NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.

NSF Middleware Initiative

Renee Woodten Frost

Assistant Director, Middleware Initiatives

Internet2

NSF

Middleware

Initiative

CIC AIS Directors - April 15, 2002

Topics for Today

• NMI goals and processes

• Major elements• Campus middleware infrastructure - Directories, security

• National middleware services - HEBCA, DODHE, etc.

• Further Grid development

• Grid deployment and integration into campus infrastructure

• First year targets

• Internet2 middleware activities

• HEBCA developments


What is the NMI?

• NSF award for integrators to• Globus (NCSA, UCSD, University of Chicago, USC/ ISI, and

University of Wisconsin)

• Internet2, EDUCAUSE, and SURA

• Build on the successes of the Globus project and the Internet2/MACE initiative

• Multi-Year Effort

• A practical (deployment) activity that necessitates some research

• Separate awards to academic pure research “throw it long” components


The Problem We’re Trying To Solve...

• To allow scientists and engineers the ability to transparently use and share distributed resources, such as computers, data, and instruments

• To develop effective collaboration and communications tools such as Grid technologies, desktop video, and other advanced services to expedite research and education, and

• To develop a working architecture and approach which can be extended to Internet users around the world.

• Middleware is the stuff that makes “transparently use” happen, providing consistency, security, privacy and capability


What Outcomes is it Trying to Achieve?

• A unified model for managing the campus infrastructure • directories

• identity

• meta-directories

• security

• authentication

• authorization

• services

• A model for achieving interoperability for the research and higher ed communities

• A model for building applications


How Will it Accomplish these Goals?

• Facilitate communication among interested parties to increase the likelihood of interoperable solutions

- vendors

- standards groups develop middleware tools

• Develop consensus around “Best Practices”

• Develop consensus around recommendations to support interoperability and standard directory

• Facilitate the development and availability of Open Source Implementations for middleware components


How Will it Accomplish these Goals?

• Integrate emerging middleware components into a well-tested, comprehensive, commercial-quality, middleware distribution package that runs on multiple platforms.

• Facilitate the availability of applications that leverage this infrastructure

• - e.g., H.323 clients

• - open source services


A Map of Middlewareland


NMI First Year Goals

• Build campus middleware infrastructure in support of research and education

• Collaborative inter-realm infrastructure development• desktop video

• interoperable web services

• Grid advancement and integration

• Nurture innovative new middleware components

• NMI Release 1 - May, 2002


Identity Services on One Slide

Campus authentication Enterprise directory

Web services and

servers

WebISO

Learning Management

Systems PersonalPortals

Objectclassstandards

(e.g.eduperson,gridperson)

ContentPortals

Shibbolethexchange of

attributes

FuturePKI

DODHEet al

Future PKI

Interrealm

Security Domain

Gridset al


Simple Federated Administration Model

client

EnterpriseLDAP

directory

Attributeauthority

AuthenticationService target

Attributerequestor

Policvdecision

point

Policyenforcement

pointPolicy

enforcementpoint

Policyenforcement

points

Video directory

Service discoveryservice

Protocols

Griddirectory Video

directory

EnterpriseLDAP

directory


Internet2 Middleware Initiative

• Directories• eduPerson 1.5

• eduOrg

• Groups

• Metadirectories

• Shibboleth - interrealm exchange of attributes

• DoDHE

• PKI-light - edging towards signed (and perhaps encrypted) email

• Authentication - webiso

• Authorization


The pieces fit together…

• Campus infrastructure• Directories

• Name space

• Enterprise authentication

• Interrealm infrastructure• the edu objectclasses

• exchange of attributes

• Upperware• Digital libraries

• Grids

• uPortal

• OKI


D. Wasley’s PKI Puzzle


HEBCA developments

•The Higher Ed Bridge Certificate Authority is intended to be a exchange of trust point for certificate authorities that serve the higher ed community

• An effort of EDUCAUSE, with support from NIH , Internet2, and testbed campuses (UAB. Wisconsin, Dartmouth, California, Texas)

• MitreTek providing the services

• The HEBCA peers with the Federal Bridge and can act as an exchange for commercial CA’s (e.g. DST, Verisign, Entrust, etc.) and non-profit CA’s (e.g. CREN, campus CA’s, etc.)

• Challenges in technology and policy


Challenges in technology

• Conversions in formats between different CA implementations

• Securing the HEBCA system

• Getting all the directories to find each other

• Clients must be “bridge-aware”


Challenges in policy

• Current peering with FBCA is “test”

• Peering with the FBCA is a lugubrious process

• Policy mapping may be a hard process• Policy OIDs are all placeholders

• Creating Certificate Policies and Certificate Practice Statements hard

• No Policy Management Authority (PMA) yet


Security

• PKI• X.509 certificates

• Attribute certs

• Proxy certs

• Certificate Policies and Practice Statements

• XML• schemas

• common

• Privacy


What to watch…

• The campus middleware infrastructure - make sure it is being developed and reflects needs

• Vendor and database licensing and service changes

• Shibboleth Demos and Pilots

• NMI web sites• http://www.nsf-middleware.org

• http//www.nmi-edit.org

• http://www.grids-center.org

NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.

Documents

middleware tools

capabilitycic ais directors

emerging middleware

nmi goals

support of research

year goals

identity services

advanced services