Upload
amanda-palmer
View
216
Download
0
Embed Size (px)
DESCRIPTION
What do we want? Inter-Enterprise Workgroup Collaborations not sexy
Citation preview
~60 staff
1. Collaborators around the world2. Supports communities of collaborators
external to Internet23. Community uses wiki, mailing lists, instant
messaging, voice conferencing services4. Doesn’t want to be in the identity issuance
business for external collaborators5. Need to allow external + internal
collaborators to use same service instances
A Short description of Internet2
A MiddlewareUnified Field Theory
Identity Management / Directories Privileges / Groups
Single Sign-On / FederationDiagnostics
Enterprise Integration
from network to application Michael R GettesInternet2
October 2007An interpretation of the original MACE mission
What do we want?
Inter-EnterpriseWorkgroup
Collaborations
not sexy
or
Collaborative
Organizations
CO
Identity
Groups
Privileges
Federated Access
and …
Applications
“It’s the App stupid!”
Give
COntrol
To
COmmunity Members
Integrate withExisting
COmmonIT Infrastructures
in
Higher Education
FlexibleScalableModular
COmponents
S H I B B O L E T H
LDAP-PC
Signet Grouper
LDAPDirectory
IdentityMgr
Applications & Network
CO
stop talkingstart walking
demo
COmanage.internet2.edu
COmponents
S H I B B O L E T HS H I B B O L E T H
LDAP-PC
Signet Grouper
LDAPDirectory
IdentityMgr
Applications & Network
CO
Comanage …
is only a demonstration ofthe CO model
a CO fits within a service
delivery strategy
Application Management
App Access to data ismanaged by LDAP (initially)
Identity data can be distributed by any desired mechanism in the future. SQL databases, feeds, message bus technologies.
Many COson a single server
(if you wanna do that)
Grouper/Signet/LDAP-PC
Identity Mgr
Grouper/Signet/LDAP-PCGrouper/Signet/LDAP-PCGrouper/Signet/LDAP-PCGrouper/Signet/LDAP-PCGrouper/Signet/LDAP-PCGrouper/Signet/LDAP-PCGrouper/Signet/LDAP-PCGrouper/Signet/LDAP-PC
LDAP
Application setApplication setApplication setApplication setApplication setApplication set
No local identity issued for external users to access
CO servicesbig win!
O=University,c=USou=People (this is where 50K fac/staff/stu might reside)ou=CO (external identities for CO go here)ou=Groups (a place to store groups for all)
Example directory tree for CO environment
Applications pointed here for identitiesyields the union of internal and external
Future…Begin addressing issues of “attribute
eCOnomy”Protect CO by Identity Provider…
can solve “IEEE problem”?
Web site wants to
know:Are you a
member of IEEE?
MyUniversity
IEEE-COThis org hasmembershipdata but doesnot manageidentity - a COwith onlyexternal users.
User
HomeIdentity Provider
Diagnostics
Lifting up shib log filesand making EDDY deposits
Creating a unified and federated view of diag data•Network data: flows, snort, snmp•System stats: cpu, i/o, mem, etc…•Infrastructure: shib, ldap, authN, etc…•Application: http, confluence, sympa, calendar
etc, etc, etc…
http://web.cmu.edu/eddy
Network Layer?Why not?
Integrate with Grids?Why not?
Addresses VO scenarios?Why not?
VOVO?CO
Make your opinion known…
Should Internet2 use COmanage for service delivery?
Rick Summerhill [email protected] Fremon [email protected]