
3677289061bb4692c3079c6a461e22ab.ppt
- Количество слайдов: 25
1 Middleware Picture in Australia Alex Reid Director, e. Research/Middleware, AARNet 19 -Sep-05 Alex Reid: Australian Middleware
2 National Research Infrastructure Backing Australia’s Ability – An Innovation Action Plan for the Future 2001/2004: http: //backingaus. innovation. gov. au/ $3 billion over 5 years from 2000 -1 $5. 3 billion over 7 years from 2004 -5 Systemic Infrastructure Initiative (SII) to upgrade research infrastructure at Australian universities: $246 m over 5 years from 2000 -1 to 2005 -6 $542 m over 6 years from 2005 -6 to 2010 -11 ● HEBAC (Higher Education Bandwidth Advisory Committee) 2002 -3 http: //www. dest. gov. au/highered/research/pdf/aren. pdf ● ARENAC (Australian Research and Education Network Advisory Committee) 2003+ http: //www. dest. gov. au/sectors/research_sector/programmes_funding/programme_categories/key_research_pri orities/australian_research_and_education_network/arenac. htm ● HEIIAC -> ARIIC (Australian Research Information Infrastructure Committee) 2003+ http: //www. dest. gov. au/highered/research/ariic. htm ● NRIT (National Research Infrastructure Task Force) 2003 -4 http: //www. dest. gov. au/sectors/research_sector/policies_issues_reviews/previous_reviews/national_re search_infrastructure_taskforce_framework/default. htm ● NCRIS (National Collaborative Research Infrastructure Strategy) 2004 -5 http: //www. dest. gov. au/sectors/research_sector/policies_issues_reviews/key_issues/ncris/default. htm ● e. Research Coordinating Committee 2005+ http: //www. dest. gov. au/sectors/research_sector/policies_issues_reviews/key_issues/e_research_consult/defaul t. htm/ 19 -Sep-05 Alex Reid: Australian Middleware
3 AARNet 3 Components • APL Tender for v 3 of AARNet mid-2004 • ARENAC $70 m + APL own reserves • National Backbone: own 2 fibre pairs across the country – deployed since 2004 at 10 Gbps • Regional Network: diverse routes, using DWDM, up to 320 Gbps • International Links: IRU on 2 x 10 Gbps fibres across the Pacific (SCCN) – Po. Ps in Seattle, LA • “Commodity” connectivity in Australia & USA (Seattle, Palo Alto) • Participate in TEIN 2 – Po. Ps in Singapore & Frankfurt 19 -Sep-05 Alex Reid: Australian Middleware
4 AARNet 3 Infrastructure – National 19 -Sep-05 Alex Reid: Australian Middleware
5 AARNet 3 Infrastructure – Regional 19 -Sep-05 Alex Reid: Australian Middleware
6 AARNet 3 Infrastructure – Comparison 19 -Sep-05 Alex Reid: Australian Middleware
7 AARNet 3 Infrastructure – Comparison 19 -Sep-05 Alex Reid: Australian Middleware
8 AARNet 3 Infrastructure – International 19 -Sep-05 Alex Reid: Australian Middleware
9 AARNet 3 Infrastructure – Global 19 -Sep-05 Alex Reid: Australian Middleware
10 Middleware Definition Ø All those systems, services, tools, agreements, arrangements and processes that are necessary in order to make the task of utilising a diverse, global collection of devices, data, processing and services for a wide variety of research and educational applications as easy to use as if they were all homogeneous, located locally and under the direct control of the researcher or scholar. Ø Roughly equivalent to but rather broader than other “national” definitions (eg JISC, Internet 2) 19 -Sep-05 Alex Reid: Australian Middleware
11 Place of Middleware Users Applications, Human Interfaces Middleware: Applicationindependent; Resource- & Location-neutral Knowledge Management, Resource Management, Collaboration Tools, Grid Services Authentication, Authorisation, Access, Accounting: PKI, Shibboleth, etc Local, Regional, National & International Network Infrastructure Facilities, Services, Resources: Processing, Data Storage, Instruments, Electronic Information 19 -Sep-05 Alex Reid: Australian Middleware
12 Draft Middleware Action Plan Following National Forum Dec-04: Ø Undertake an environmental scan. Ø Establish a single PKI Certification Authority for R&E. Ø Establish a sound basis for federated security systems in Australia that will scale to international federations. Ø Establish appropriate mechanisms to coordinate all R&E Middleware initiatives in Australia. Ø Agree to investigate adopting Shibboleth. Ø Establish and sustain strong connections with relevant Australian initiatives/entities. Ø Establish and strengthen overseas links. Ø Promote the swift implementation of enterprise directory services at all Australian education and research institution. Ø Develop strong visibility for and marketing of the Middleware agenda in Australia. 19 -Sep-05 Alex Reid: Australian Middleware
13 Survey of Identity & Access Management • Establish State-of-Play at Australian universities • Identify best practice, barriers to rapid implementation, authorisation requirements • Goal is: – pervasive, federated infrastructure that integrates organisations internally while simultaneously allowing them to interoperate with others [Burton Group, 2002] • 49% response (low due to complexity) • Currently: – Usernames/passwords, Same Sign-on, EZProxy, VPNs, LDAP, inhouse integration • Moving to: – Single Sign-on, automated integration (data feeds from corporate systems), Portals, PKI • Barriers: – Resources, high risk to critical systems, lack of standards/guidance & training, coordinated middleware 19 -Sep-05 Alex Reid: Australian Middleware
