NSF Middleware Initiative Enterprise and Desktop Integration Technologies

NSF Middleware Initiative: Enterprise and Desktop Integration Technologies Consortium Renee Woodten Frost Assistant Director Internet 2 Middleware Initiative

Topics EDIT Consortium Background NMI-EDIT Goals and Objectives Development and Management Processes Year 1 Milestones and Deliverables Integration Efforts NMI Testbed Kickoff June 11, 2002

EDIT Consortium Enterprise and Desktop Integration Technologies Consortium (EDIT) • Internet 2 – primary on grant and research – Ken Klingenstein – Renee Woodten Frost – “Cast of thousands” from campuses – ie, Michael Gettes, Steve Olshansky • EDUCAUSE – primary on outreach – Ann West • Southeastern Universities Research Association (SURA) – testbed – Mary Fran Yafchak NMI Testbed Kickoff June 11, 2002

Goals Much as at the network layer, plumb a ubiquitous common, persistent and robust core middleware infrastructure for the R&E community • • • Foster effective and consistent campus implementations Motivate institutional funding and deployment strategies Solve the real world policy issues Integrate key applications to leverage the infrastructure Nurture open-source solutions Address scaling issues for the user and enterprise In support of inter-institutional and inter-realm collaborations, provide tools and services (e. g. registries, bridge PKI components, root directories) as required NMI Testbed Kickoff June 11, 2002

NMI-EDIT Plan • Foster the development of campus enterprise middleware to leverage both the academic and administrative missions. • Coordinate a common substrate across higher ed middleware implementations that would permit interinstitutional efforts such as Grids, digital libraries, and collaboratories to scale and leverage • In some instances, build collaboration tools for particularly important inter-institutional and government interactions, such as web services, PKI and video. • Insure that distinctive higher ed requirements, from privacy and academic freedom to multi-realm portals, are served in the marketplace. NMI Testbed Kickoff June 11, 2002

NMI EDIT Objectives Original Proposal • Foster a coherent name space and security/privacy management architecture • Foster a coherent directory architecture • Integrate at the desktop with the operating systems and the user, leveraging enterprise directories and security • Enable new applications of value to research • Extend scope of liaison work • Offer integrative services to component developers • Proactively disseminate and educate to insure wide and consistent use of middleware services across the higher education and research community NMI Testbed Kickoff June 11, 2002

A Map of Middleware Land NMI Testbed Kickoff June 11, 2002

Core Middleware Scope Identity and Identifiers – namespaces, identifier crosswalks, real world levels of assurance, etc. Authentication – campus technologies and policies, inter-realm interoperability via PKI, Kerberos, etc. Directories – enterprise directory services architectures and tools, standard object classes, inter-realm and registry services Authorization – permissions and access controls, delegation, privacy management, etc. Integration Activities – common management tools, use of virtual, federated and hierarchical organizations NMI Testbed Kickoff June 11, 2002

NMI-EDIT Organization Overall technical direction set by MACE, Bob Morgan, University of Washington, Chair Directions set via NSF and NMI, Internet 2 NPPAC, PKI and DIR Technical Advisory Boards, members Grant funding is $1. 2 million a year: • about ½ to short-term partial hiring of campus IT staff to develop and document required standards, best practices, etc. • about ½ to testbeds, dissemination and training sessions Almost all funding passed through to campuses for work NMI Testbed Kickoff June 11, 2002

Sample NMI-EDIT Process (Directories ) MACE-DIR prioritizes needed materials Subgroups established: • • • revision of basic documents (LDAP Recipe) new best practices in groups and metadirectories standards development for edu. Person 1. 5 and edu. Org 1. 0 Subgroups work in enhanced IETF approach, with scenarios, requirements, architectures and recommended standards stages. WG Deliverables announced; input and conference call feedback processes start for RPR status; work groups reconvene as needed Seems to take around 4 -6 months, depending on product 6 -8 people seem to drive, 15 -50 schools participate NMI Testbed Kickoff June 11, 2002

NMI-EDIT Development Stages Works in Progress • Under development by working group; to shape directions • Labeled as Draft Experimental • Reviewed within the working group; for review within the EDIT Community • Labeled as EXP Released for Public Review • For broad review, including international and vendor communities • Labeled as RPR Final • Labeled as FIN NMI Testbed Kickoff June 11, 2002

NMI-EDIT Participants Higher Ed – 15 -20 leadership institutions, with 50 more campuses represented as members of working groups; readership around 2000 institutions. Corporate - (IBM, Microsoft, SUN, Intel, Liberty Alliance, DST, Mitre. Tek, Radvision, Polycom, EBSCO, Elsevier, OCLC, Metamerge, Baltimore, etc. ) Government – NSF, NIST, NIH, Federal CIO Council, etc International – Terena, JISC, REDIRIS, AARnet, etc. NMI Testbed Kickoff June 11, 2002

