NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
Jan 02, 2016
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
NSF Middleware Initiative
Renee Woodten Frost
Assistant Director, Middleware Initiatives
Internet2
NSF
Middleware
Initiative
CIC AIS Directors - April 15, 2002
Topics for Today
• NMI goals and processes
• Major elements• Campus middleware infrastructure - Directories, security
• National middleware services - HEBCA, DODHE, etc.
• Further Grid development
• Grid deployment and integration into campus infrastructure
• First year targets
• Internet2 middleware activities
• HEBCA developments
CIC AIS Directors - April 15, 2002
What is the NMI?
• NSF award for integrators to• Globus (NCSA, UCSD, University of Chicago, USC/ ISI, and
University of Wisconsin)
• Internet2, EDUCAUSE, and SURA
• Build on the successes of the Globus project and the Internet2/MACE initiative
• Multi-Year Effort
• A practical (deployment) activity that necessitates some research
• Separate awards to academic pure research “throw it long” components
CIC AIS Directors - April 15, 2002
The Problem We’re Trying To Solve...
• To allow scientists and engineers the ability to transparently use and share distributed resources, such as computers, data, and instruments
• To develop effective collaboration and communications tools such as Grid technologies, desktop video, and other advanced services to expedite research and education, and
• To develop a working architecture and approach which can be extended to Internet users around the world.
• Middleware is the stuff that makes “transparently use” happen, providing consistency, security, privacy and capability
CIC AIS Directors - April 15, 2002
What Outcomes is it Trying to Achieve?
• A unified model for managing the campus infrastructure • directories
• identity
• meta-directories
• security
• authentication
• authorization
• services
• A model for achieving interoperability for the research and higher ed communities
• A model for building applications
CIC AIS Directors - April 15, 2002
How Will it Accomplish these Goals?
• Facilitate communication among interested parties to increase the likelihood of interoperable solutions
- vendors
- standards groups develop middleware tools
• Develop consensus around “Best Practices”
• Develop consensus around recommendations to support interoperability and standard directory
• Facilitate the development and availability of Open Source Implementations for middleware components
CIC AIS Directors - April 15, 2002
How Will it Accomplish these Goals?
• Integrate emerging middleware components into a well-tested, comprehensive, commercial-quality, middleware distribution package that runs on multiple platforms.
• Facilitate the availability of applications that leverage this infrastructure
• - e.g., H.323 clients
• - open source services
CIC AIS Directors - April 15, 2002
A Map of Middlewareland
CIC AIS Directors - April 15, 2002
NMI First Year Goals
• Build campus middleware infrastructure in support of research and education
• Collaborative inter-realm infrastructure development• desktop video
• interoperable web services
• Grid advancement and integration
• Nurture innovative new middleware components
• NMI Release 1 - May, 2002
CIC AIS Directors - April 15, 2002
Identity Services on One Slide
Campus authentication Enterprise directory
Web services and
servers
WebISO
Learning Management
Systems PersonalPortals
Objectclassstandards
(e.g.eduperson,gridperson)
ContentPortals
Shibbolethexchange of
attributes
FuturePKI
DODHEet al
Future PKI
Interrealm
Security Domain
Gridset al
CIC AIS Directors - April 15, 2002
Simple Federated Administration Model
client
EnterpriseLDAP
directory
Attributeauthority
AuthenticationService target
Attributerequestor
Policvdecision
point
Policyenforcement
pointPolicy
enforcementpoint
Policyenforcement
points
Video directory
Service discoveryservice
Protocols
Griddirectory Video
directory
EnterpriseLDAP
directory
CIC AIS Directors - April 15, 2002
Internet2 Middleware Initiative
• Directories• eduPerson 1.5
• eduOrg
• Groups
• Metadirectories
• Shibboleth - interrealm exchange of attributes
• DoDHE
• PKI-light - edging towards signed (and perhaps encrypted) email
• Authentication - webiso
• Authorization
CIC AIS Directors - April 15, 2002
The pieces fit together…
• Campus infrastructure• Directories
• Name space
• Enterprise authentication
• Interrealm infrastructure• the edu objectclasses
• exchange of attributes
• Upperware• Digital libraries
• Grids
• uPortal
• OKI
CIC AIS Directors - April 15, 2002
D. Wasley’s PKI Puzzle
CIC AIS Directors - April 15, 2002
HEBCA developments
•The Higher Ed Bridge Certificate Authority is intended to be a exchange of trust point for certificate authorities that serve the higher ed community
• An effort of EDUCAUSE, with support from NIH , Internet2, and testbed campuses (UAB. Wisconsin, Dartmouth, California, Texas)
• MitreTek providing the services
• The HEBCA peers with the Federal Bridge and can act as an exchange for commercial CA’s (e.g. DST, Verisign, Entrust, etc.) and non-profit CA’s (e.g. CREN, campus CA’s, etc.)
• Challenges in technology and policy
CIC AIS Directors - April 15, 2002
Challenges in technology
• Conversions in formats between different CA implementations
• Securing the HEBCA system
• Getting all the directories to find each other
• Clients must be “bridge-aware”
CIC AIS Directors - April 15, 2002
Challenges in policy
• Current peering with FBCA is “test”
• Peering with the FBCA is a lugubrious process
• Policy mapping may be a hard process• Policy OIDs are all placeholders
• Creating Certificate Policies and Certificate Practice Statements hard
• No Policy Management Authority (PMA) yet
CIC AIS Directors - April 15, 2002
Security
• PKI• X.509 certificates
• Attribute certs
• Proxy certs
• Certificate Policies and Practice Statements
• XML• schemas
• common
• Privacy
CIC AIS Directors - April 15, 2002
What to watch…
• The campus middleware infrastructure - make sure it is being developed and reflects needs
• Vendor and database licensing and service changes
• Shibboleth Demos and Pilots
• NMI web sites• http://www.nsf-middleware.org
• http//www.nmi-edit.org
• http://www.grids-center.org
Related Documents
