welcome to camp!
DESCRIPTION
Welcome to CAMP!. Ken Klingenstein, Director, Internet2 Middleware Initiative. Overview. CAMP Goals Workshop Context A word from our sponsors A word about NMI-EDIT. Goals of CAMP: Authentication Overview/Deployment. Overview of deploying authentication WebISO technologies - PowerPoint PPT PresentationTRANSCRIPT
Welcome to CAMP!
Ken Klingenstein,Director, Internet2 Middleware Initiative
CAMP - June 4-6, 2003 2
Overview
• CAMP Goals• Workshop Context• A word from our sponsors• A word about NMI-EDIT
CAMP - June 4-6, 2003 3
Goals of CAMP: Authentication Overview/Deployment
• Overview of deploying authentication• WebISO technologies• Update on directory activities• Inter-institutional authorization and leveraging
campus authentication
CAMP - June 4-6, 2003 4
Goals of CAMP
• Develop contacts from other institutions implementing middleware
• Learn about current research • Take home ideas to help remove those
roadblocks on your campus• Benchmark your own implementation against
current higher-ed practices
CAMP - June 4-6, 2003 5
Thanks to our CAMP “Program Committee”
• Mike Berman– CSU Pomona
• Kent McKinney– CSU Hayward
• Bill Winn– Bradley University
CAMP - June 4-6, 2003 6
A Word From Our Sponsors
• National Science Foundation’s Middleware Initiative (NMI)
• NMI – Enterprise Desktop Integration Technologies (EDIT) Consortium
• Internet2 – primary on grant and research• EDUCAUSE – primary on outreach• Southeastern Universities Research Association
(SURA) – primary on NMI Integration Testbed
…with support from Sun Microsystems Inc.
CAMP - June 4-6, 2003 7
NMI-EDIT: Goals
• Create a ubiquitous common, persistent and robust core middleware infrastructure for the R&E community
• Provide tools and services (e.g. registries, bridge PKI components, schemas, root directories) to support inter-institutional and inter-realm collaborations
CAMP - June 4-6, 2003 8
NMI-EDIT: Core Middleware Scope
• Identity and Identifiers – namespaces, identifier crosswalks, real world levels of assurance
• Authentication – campus technologies and policies, inter-realm interoperability via PKI, Kerberos
• Directories – enterprise directory services architectures and tools, standard object classes, inter-realm and registry services
• Authorization – permissions and access controls, delegation, privacy management
• Integration Activities – common management tools, use of virtual, federated and hierarchical organizations
CAMP - June 4-6, 2003 9
A Map of Middleware Land
CAMP - June 4-6, 2003 10
NMI-EDIT: Strategic Direction
• Overall technical direction set by MACE–Middleware Architecture Committee for Education (MACE)
–Bob Morgan, University of Washington, Chair
–Campus IT architects and representatives from Grids and International Communities
• Directions set via–NSF and NMI management team
–Internet2 Network Planning and Policy Advisory Council
–PKI, FOO and Directory Technical Advisory Boards
–Internet2 members
CAMP - June 4-6, 2003 11
Sample NMI-EDIT Process: Directories
• MACE-DIR Working Group –Prioritize needed materials– Establish subgroups
• revision of basic documents (LDAP Recipe)• new best practices in groups and metadirectories• standards development for eduPerson 1.5 and eduOrg 1.0
– Work in enhanced IETF approach: scenarios, requirements, architectures, recommended standards stages
–Announce deliverables; start input and conference call review/feedback processes; reconvene work groups as needed
• Process schedule and requirements–4-6 months for completion, depending on product–6-8 primary contributors–15-50 schools participating
CAMP - June 4-6, 2003 12
NMI-EDIT: Participants
• Higher Ed – 15-20 leadership institutions, with 50 more campuses
represented as members of working groups; readership around 2000 institutions
• Corporate– (IBM/Metamerge, Microsoft, SUN, Liberty Alliance, DST,
MitreTek, Radvision, Polycom, EBSCO, Elsevier, OCLC, Baltimore Technologies)
• Government – NSF, NIST, NIH, Federal CIO Council
• International –Terena, JISC, REDIRIS, AARnet, SWITCH
CAMP - June 4-6, 2003 13
The pieces fit together…
• Campus infrastructure– Name space, identifiers, directories
– Enterprise authentication and authorization – Portals and LMS’s
• Inter-realm infrastructure– edu schemas– Exchange of attributes
• Inter-realm Upperware– Grids– Digital libraries– Video
CAMP - June 4-6, 2003 14
Middleware as Infrastructure
• It serves both academic and administrative units
• It serves both instructional and research missions
• It must be reliable, scalable, extensible, ubiquitous, and transparent.
• It must be deployed, which requires real technical, financial and political processes.
CAMP - June 4-6, 2003 15
Middleware as Art
• There is no proven policy path• Much depends on local legacy systems• Much depends on local legacy people• Much of the technology base is being
invented as we meet
CAMP - June 4-6, 2003 16
The Last Six Months in Middleware
• Directories– Eduperson – new attributes, passions about
vocabulary, new pressures for internationalization– CommObject becomes H.350– Metadirectories…
• Shibboleth – grows to v1.0, libraries and content providers drive deployments, federations take shape
• Enterprise, federated Chandler is hatched
CAMP - June 4-6, 2003 17
The Last Six Months in Middleware
• Desktop video – what’s proving hard• PKI – needs grew, CREN died…• DRM – wins and losses• OKI – fits and starts• Portals – growing consensus on a few
standards
CAMP - June 4-6, 2003 18
Drivers for federations
•At least four technologies…–Shibboleth, Liberty Alliance, Federated .NET, PAPI from RedIris (Spain), perhaps PKI
•Several business needs–Internal exchanges–Inter-institutional collaboration–Federal e-authentication initiative
•Deployments now beginning
CAMP - June 4-6, 2003 19
Origin Side Architecture
CAMP - June 4-6, 2003 20
The Next Six Months in parts of Middleware
• Federations• A Higher Ed CA • Chandler• Signed email• Credential convertors and identity mapping• OGSA• Shibbing collaboration tools• DRM
CAMP - June 4-6, 2003 21
Federations and Classic PKI
•They are very similar–Both imply trust models–Federations are a enterprise-enterprise PKI–Local authentication may well be end-entity certs–Name-space control is a critical issue
•And they are very different–End user authentication a local decision–Flat set of relationships; little hierarchy–Focus as much on privacy as security–Web Services only right now: no other apps, no encryption–We get to define…
CAMP - June 4-6, 2003 22
Overall Trust Fabric
CAMP - June 4-6, 2003 23
The Next Two Years in parts of Middleware
• Desktop video• Authzanity• A Higher Ed Bridge CA• Federated enterprise P2P• Virtual organization support• Federated directories• Middleware diagnostics
CAMP - June 4-6, 2003 24
Getting the Most Out of CAMP
• Conventional wisdom is not wisdom• Its about deployments• We have met the enemy…• Friday morning consulting• Netequitte• The creek path• Stay engaged