Campus middleware in the service of Science

Keith HazeltonInternet2 Middleware Architecture Committee for Education

NSF Internet2 DayOctober 19, 2006

Middleware serving science• The vision: from siloed applications to layered services• A fictional illustrative example• Examples from the real world• Results so far• Who is involved• Scope of work• The emergence of Federations and Virtual

Organizations

A Map of Middleware Land

Vision in one slide• Build a campus/enterprise core middleware

infrastructure that• Serves the overall enterprise IT environment, providing business

drivers and institutional investment for sustainability and scalability• Is designed to support the research and instructional missions

• Implies consistent approaches and common practices across campuses and internationally

• Build, plumb, and replumb the tools of research on top of that emergent infrastructure• Domain-specific middleware (grids, sensor nets, etc)• Common collaboration tools (video, protected wikis, shared

calendaring, audioconferencing, etc.)

Components of Core Middleware:Internet2 with NSF support

Why

• Ease of use•Common tools used in a consistent fashion•Allow students to access research capabilities in

instructional environments • Better security• Integrate with local security • Facilitate flexible options for effective use•Preserve privacy but maintain accountability

Why• Realizes efficiencies, economic and strategic, that

serves both the institution and its individuals• Facilitate advanced networking and science• Trust-mediated transparency• Transparent-to-use tools for collaboration•Better diagnostics

An Example: Jean Blue and VOGUE

• Hypothetical Professor Jean Blue•Professor of Micro-astro Physics at

Sandstone U, teaching MAP 1010•PI of international VOGUE project•Fiscal authority of local VOGUE funds•Parking permit for Lot 421• ID Card 465631-1289

Integrating science and education• Jean Blue, as PI of VOGUE, gets lots of research

capabilities that need to work in education. • Assign to students of MAPS 101 permission to read the

VOGUE mass-hypometer• Assign to the four TA/discussion leaders permission to reset

the mass-hypometer• Facilitate on-line discussions among the students taking

classes at other universities from her co-PI’s• Have read/write privileges on the VOGUE wiki, and give her

students read access to parts of the Wiki

• There are many, many problems with the current ad hoc approaches

Functions and Roles for Jean Blue

• Lead VOGUE scientist•Run experiments•Manage instruments and data•Administer rights for others to manage I&D•Collaborator – audioconferences, IM, wikis

• Co-PI of VOGUE grant•Manage local financial accounts•Approve local hires•Edit and electronically submit proposals

Functions and Roles for Jean Blue

• VOGUE Disseminator•Provide editorial content for outreach wiki•Mentor K-12 teachers in community

programs• Educator• Teach undergraduate classes using research

tools•Supervise graduate students, TA’s, etc.

Concrete examples•Elsevier, JSTOR e-resource providers: – Scientists aren't even aware that their

access to digital library materials is mediated by NMI federating software, shibboleth (Ohio State)

•Physics professor using WebAssign service for content and testing (Penn State)

Concrete examples•Cancer Biomedical Informatics Grid •Incorporates NMI group/role management

and federation software in caGrid 1.0, rolling out in December

Concrete examples•Scientists in Denmark and Norway

have access to supercomputer facility through a portal in Finland

•Shib-enabled access to Condor– Georgetown users, Univ. of Wisconsin

resources

The Vision, from the User View

• A consistent set of tools to manage their campus and virtual organization lives•Provide a common approach to

authentication, authorization, delegation, etc.•Permit activities that cross educational and

virtual organization boundaries•Provide usability, security and privacy•Satisfy regulatory and audit requirements

From Vision to Reality• We’re now 5-6 years into a multi-year

development and deployment effort

• Broad participation of higher education and the commercial sector in the US and internationally

• Deep engagement with the federal government

• Key players include Internet2, NSF, Educause, GSA, NIH, etc.

The results so far• Effective promotion of issues, roadmaps, etc to

campuses and corresponding investment by campuses (“2006 Number 1 IT Issue”)

• Broad adoption of community standards• Provision of key open-source components• Shape major technical standards • Creation of inter-institutional trust fabrics to provide

federated identity infrastructure• Consistent international deployments, some more

extensive than the US • The early beginnings of virtual organization

development.

Who’s involved

• Many interested parties – the time is now, for both the needs and the capabilities

• Within the academic sector, driven by campus IT organizations supplying architects, working open source code, and participation in community standards processes

• In the corporate sector, both vendors and large, heterogeneous companies see the needs and opportunities

Who’s involved

• Initiatives within government, from NSF NMI to GSA E-Authentication, providing project funding and use the resulting products.

• Internationally, R&E sectors are active and in some cases exceeding US efforts

• Internet2 Middleware Initiative and MACE have been focus points and coordination mechanisms.

Scope of work•Core middleware infrastructure, including directories, authentication, authorization, etc. in service to academic, administrative and research missions.

•An emerging set of developments in virtual organization support, including both basic collaboration tools and platforms such as GridShib

•Deliverables are open source software (Shib, Signet, Grouper, etc.), community standards (eduPerson, eduOrg), best practices, dissemination and sharing, and some modest services (InCommon, USHER)

Parallel trajectories outside the US

• e-Science initiatives in Great Britain and Australia• both include heavy investment in middleware

development• many of the projects building on prior NSF

Middleware Initiative deliverables from Internet2

• Most notably: National Higher Education Shibboleth deployment in Great Britain

Parallel trajectories outside the US

• January 2005, the Australian Department of Education, Science and Training (DEST) and the UK Joint Information Systems Committee (JISC) signed a DEST-JISC Cooperation Framework

• Closer collaboration, continued investment in e-Science and related middleware activities

Federations Concept

Federated identity and virtual organizations

• Campuses build consistent and sustainable middleware infrastructures

• Federating software and federations create effective inter-institutional collaboration infrastructure on that substrate

• Federations peer internationally and across sectors to extend the value

• Virtual organizations leverage campus infrastructure and peered federations for user-centric enterprise-leveraged collaborations

The Art of Federating

GridShib• A set of approaches to leveraging federated

identity in Grids• Projects leverage local authentication in a variety

of ways, and some contemplate extending local authorization approaches to Grids

• All approaches provide significant improvements to user experience, security, privacy, cost of operations and more.

• Pilot deployments planned in the next few months across a part of the Teragrid

The impacts on cyberinfrastructure“The event was a nice example of why you get on an

airplane and travel to a workshop - to make progress about 50 times faster than exchanging email and position papers! Having made this investment, we are ready to take the next concrete steps to make this vision a reality.

Improving security and usability at the same time. How often do you get a chance to do that? “

Charlie Catlett, Teragrid Director

Q & A