Middleware challenges to service providers, the Nordic view TERENA, 24.10.2002 Ingrid Melve,...
-
Upload
julia-paul -
Category
Documents
-
view
215 -
download
0
Transcript of Middleware challenges to service providers, the Nordic view TERENA, 24.10.2002 Ingrid Melve,...
Middleware challenges to service providers, the Nordic
viewTERENA, 24.10.2002
Ingrid Melve, UNINETT
1
Overview
● What is happening in the Nordic countries with middleware
● Nordunet2 research initative● GNOMIS
● FEIDE and FEIDHE● SwUPKI and SPOCP
● Infraservices, the Nordic approach
● Distinguished academic middleware
1
Learning Network
1
Middleware helps us
● Have an electronic identity● Name networked stuff, for humans
to find● Secure our communication● May log in where access is
restricted● Keep track of networked users and
components and content and stuff● Control privacy options
1
Middleware in action● DNS: naming and resource
discovery● Multicast and traffic flow control● Access control
● Authentication● Authorization● Accounting
● Policy and Quality of Service (QoS)● Proxies: flow control, caching● Transcoding and announcements
1
Authentication and Authorization● Logging in● Who are you? Authentication● What are you allowed to do?
Authorization and policy● There is no single Public Key
Infrastructure (PKI)● Scaling trust is difficult● Bootstrapping is hard
● Do we need better security? Really?
1
Nordunet2
● Follow up on Nordunet which established the operational NORDUnet and put the Nordic countries on the network frontier
● http://www.nordunet2.org● Focal areas
● Distance education and lifelong learning● Tele Medicine● Digital libraries● Infraservices
1
Infraservices is middleware
● Infraservices projects● Directories● Transcoding, mobile support● GRID● Virtual Reality support● AA and GNOMIS● Test networks
1
GNOMIS
● The Greater Nordic Middleware Symposium: sharing the burden
● Finns have done large scale end user testing of PKI technology and smart cards
● Swedes have worked on server certificates and authorization
● Norwegians build user management systems integrated with authentication services
1
FEIDE: common academic electronic ID in Norway● Building a common electronic ID
● Standard person/user information● Standard resource information● Enable easy login facilities
● Building blocks● Username/password in schema● Legal issues wrangled once● PKI, possibly support for smart cards● Common authentication service● Establish a common authorization
service
1
FEIDHE/HSTYA
● Investigate possibilities for implementing a smart card based electronic identification
● Testing smart cards in applications● User authentication● Digital signatures
● Deployment steps recommended● Make related modifications to the user
administration● Deploy services relying on PKI● Distribute smart cards to the users
1
SwUPKI● Swedish University PKI● PKI used (mostly) for server
certificates● 5 participating universities (so far)● Sample policies available, easy to
join● Affordable certificates● Operations and policy decisions are
separated on top level Certification Authority
1
SPOCP test
● Simple Policy Control Project● 5 swedish universities, Sunet and
Uninett● Testing policy control server for
authorization● Centralized authorization● Support for Access Control List
descriptions
1
How are universities different● Heterogenous software● Open solutions, no inside/outside
(students inside are more dangerous than the outside), few firewalls
● Loosely coupled systems● Some are large scale, most have
transient user populations● Hard to establish organizational
policy that works for all (a professor may do as she wants)
1
How is university middleware similar● Security issues are the same
whereever you go● Getting users to behave● Protecting the prey: users and
servers● Keeping track of who is allowed to
do what● BUT: universities are similar to the
Internet at large, not to enterprise networks
1
Summing up● Nordic area is collaborating on solving
middleware challenges● Middleware makes networked life more
complex● Middleware is on its way
● Directories of information● Software on servers and clients● Policy and formal agreements
● We have work to do on the NRN level● Contact: