Welcome to CAMP!

Ken Klingenstein,Director, Internet2 Middleware Initiative

CAMP - June 4-6, 2003 2

Overview

• CAMP Goals• Workshop Context• A word from our sponsors• A word about NMI-EDIT

CAMP - June 4-6, 2003 3

Goals of CAMP: Authentication Overview/Deployment

• Overview of deploying authentication• WebISO technologies• Update on directory activities• Inter-institutional authorization and leveraging

campus authentication

CAMP - June 4-6, 2003 4

Goals of CAMP

• Develop contacts from other institutions implementing middleware

• Learn about current research • Take home ideas to help remove those

roadblocks on your campus• Benchmark your own implementation against

current higher-ed practices

CAMP - June 4-6, 2003 5

Thanks to our CAMP “Program Committee”

• Mike Berman– CSU Pomona

• Kent McKinney– CSU Hayward

• Bill Winn– Bradley University

CAMP - June 4-6, 2003 6

A Word From Our Sponsors

• National Science Foundation’s Middleware Initiative (NMI)

• NMI – Enterprise Desktop Integration Technologies (EDIT) Consortium

• Internet2 – primary on grant and research• EDUCAUSE – primary on outreach• Southeastern Universities Research Association

(SURA) – primary on NMI Integration Testbed

…with support from Sun Microsystems Inc.

CAMP - June 4-6, 2003 7

NMI-EDIT: Goals

• Create a ubiquitous common, persistent and robust core middleware infrastructure for the R&E community

• Provide tools and services (e.g. registries, bridge PKI components, schemas, root directories) to support inter-institutional and inter-realm collaborations

CAMP - June 4-6, 2003 8

NMI-EDIT: Core Middleware Scope

• Identity and Identifiers – namespaces, identifier crosswalks, real world levels of assurance

• Authentication – campus technologies and policies, inter-realm interoperability via PKI, Kerberos

• Directories – enterprise directory services architectures and tools, standard object classes, inter-realm and registry services

• Authorization – permissions and access controls, delegation, privacy management

• Integration Activities – common management tools, use of virtual, federated and hierarchical organizations

CAMP - June 4-6, 2003 9

A Map of Middleware Land

CAMP - June 4-6, 2003 10

NMI-EDIT: Strategic Direction

• Overall technical direction set by MACE–Middleware Architecture Committee for Education (MACE)

–Bob Morgan, University of Washington, Chair

–Campus IT architects and representatives from Grids and International Communities

• Directions set via–NSF and NMI management team

–Internet2 Network Planning and Policy Advisory Council

–PKI, FOO and Directory Technical Advisory Boards

–Internet2 members

CAMP - June 4-6, 2003 11

Sample NMI-EDIT Process: Directories

• MACE-DIR Working Group –Prioritize needed materials– Establish subgroups

• revision of basic documents (LDAP Recipe)• new best practices in groups and metadirectories• standards development for eduPerson 1.5 and eduOrg 1.0

– Work in enhanced IETF approach: scenarios, requirements, architectures, recommended standards stages

–Announce deliverables; start input and conference call review/feedback processes; reconvene work groups as needed

• Process schedule and requirements–4-6 months for completion, depending on product–6-8 primary contributors–15-50 schools participating

CAMP - June 4-6, 2003 12

NMI-EDIT: Participants

• Higher Ed – 15-20 leadership institutions, with 50 more campuses

represented as members of working groups; readership around 2000 institutions

• Corporate– (IBM/Metamerge, Microsoft, SUN, Liberty Alliance, DST,

MitreTek, Radvision, Polycom, EBSCO, Elsevier, OCLC, Baltimore Technologies)

• Government – NSF, NIST, NIH, Federal CIO Council

• International –Terena, JISC, REDIRIS, AARnet, SWITCH

CAMP - June 4-6, 2003 13

The pieces fit together…

• Campus infrastructure– Name space, identifiers, directories

– Enterprise authentication and authorization – Portals and LMS’s

• Inter-realm infrastructure– edu schemas– Exchange of attributes

• Inter-realm Upperware– Grids– Digital libraries– Video

CAMP - June 4-6, 2003 14

Middleware as Infrastructure

• It serves both academic and administrative units

• It serves both instructional and research missions

• It must be reliable, scalable, extensible, ubiquitous, and transparent.

• It must be deployed, which requires real technical, financial and political processes.

CAMP - June 4-6, 2003 15

Middleware as Art

• There is no proven policy path• Much depends on local legacy systems• Much depends on local legacy people• Much of the technology base is being

invented as we meet

CAMP - June 4-6, 2003 16

The Last Six Months in Middleware

• Directories– Eduperson – new attributes, passions about

vocabulary, new pressures for internationalization– CommObject becomes H.350– Metadirectories…

• Shibboleth – grows to v1.0, libraries and content providers drive deployments, federations take shape

• Enterprise, federated Chandler is hatched

CAMP - June 4-6, 2003 17

The Last Six Months in Middleware

• Desktop video – what’s proving hard• PKI – needs grew, CREN died…• DRM – wins and losses• OKI – fits and starts• Portals – growing consensus on a few

standards

CAMP - June 4-6, 2003 18

Drivers for federations

•At least four technologies…–Shibboleth, Liberty Alliance, Federated .NET, PAPI from RedIris (Spain), perhaps PKI

•Several business needs–Internal exchanges–Inter-institutional collaboration–Federal e-authentication initiative

•Deployments now beginning

CAMP - June 4-6, 2003 19

Origin Side Architecture

CAMP - June 4-6, 2003 20

The Next Six Months in parts of Middleware

• Federations• A Higher Ed CA • Chandler• Signed email• Credential convertors and identity mapping• OGSA• Shibbing collaboration tools• DRM

CAMP - June 4-6, 2003 21

Federations and Classic PKI

•They are very similar–Both imply trust models–Federations are a enterprise-enterprise PKI–Local authentication may well be end-entity certs–Name-space control is a critical issue

•And they are very different–End user authentication a local decision–Flat set of relationships; little hierarchy–Focus as much on privacy as security–Web Services only right now: no other apps, no encryption–We get to define…

CAMP - June 4-6, 2003 22

Overall Trust Fabric

CAMP - June 4-6, 2003 23

The Next Two Years in parts of Middleware

• Desktop video• Authzanity• A Higher Ed Bridge CA• Federated enterprise P2P• Virtual organization support• Federated directories• Middleware diagnostics

CAMP - June 4-6, 2003 24

Getting the Most Out of CAMP

• Conventional wisdom is not wisdom• Its about deployments• We have met the enemy…• Friday morning consulting• Netequitte• The creek path• Stay engaged