NSF Middleware Initiative: What’s It All About? Renee Woodten Frost Assistant Director Internet2...
-
Upload
andrew-walton -
Category
Documents
-
view
213 -
download
0
Transcript of NSF Middleware Initiative: What’s It All About? Renee Woodten Frost Assistant Director Internet2...
NSF Middleware Initiative:What’s It All About?
Renee Woodten Frost
Assistant Director
Internet2 Middleware Initiative
SE EDUCAUSE June 18, 2002
Copyright Internet2 2002.
This work is the intellectual property of Internet2. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from Internet2.
SE EDUCAUSE June 18, 2002
Topics for Today
Introduction to Middleware
NSF Middleware Initiative (NMI)
Enterprise Infrastructure• Goals and Objectives• Outcomes• Development and Management Processes• Year 1 Milestones and Deliverables• Integration Efforts
SE EDUCAUSE June 18, 2002
Middleware in Action
Three universities decide to share resources and work together on analyzing the groundwater pollution in their region. Collaborating on this problem requires frequent researcher interaction and the use of supercomputing resources around the country.
Waiting to board her plane, a college administrator checks her email to learn of a problem. She connects to her campus library and downloads the latest information about campus unionization. She receives an incoming IP phone call from the Chancellor, who requests that she call a meeting of all department heads to brief them of the activity. She schedules the meeting and sends advance reading materials to the attendees.
SE EDUCAUSE June 18, 2002
What is Middleware?
• specialized networked services that are shared by applications and users
• a set of core software components that permit scaling of applications and networks
• tools that take complexity out of application integration
• a second layer of the IT infrastructure, sitting above the network
• a land where technology meets policy
• the intersection of what networks designers and applications developers each do not want to do
SE EDUCAUSE June 18, 2002
A Map of Middleware Land
SE EDUCAUSE June 18, 2002
Core Middleware
Middleware makes “transparently use” happen, providing consistency, security, privacy and capability
Identity - unique markers of who you (person, machine, service, group) are
Authentication - how you prove or establish that you are that identity
Directories - where an identity’s basic characteristics are kept
Authorization - what an identity is permitted to do
Public Key Infrastructure (PKI) - emerging tools for security services
SE EDUCAUSE June 18, 2002
How is it Used?
Email• Common authentication and directories
Account management• Common authentication and provisioning mechanism
Next-generation portals • Common authentication and storage for profiles and
preferences.
Web access controls• Common authentication and directories
Calendaring• Common authentication and directories
SE EDUCAUSE June 18, 2002
How is it Used?
Digital Libraries• Scalable, interoperable authentication and authorization.
Grids (Research for now)• Model for a distributed computing environment, addressing
diverse computational resources, distributed databases, network bandwidth,etc.;
• Globus provides security, location and allocation of resources, and scheduling.
Instructional Management Systems • Common authentication and directories.
Academic Collaboration• Restricted sharing of materials among institutions.
SE EDUCAUSE June 18, 2002
What is the NMI?
NSF Middleware Initiative = NSF award for integrators to:
• GRIDS Center: NCSA, UCSD, Argonne National Labs/University of Chicago, USC/ ISI, and University of Wisconsin
• Enterprise and Desktop Integration Technologies (EDIT) Consortium: Internet2, EDUCAUSE, and SURA
Separate awards to pure research components
Multi-year effort to build on the successes of the Globus project and the Internet2 Middleware Initiative
Practical (deployment) activity that necessitates some research
SE EDUCAUSE June 18, 2002
The Problem We’re Trying To Solve...
To allow scientists and engineers the ability to transparently use and share distributed resources, such as computers, data, and instruments
To develop effective collaboration and communications tools such as Grid technologies, desktop video, and other advanced services to expedite research and education, and
To develop a working architecture and approach which can be extended to Internet users around the world.
SE EDUCAUSE June 18, 2002
What Outcomes is NMI Trying to Achieve?
A unified model for managing the campus infrastructure • directories• identity• metadirectories• security• authentication• authorization• services
A model for achieving interoperability for the research and higher ed communities
A model for building applications
SE EDUCAUSE June 18, 2002
Focus on Enterprise Infrastructure: EDIT Consortium
Enterprise and Desktop Integration Technologies Consortium (EDIT)
• Internet2 – primary on grant and research• EDUCAUSE – primary on outreach• Southeastern Universities Research Association (SURA) –
testbed
SE EDUCAUSE June 18, 2002
Goals
Much as at the network layer, plumb a ubiquitous common, persistent and robust core middleware infrastructure for the R&E community
• Foster effective and consistent campus implementations• Motivate institutional funding and deployment strategies• Solve the real world policy issues• Integrate key applications to leverage the infrastructure• Nurture open-source solutions• Address scaling issues for the user and enterprise
In support of inter-institutional and inter-realm collaborations, provide tools and services (e.g. registries, bridge PKI components, root directories) as required
SE EDUCAUSE June 18, 2002
How will these outcomes and goals be achieved?