14 ARIIC Projects • 1 st Round (FRODO) early-2004: – – MAMS (Access Management) ARROW (Repositories) ADT (Digital Theses) APSR (Repositories) • 2 nd Round (MERRI) 22 -Aug-05 ($19 m): – MAPS – PKI/Shibboleth (operationalise the CAUDIT PKI Standards Project) – Others (mostly specific collections development/access & digitisation) 19 -Sep-05 Alex Reid: Australian Middleware
15 ARIIC MERRI Grant – MAPS • • Announced by Minister 22 -Aug-05 $582, 910 granted Lead site: University of Queensland (Nick Tate) Supported by: CAUDIT, CAUL, Monash, ANU, Macquarie, AARNet, Grange. Net • From now till end 2006 • Purpose: – This project will identify the software and services (middleware) that are currently being used in Australia to link applications across a range of resources on networks and computer systems in Australian universities. The MAPS project will identify existing areas of activity in the university and research sectors, and use these results to tap into the expertise across the sector to build a strategic plan of activities and projects for an Australian collaborative middleware strategy. This is an important project whose outcomes will enable other projects to leverage off common infrastructure and focus on providing new services that can be shared across the education and research sectors. 19 -Sep-05 Alex Reid: Australian Middleware
16 MAPS Activities Goal: Agreed Strategy for Middleware Deployment and Development (note the 2 strands) • Full-time Project Manager • Steering Committee, Reference Group, Kick-off Forum • Wide consultation: committees, forums, wikis, mailing lists, Website • Environmental Scan/Stocktake (local and global) • Analysis of findings, development of draft Strategy • Expert Reports • Round-Table • Finalisation of Strategy • Future Funding Proposals 19 -Sep-05 Alex Reid: Australian Middleware
17 Existing Middleware Activity • • • APAC Grid Nimrod-G CAUDIT-PKI eduroam, AARLIN, DEST/JISC e-Framework Emerging developers, end users, identity providers, service providers • MAMS: – Developing hands-on technical/policy experience with Shibboleth within the community – Test Shibboleth federation has been established, including a WAYF server – Scouting for suitable test Id. P’s and SP’s 19 -Sep-05 Alex Reid: Australian Middleware
18 MAMS – Broad Goals § Meta-Access Management System § Addressing the “Authentication, Authorisation, Identity, Single. Sign-On, Federation, Trust, Security, Digital Rights and Automated Access Policy” Cluster of Problems § Iterative demonstrations to help drive the gathering of user requirements § Development of common services prototypes – Intra-institutional multi-modal SSO – Inter-institutional access management • Attribute exchange (Shibboleth) • Automation of policy – Federated and extensible identity – Other common services: DRM, search, metadata § Implementation advice and programs 19 -Sep-05 Alex Reid: Australian Middleware
19 MAMS Next Steps • • • Add Shib to test environments at NLA, APSR, … Organise install-fests (SSO workshop) & roadshows Offer support (CMS, forum, mailing-list, FAQs) Start an Australian Federation Integrate cross-domain SSO with institutional SSO Integrate with desktop SSO (Kerberos) Integrate XACML into SAML Develop plug-ins for legacy systems Develop ARP manager & provisioning tools Easy installation packages (Shib+Web. ISO) Virtual Organisation (client & server) packages Offer policy & legal documents, etc… 19 -Sep-05 Alex Reid: Australian Middleware
20 CAUDIT PKI Project The CAUDIT PKI Project involves developing a single national PKI standards framework for HE & Research, including: – – Certification Authority (CA) Registration Authority (RA) Certificate Policy (CP) Certification Practice Statement (CPS) Built purely for test/trial purposes: – – – not evolve into a production service model; only survive until Sept 2005; support 4 levels of assurance; support cross certification; support embedding in web browsers (positive Microsoft discussions); – support signed emails. Next Step is to turn it into a production system – funded as part of MERRI 19 -Sep-05 Alex Reid: Australian Middleware
21 PKI Trust Model • • Aus. CERT Root CA is trust anchor for the CAUDIT PKI Old CA’s continue to work Cross-certifies with national, international and global PKIs Aus. CERT will provide: – PMA – Directory of Directories – Single point Certificate Dissemination. – Single point CRL and OCSP. – Virtual CA for institutions that can’t deploy own PKI 19 -Sep-05 Alex Reid: Australian Middleware
22 eduroam • Being undertaken jointly by AARNet & Grange. Net • Deploy eduroam in AARNet offices & staff • Write and seek endorsement for national eduroam policies • Promote and participating in eduroam developments within the APAN region • Participate in eduroam global working group • See www. eduroam. edu. au 19 -Sep-05 Alex Reid: Australian Middleware
23 APAN eduroam deployment 19 -Sep-05 Alex Reid: Australian Middleware
24 Global eduroam/M’ware Development • Europe – Close co-operation with JISC, Terena and European NRENs on eduroam & other Middleware activities • Americas – Working on eduroam and Shibboleth activities • APAN – APAN 2005 Taipei Middleware breakfast meeting – APAN Middleware mailing list – APAN Middleware stream for Jan 2006 Tokyo APAN meeting • Global – eduroam global working group – Middleware policy (“Slaughter” meeting) – MACE/MICE participation 19 -Sep-05 Alex Reid: Australian Middleware
25 END QUESTIONS? ? ? 19 -Sep-05 Alex Reid: Australian Middleware