Middleware challenges to service providers, the Nordic

viewTERENA, 24.10.2002

Ingrid Melve, UNINETT

1

Overview

● What is happening in the Nordic countries with middleware

● Nordunet2 research initative● GNOMIS

● FEIDE and FEIDHE● SwUPKI and SPOCP

● Infraservices, the Nordic approach

● Distinguished academic middleware

1

Learning Network

1

Middleware helps us

● Have an electronic identity● Name networked stuff, for humans

to find● Secure our communication● May log in where access is

restricted● Keep track of networked users and

components and content and stuff● Control privacy options

1

Middleware in action● DNS: naming and resource

discovery● Multicast and traffic flow control● Access control

● Authentication● Authorization● Accounting

● Policy and Quality of Service (QoS)● Proxies: flow control, caching● Transcoding and announcements

1

Authentication and Authorization● Logging in● Who are you? Authentication● What are you allowed to do?

Authorization and policy● There is no single Public Key

Infrastructure (PKI)● Scaling trust is difficult● Bootstrapping is hard

● Do we need better security? Really?

1

Nordunet2

● Follow up on Nordunet which established the operational NORDUnet and put the Nordic countries on the network frontier

● http://www.nordunet2.org● Focal areas

● Distance education and lifelong learning● Tele Medicine● Digital libraries● Infraservices

1

Infraservices is middleware

● Infraservices projects● Directories● Transcoding, mobile support● GRID● Virtual Reality support● AA and GNOMIS● Test networks

1

GNOMIS

● The Greater Nordic Middleware Symposium: sharing the burden

● Finns have done large scale end user testing of PKI technology and smart cards

● Swedes have worked on server certificates and authorization

● Norwegians build user management systems integrated with authentication services

1

FEIDE: common academic electronic ID in Norway● Building a common electronic ID

● Standard person/user information● Standard resource information● Enable easy login facilities

● Building blocks● Username/password in schema● Legal issues wrangled once● PKI, possibly support for smart cards● Common authentication service● Establish a common authorization

service

1

FEIDHE/HSTYA

● Investigate possibilities for implementing a smart card based electronic identification

● Testing smart cards in applications● User authentication● Digital signatures

● Deployment steps recommended● Make related modifications to the user

administration● Deploy services relying on PKI● Distribute smart cards to the users

1

SwUPKI● Swedish University PKI● PKI used (mostly) for server

certificates● 5 participating universities (so far)● Sample policies available, easy to

join● Affordable certificates● Operations and policy decisions are

separated on top level Certification Authority

1

SPOCP test

● Simple Policy Control Project● 5 swedish universities, Sunet and

Uninett● Testing policy control server for

authorization● Centralized authorization● Support for Access Control List

descriptions

1

How are universities different● Heterogenous software● Open solutions, no inside/outside

(students inside are more dangerous than the outside), few firewalls

● Loosely coupled systems● Some are large scale, most have

transient user populations● Hard to establish organizational

policy that works for all (a professor may do as she wants)

1

How is university middleware similar● Security issues are the same

whereever you go● Getting users to behave● Protecting the prey: users and

servers● Keeping track of who is allowed to

do what● BUT: universities are similar to the

Internet at large, not to enterprise networks

1

Summing up● Nordic area is collaborating on solving

middleware challenges● Middleware makes networked life more

complex● Middleware is on its way

● Directories of information● Software on servers and clients● Policy and formal agreements

● We have work to do on the NRN level● Contact:

● ingrid.melve@uninett.no,● gnomis@uninett.no