• Foster the development of campus enterprise middleware to leverage both the academic and administrative missions.
• Coordinate a common substrate across higher ed middleware implementations that would permit inter-institutional efforts such as Grids, digital libraries, and collaboratories to scale and leverage
• In some instances, build collaboration tools for particularly important inter-institutional and government interactions, such as web services, PKI and video.
• Insure that distinctive higher ed requirements, from privacy and academic freedom to multi-realm portals, are served in the marketplace.
SE EDUCAUSE June 18, 2002
Specifically . . .
•Foster a coherent name space and security/privacy management architecture
•Foster a coherent directory architecture
•Integrate at the desktop with the operating systems and the user, leveraging enterprise directories and security
•Enable new applications of value to research
•Extend scope of liaison work
•Offer integrative services to component developers
•Proactively disseminate and educate to insure wide and consistent use of middleware services across the higher education and research community
SE EDUCAUSE June 18, 2002
A Map of Middleware Land
SE EDUCAUSE June 18, 2002
Core Middleware Scope
Identity and Identifiers – namespaces, identifier crosswalks, real world levels of assurance, etc.
Authentication – campus technologies and policies, inter-realm interoperability via PKI, Kerberos, etc.
Directories – enterprise directory services architectures and tools, standard object classes, inter-realm and registry services
Authorization – permissions and access controls, delegation, privacy management, etc.
Integration Activities – common management tools, use of virtual, federated and hierarchical organizations
SE EDUCAUSE June 18, 2002
NMI-EDIT Organization
Overall technical direction for NMI-EDIT is set by MACE Bob Morgan, University of Washington, Chair
Directions set via NSF and NMI, Internet2 NPPAC, PKI and DIR Technical Advisory Boards, members
Grant funding is $1.2 million a year:• about ½ to short-term partial hiring of campus IT staff to
develop and document required standards, best practices, etc.
• about ½ to testbeds, dissemination and training sessions
Almost all funding passed through to campuses for work
SE EDUCAUSE June 18, 2002
Sample NMI-EDIT Process (Directories )
MACE-DIR prioritizes needed materials
Subgroups established: • revision of basic documents (LDAP Recipe)
• new best practices in groups and metadirectories
• standards development for eduPerson 1.5 and eduOrg 1.0
Subgroups work in enhanced IETF approach, with scenarios, requirements, architectures and recommended standards stages.
WG Deliverables announced; input and conference call feedback processes start for RPR status; work groups reconvene as needed
Seems to take around 4-6 months, depending on product
6-8 people seem to drive, 15-50 schools participate
SE EDUCAUSE June 18, 2002
NMI-EDIT Development Stages
Works in Progress • Under development by working group; to shape directions• Labeled as Draft
Experimental • Reviewed within the working group; for review within the EDIT
Community • Labeled as EXP
Released for Public Review • For broad review, including international and vendor communities• Labeled as RPR
Final • Labeled as FIN
SE EDUCAUSE June 18, 2002
NMI-EDIT Participants
Higher Ed – 15-20 leadership institutions, with 50 more campuses represented as members of working groups; readership around 2000 institutions.
Corporate - (IBM, Microsoft, SUN, Intel, Liberty Alliance, DST, MitreTek, Radvision, Polycom, EBSCO, Elsevier, OCLC, Metamerge, Baltimore, etc.)
Government – NSF, NIST, NIH, Federal CIO Council, etc
International – Terena, JISC, REDIRIS, AARnet, etc.