A Few Year One Milestones Sept 1, 2001 – Grant awarded Oct 2001– edu. Person 1. 0 finalized; outreach begins with multiple full day workshops Jan 2002 – HEBCA tested; first CAMP held Feb 2002 – PKI Lite CP/CPS; e-Gov and Management and Leadership Best Practice Awards April 2002 – Shibboleth alpha ships; testbeds selected; NIST/NIH PKI workshop May 2002 – NMI release, with edu. Person 1. 5, pubcookie, KX. 509, groups and metadirectories, video white papers June 2002 – affiliated directories to begin; basic CAMP; testbed kickoff July 2002 – Shibboleth beta to ship; advanced CAMP NMI Testbed Kickoff June 11, 2002

Specific Deliverables Release 1 Software • KX. 509 and KCA • Certificate Profile Maker • Pubcookie Object Classes • • edu. Person 1. 0 edu. Person 1. 5 edu. Org 1. 0 comm. Object 1. 0 Service • Certificate Profile Registry NMI Testbed Kickoff June 11, 2002

Specific Deliverables Release 1 Conventions and Practices • Practices in Directory Groups 1. 0 • LDAP Recipe 2. 0 • Metadirectory Practices for the Enterprise Directory in Higher Education 1. 0 White Papers • Shibboleth Architecture v 5 Policies • Campus Certificate Policy for use at the Higher Education Bridge Certificate Authority (HEBCA) • Lightweight Campus Certificate Policy and Practice Statement (PKI-Lite) • Sample Campus Account Management Policy NMI Testbed Kickoff June 11, 2002

Specific Deliverables Release 1 Works in Progress: White Papers • Role of Directories in Video-on-Demand • Resource Discovery for Videoconferencing • Directory Services Architecture for Video and Voice Conferencing over IP (comm. Object) NMI Testbed Kickoff June 11, 2002

Year Two Work Areas Authorization, Authorization Shibboleth and PKI Integration with the Grid HEBCA Affiliated directories Federated digital rights management Video Registry Services Research medical middleware NMI Testbed Kickoff June 11, 2002

Integration in Action Three universities decide to share resources and work together on analyzing the groundwater pollution in their region. Collaborating on this problem requires frequent researcher interaction and the use of supercomputing resources around the country. Waiting to board her plane, a college administrator receives a call about a problem that needs immediate attention. She connects to her campus intranet, delegates the access of her voice/video/data mail to her assistant for the next three hours, and requests a private video conference with the institution’s attorney. NMI Testbed Kickoff June 11, 2002

Integration in Action Thousands of physicists at hundreds of laboratories and universities worldwide come together to design, create, operate, and analyze the products of a major detector at CERN, the European high energy physics laboratory. During the analysis phase, they pool their computing, storage, and networking resources to create a "Data Grid" capable of analyzing petabytes of data. NMI Testbed Kickoff June 11, 2002

Integration in Action Mary is a grad student at Alpha U, taking courses in a traditional classroom and online, and works at a company nearby. Her electronic identities must be verified to permit remote access to resources at both locations such as libraries and the company intranet and to deliver streamed-video classroom content. Mary is not continually asked for usernames, passwords or account numbers because the institutions and their constituents trust open standards for authentication, information sharing and privacy management. NMI Testbed Kickoff June 11, 2002

Integration in Action Professor Smith wants to access a broad range of services through a secure portal to permit complex calendar applications, desktop video, IP telephony and his GRID project resources. Whether in an office or an airport, the professor comes to depend on quality-of-service, security and privacy to access and share data with colleagues on campus and across the country. NMI Testbed Kickoff June 11, 2002

Integration Issues What needs integration? • Core middleware components • Plumbing the campus core for Grids • New NMI components into the existing base What are the desired outcomes of integration • To the user – Relatively single-sign on/limited credentials – Enterprise directory data supplied to Grids and other apps • Behind the scenes – Integrated accounting, security, management NMI Testbed Kickoff June 11, 2002

Integration Issues What are the barriers to integration • Embedded bases • Different priorities • Gaps NMI Testbed Kickoff June 11, 2002

Coexistence, then integration Coexistence • Converting campus Kerberos tickets to temporary X. 509 certificates • Classification of NMI deliverables • Testbeds for multiple agendas • Identifier cross-walks Integration • • Web services Metadirectories Identifier reduction Accounting and resource control NMI Testbed Kickoff June 11, 2002

The pieces fit together… Campus infrastructure • Name space and identifiers • Directories • Enterprise authentication and authorization Inter-realm infrastructure • edu object classes • Exchange of attributes Inter-realm Upperware • Grids • Digital libraries • Video NMI Testbed Kickoff June 11, 2002

A Map of Middleware Land NMI Testbed Kickoff June 11, 2002

Outreach Upcoming Workshops • Pre-conference Seminars – SE EDUCAUSE conference next week in Charleston • Summer CAMPs (Campus Architectural Middleware Planning) – Orientation – June 24 -26, 2002 – Advanced – July 31 – August 2, 2002 NMI Testbed Kickoff June 11, 2002