications, Human Interfaces Middleware: Application-independent; Resource- & Location-neutral Knowledge Management, Resource Management, Collaboration Tools, Grid Services Authentication, Authorisation, Access, Accounting: PKI, Shibboleth, etc Local, Regional, National & International Network Infrastructure Facilities, Services, Resources: Processing, Data Storage, Instruments, Electronic Information Alex Reid: Australian Middleware
Draft Middleware Action Plan Following National Forum Dec-04: • Undertake an environmental scan. • Establish a single PKI Certification Authority for R&E. • Establish a sound basis for federated security systems in Australia that will scale to international federations. • Establish appropriate mechanisms to coordinate all R&E Middleware initiatives in Australia. • Agree to investigate adopting Shibboleth. • Establish and sustain strong connections with relevant Australian initiatives/entities. • Establish and strengthen overseas links. • Promote the swift implementation of enterprise directory services at all Australian education and research institution. • Develop strong visibility for and marketing of the Middleware agenda in Australia. Alex Reid: Australian Middleware
Survey of Identity & Access Management • Establish State-of-Play at Australian universities • Identify best practice, barriers to rapid implementation, authorisation requirements • Goal is: • pervasive, federated infrastructure that integrates organisations internally while simultaneously allowing them to interoperate with others [Burton Group, 2002] • 49% response (low due to complexity) • Currently: • Usernames/passwords, Same Sign-on, EZProxy, VPNs, LDAP, in-house integration • Moving to: • Single Sign-on, automated integration (data feeds from corporate systems), Portals, PKI • Barriers: • Resources, high risk to critical systems, lack of standards/guidance & training, coordinated middleware Alex Reid: Australian Middleware
ARIIC Projects • 1st Round (FRODO) early-2004: • MAMS (Access Management) • ARROW (Repositories) • ADT (Digital Theses) • APSR (Repositories) • 2nd Round (MERRI) 22-Aug-05 ($19m): • MAPS • PKI/Shibboleth (operationalise the CAUDIT PKI Standards Project) • Others (mostly specific collections development/access & digitisation) Alex Reid: Australian Middleware
ARIIC MERRI Grant – MAPS • Announced by Minister 22-Aug-05 • $582,910 granted • Lead site: University of Queensland (Nick Tate) • Supported by: CAUDIT, CAUL, Monash, ANU, Macquarie, AARNet, GrangeNet • From now till end 2006 • Purpose: • This project will identify the software and services (middleware) that are currently being used in Australia to link applications across a range of resources on networks and computer systems in Australian universities. The MAPS project will identify existing areas of activity in the university and research sectors, and use these results to tap into the expertise across the sector to build a strategic plan of activities and projects for an Australian collaborative middleware strategy. This is an important project whose outcomes will enable other projects to leverage off common infrastructure and focus on providing new services that can be shared across the education and research sectors. Alex Reid: Australian Middleware
MAPS Activities Goal: Agreed Strategy for Middleware Deployment and Development (note the 2 strands) • Full-time Project Manager • Steering Committee, Reference Group, Kick-off Forum • Wide consultation: committees, forums, wikis, mailing lists, Website • Environmental Scan/Stocktake (local and global) • Analysis of findings, development of draft Strategy • Expert Reports • Round-Table • Finalisation of Strategy • Future Funding Proposals Alex Reid: Australian Middleware
Existing Middleware Activity • APAC Grid • Nimrod-G • CAUDIT-PKI • eduroam, AARLIN, DEST/JISC e-Framework • Emerging developers, end users, identity providers, service providers • MAMS: • Developing hands-on technical/policy experience with Shibboleth within the community • Test Shibboleth federation has been established, including a WAYF server • Scouting for suitable test IdP’s and SP’s Alex Reid: Australian Middleware
MAMS – Broad Goals • Meta-Access Management System • Addressing the “Authentication, Authorisation, Identity, Single-Sign-On, Federation, Trust, Security, Digital Rights and Automated Access Policy” Cluster of Problems • Iterative demonstrations to help drive the gathering of user requirements • Development of common services prototypes • Intra-institutional multi-modal SSO • Inter-institutional access management • Attribute exchange (Shibboleth) • Automation of policy • Federated and extensible identity • Other common services: DRM, search, metadata • Implementation advice and programs Alex Reid: Australian Middleware
MAMS Next Steps • Add Shib to test environments at NLA, APSR, … • Organise install-fests (SSO workshop) & roadshows • Offer support (CMS, forum, mailing-list, FAQs) • Start an Australian Federation • Integrate cross-domain SSO with institutional SSO • Integrate with desktop SSO (Kerberos) • Integrate XACML into SAML • Develop plug-ins for legacy systems • Develop ARP manager & provisioning tools • Easy installation packages (Shib+WebISO) • Virtual Organisation (client & server) packages • Offer policy & legal documents, etc… Alex Reid: Australian Middleware
CAUDIT PKI Project The CAUDIT PKI Project involves developing a single national PKI standards framework for HE & Research, including: • Certification Authority (CA) • Registration Authority (RA) • Certificate Policy (CP) • Certification Practice Statement (CPS) Built purely for test/trial purposes: • not evolve into a production service model; • only survive until Sept 2005; • support 4 levels of assurance; • support cross certification; • support embedding in web browsers (positive Microsoft discussions); • support signed emails. Next Step is to turn it into a production system – funded as part of MERRI Alex Reid: Australian Middleware
PKI Trust Model • AusCERT Root CA is trust anchor for the CAUDIT PKI • Old CA’s continue to work • Cross-certifies with national, international and global PKIs • AusCERT will provide: • PMA • Directory of Directories • Single point Certificate Dissemination. • Single point CRL and OCSP. • Virtual CA for institutions that can’t deploy own PKI Alex Reid: Australian Middleware
eduroam • Being undertaken jointly by AARNet & GrangeNet • Deploy eduroam in AARNet offices & staff • Write and seek endorsement for national eduroam policies • Promote and participating in eduroam developments within the APAN region • Participate in eduroam global working group • See www.eduroam.edu.au Alex Reid: Australian Middleware
APAN eduroam deployment Alex Reid: Australian Middleware
Global eduroam/M’ware Development • Europe • Close co-operation with JISC, Terena and European NRENs on eduroam & other Middleware activities • Americas • Working on eduroam and Shibboleth activities • APAN • APAN 2005 Taipei Middleware breakfast meeting • APAN Middleware mailing list • APAN Middleware stream for Jan 2006 Tokyo APAN meeting • Global • eduroam global working group • Middleware policy (“Slaughter” meeting) • MACE/MICE participation Alex Reid: Australian Middleware
END QUESTIONS??? Alex Reid: Australian Middleware