SE EDUCAUSE June 18, 2002
A Few Year One Milestones
Sept 1, 2001 – Grant awarded
Oct 2001– eduPerson 1.0 finalized; outreach begins with multiple full day workshops
Jan 2002 – HEBCA tested; first CAMP held
Feb 2002 – PKI Lite CP/CPS; e-Gov and Management and Leadership Best Practice Awards
April 2002 – Shibboleth alpha ships; testbeds selected; NIST/NIH PKI workshop
May 2002 – NMI release, with eduPerson 1.5, pubcookie, KX.509, groups and metadirectories, video white papers
June 2002 – affiliated directories to begin; basic CAMP; testbed kickoff
July 2002 – Shibboleth beta to ship; advanced CAMP
SE EDUCAUSE June 18, 2002
NMI Release 1 Components
Software• Globus Toolkit• Condor-G• Network Weather Service• KX.509 and KCA• Certificate Profile Maker• Pubcookie
Object Classes• eduPerson 1.0• eduPerson 1.5• eduOrg 1.0• commObject 1.0
SE EDUCAUSE June 18, 2002
NMI Release 1 Components
Conventions and Practices• Practices in Directory Groups 1.0• LDAP Recipe 2.0• Metadirectory Practices for the Enterprise Directory in
Higher Education 1.0
White Papers• Shibboleth Architecture v5
Service• Certificate Profile Registry
SE EDUCAUSE June 18, 2002
NMI Release 1 Components
Policies• Campus Certificate Policy for use at the Higher Education
Bridge Certificate Authority (HEBCA)• Lightweight Campus Certificate Policy and Practice
Statement (PKI-Lite)• Sample Campus Account Management Policy
Works in Progress: White Papers• Role of Directories in Video-on-Demand• Resource Discovery for Videoconferencing• Directory Services Architecture for Video and Voice
Conferencing over IP (commObject)
SE EDUCAUSE June 18, 2002
Year Two Work Areas
Authorization, Authorization, Authorization
Shibboleth and PKI
Integration with the Grid
HEBCA
Affiliated directories
Federated digital rights management
Video
Registry Services
Research medical middleware
SE EDUCAUSE June 18, 2002
Integration in Action
Thousands of physicists at hundreds of laboratories and universities worldwide come together to design, create, operate, and analyze the products of a major detector at CERN, the European high energy physics laboratory. During the analysis phase, they pool their computing, storage, and networking resources to create a "Data Grid" capable of analyzing petabytes of data.
SE EDUCAUSE June 18, 2002
Integration in Action
Mary is a grad student at Alpha U,taking courses in a traditional classroom and online, and works at a company nearby. Her electronic identities must be verified to permit remote access to resources at both locations such as libraries and the company intranet and to deliver streamed-video classroom content. Mary is not continually asked for usernames, passwords or account numbers because the institutions and their constituents trust open standards for authentication, information sharing and privacy management.
SE EDUCAUSE June 18, 2002
Integration in Action
Professor Smith wants to access a broad range of services through a secure portal to permit complex calendar applications, desktop video, IP telephony and his GRID project resources. Whether in an office or an airport, the professor comes to depend on quality-of-service, security and privacy to access and share data with colleagues on campus and across the country.
SE EDUCAUSE June 18, 2002
Integration Issues
What needs integration?• Core middleware components• Plumbing the campus core for Grids• New NMI components into the existing base
What are the desired outcomes of integration• To the user
– Relatively single-sign on/limited credentials– Enterprise directory data supplied to Grids and other
apps• Behind the scenes
– Integrated accounting, security, management
SE EDUCAUSE June 18, 2002
Integration Issues
What are the barriers to integration• Embedded bases• Different priorities• Gaps
SE EDUCAUSE June 18, 2002
Coexistence, then integration
Coexistence• Converting campus Kerberos tickets to temporary X.509
certificates• Classification of NMI deliverables• Testbeds for multiple agendas• Identifier cross-walks
Integration• Web services• Metadirectories• Identifier reduction• Accounting and resource control
SE EDUCAUSE June 18, 2002
The pieces fit together…
Campus infrastructure• Name space and identifiers• Directories• Enterprise authentication and authorization
Inter-realm infrastructure• edu object classes• Exchange of attributes
Inter-realm Upperware• Grids• Digital libraries• Video
SE EDUCAUSE June 18, 2002
A Map of Middleware Land (again)
SE EDUCAUSE June 18, 2002
What to watch…
The campus middleware infrastructure - make sure it is being developed and reflects needs
Vendor and database licensing and service changes
Shibboleth Demos and Pilots
SE EDUCAUSE June 18, 2002
Where to watch?
Websites
http://www.nsf-middleware.org
http//www.nmi-edit.org
http://www.grids-center.org
http://middleware.internet2.edu
Middleware information and discussion [email protected]
NMI lists (see websites)
SE EDUCAUSE June 18, 2002
More Information…
Education Opportunities• Summer CAMP (Campus Architectural and Middleware
Planning)– Base – end of June– Advanced – beginning of July
Contact:
- Renee Woodten Frost