Going Forward:Year 2 NMI and Higher Ed Middleware

Agenda

Assessment of CAMP

Assessment of processes

web site, email lists, virtual briefings, meetings (session and preconference options)

Going Forward

NMI – Year 2

Higher Ed Middleware

Take-aways

NMI-EDIT Participation and Resources

Websites• NMI: nsf-middleware.org• NMI-EDIT: www.nmi-edit.org• Internet2:middleware.internet2.edu• EDUCAUSE: www.educause.edu• Refer to the websites for more information on email lists

Education and Workshops• CAMPs• Presentations and tutorials

Working groups• Renee Frost (rwfrost@internet2.edu)• participation@nmi-edit.org

Questions, requests, comments…• Ann West (awest@educause.edu)

CAMP Assessment

Content

too lofty/pretty fine/too detailed

too intense/fine/more

too immediate/fine/too long range

political/technical balance

Format

panels? Presentations? Hand waving? Others? break into workgroups?

bofs?

Facilities

location (global, local)

wireless

Process Assessment

web site (public and private/shared)

email lists

virtual briefings

meetings (session and preconference options)

Other ideas?

Volunteer mechanisms

Going Forward

NMI

Higher Ed Middleware

Virtual Organizations – identifier crosswalks, etc

PKI - HEBCA, CREN CA, S/MIME, SEVIS

GGF – what role for the enterprise? (security, accounting)

Shibboleth 1.0+ and FOO

Upperware – video, DRM, common calendars

Affiliated directories

AuthZ

Centralized Services

NMI – The Process

Releases approximately every six months – next one (Release 2) Oct 27, 2002

Will continue to be a mix of software (programs and objectclasses), good practices and recommendations, and architectural whitepapers

May be an opportunity to announce services (bridge CA’s, registries, etc.) as well

GridsCenter anticipates some (relatively modest) enhancements to Globus Toolkit 2.0, no OGSA

EDIT Team anticipates Shibboleth 1.0 (RM 0.5,ARPManager 0.5), eduOrg, Pubcookie 3.0, LDAP Analyzer, Architectural Papers in Video, Digital Rights Management, etc.

Integration? Leveraging Campus Infrastructure in Grids?

Objectclasses in R2

eduPerson 1.5 final

eduOrg 1.0 final, eduOrg 1.5 experimental

VoDendPoint 1.0 experimental

Status of docs

draft – in the works, grist for the mill

experimental – consensus by work group (e.g. Mace-dir)

rpr – released for public review; vetted fully within I2 community

final – as good as it gets (international, corporate, broader higher ed commentary)

Virtual Organizations

Grid experiments, digital library consortiums, Internet2 VideoCommons, etc.

Share real (realm-based) resources among a sparse set of (interrealm) users

Requirements for authentication and authorization, resource discovery, etc need to leverage federated and hierarchical infrastructures.

Support services for VO’s

Centralized

unique vo names and associated namespaces, objectclasses required

trust model items (cert profiles, roots, etc.) …

At origin enterprises

enterprise-wide app directories

local security to vo security

local directory mods

At the target enterprises

agency requirements

PKI

SEVIS

HEBCA next steps

CREN CA next steps

S/MIME

Server side issues

Open-Source CA’s

Global Grid Forum

Is GGF a standards organization for us?

a way to internationalize academic objclasses, PKI enablement, etc.

Is GGF a standards organization against us?

security? accounting? web services?

Is GGF a standards organization?

can it be effective? can it define appropriate scope?

What will we do if a Grid lands on campus?

Shibboleth 1.0 and FOO

Pilots start almost immediately

Next three months

Completion of coding, security testing, performance enhancements, monitoring tools

Serious work on resource managers and attribute release managers

Architecting a fuller vision of resource managers and attribute management

Shib 1.0 +

FOO (federating organizations organization) to discuss the hard issues of multiple federations, subclubs, implementation, etc.

Upperware

Video

slowness in H.323 land

a coming to grips in SIP space

open clients and proxies

DRM

the workshop

an architectural white paper in the fall

Common calendars? Portals? OKI?

Got AuthZ?

Role-based group-implemented access controls

promote the Stanford work

An enhanced model of the target side

PDP

PEP

policy languages

rights languages

etc

What Centralized Services are Needed?

A Sector CA?

Higher Ed Bridge CA?

Cert stores?

UDDI host?

Name Spaces? For what names (docs, attributes,

Registries

for Clubs

for Virtual Organizations

for Objectclasses

Take-aways

Wireless authn/z done via forcing a web browser to a DMZ net

Server-side PKI to solve immediate needs and get our feet wet

El Dupe not yet dead

Flashing twelves can drive a training curve

Shib is gaining traction in the library community

State diagrams and transition rules for account management are excellent tools

IPSEC and VPN’s in the wireless space

End-entity PKI still not nigh

Identity Management falls to those that need IT

File sharing needs are still strong

Pay for printing is a rat hole

Takeaways

Librarians like us and we like them cause they understand and promote privacy

sampleUperson installed in many places

RBAC is viable and a win

Registries and underlying databases help the management of directories

The community remains interested and committed.

We’re not telling the story well