Upload
juliana-snow
View
215
Download
1
Embed Size (px)
Citation preview
Going Forward:Year 2 NMI and Higher Ed Middleware
Agenda
Assessment of CAMP
Assessment of processes
web site, email lists, virtual briefings, meetings (session and preconference options)
Going Forward
NMI – Year 2
Higher Ed Middleware
Take-aways
NMI-EDIT Participation and Resources
Websites• NMI: nsf-middleware.org• NMI-EDIT: www.nmi-edit.org• Internet2:middleware.internet2.edu• EDUCAUSE: www.educause.edu• Refer to the websites for more information on email lists
Education and Workshops• CAMPs• Presentations and tutorials
Working groups• Renee Frost ([email protected])• [email protected]
Questions, requests, comments…• Ann West ([email protected])
CAMP Assessment
Content
too lofty/pretty fine/too detailed
too intense/fine/more
too immediate/fine/too long range
political/technical balance
Format
panels? Presentations? Hand waving? Others? break into workgroups?
bofs?
Facilities
location (global, local)
wireless
Process Assessment
web site (public and private/shared)
email lists
virtual briefings
meetings (session and preconference options)
Other ideas?
Volunteer mechanisms
Going Forward
NMI
Higher Ed Middleware
Virtual Organizations – identifier crosswalks, etc
PKI - HEBCA, CREN CA, S/MIME, SEVIS
GGF – what role for the enterprise? (security, accounting)
Shibboleth 1.0+ and FOO
Upperware – video, DRM, common calendars
Affiliated directories
AuthZ
Centralized Services
NMI – The Process
Releases approximately every six months – next one (Release 2) Oct 27, 2002
Will continue to be a mix of software (programs and objectclasses), good practices and recommendations, and architectural whitepapers
May be an opportunity to announce services (bridge CA’s, registries, etc.) as well
GridsCenter anticipates some (relatively modest) enhancements to Globus Toolkit 2.0, no OGSA
EDIT Team anticipates Shibboleth 1.0 (RM 0.5,ARPManager 0.5), eduOrg, Pubcookie 3.0, LDAP Analyzer, Architectural Papers in Video, Digital Rights Management, etc.
Integration? Leveraging Campus Infrastructure in Grids?
Objectclasses in R2
eduPerson 1.5 final
eduOrg 1.0 final, eduOrg 1.5 experimental
VoDendPoint 1.0 experimental
Status of docs
draft – in the works, grist for the mill
experimental – consensus by work group (e.g. Mace-dir)
rpr – released for public review; vetted fully within I2 community
final – as good as it gets (international, corporate, broader higher ed commentary)
Virtual Organizations
Grid experiments, digital library consortiums, Internet2 VideoCommons, etc.
Share real (realm-based) resources among a sparse set of (interrealm) users
Requirements for authentication and authorization, resource discovery, etc need to leverage federated and hierarchical infrastructures.
Support services for VO’s
Centralized
unique vo names and associated namespaces, objectclasses required
trust model items (cert profiles, roots, etc.) …
At origin enterprises
enterprise-wide app directories
local security to vo security
local directory mods
At the target enterprises
agency requirements
PKI
SEVIS
HEBCA next steps
CREN CA next steps
S/MIME
Server side issues
Open-Source CA’s
Global Grid Forum
Is GGF a standards organization for us?
a way to internationalize academic objclasses, PKI enablement, etc.
Is GGF a standards organization against us?
security? accounting? web services?
Is GGF a standards organization?
can it be effective? can it define appropriate scope?
What will we do if a Grid lands on campus?
Shibboleth 1.0 and FOO
Pilots start almost immediately
Next three months
Completion of coding, security testing, performance enhancements, monitoring tools
Serious work on resource managers and attribute release managers
Architecting a fuller vision of resource managers and attribute management
Shib 1.0 +
FOO (federating organizations organization) to discuss the hard issues of multiple federations, subclubs, implementation, etc.
Upperware
Video
slowness in H.323 land
a coming to grips in SIP space
open clients and proxies
DRM
the workshop
an architectural white paper in the fall
Common calendars? Portals? OKI?
Got AuthZ?
Role-based group-implemented access controls
promote the Stanford work
An enhanced model of the target side
PDP
PEP
policy languages
rights languages
etc
What Centralized Services are Needed?
A Sector CA?
Higher Ed Bridge CA?
Cert stores?
UDDI host?
Name Spaces? For what names (docs, attributes,
Registries
for Clubs
for Virtual Organizations
for Objectclasses
Take-aways
Wireless authn/z done via forcing a web browser to a DMZ net
Server-side PKI to solve immediate needs and get our feet wet
El Dupe not yet dead
Flashing twelves can drive a training curve
Shib is gaining traction in the library community
State diagrams and transition rules for account management are excellent tools
IPSEC and VPN’s in the wireless space
End-entity PKI still not nigh
Identity Management falls to those that need IT
File sharing needs are still strong
Pay for printing is a rat hole
Takeaways
Librarians like us and we like them cause they understand and promote privacy
sampleUperson installed in many places
RBAC is viable and a win
Registries and underlying databases help the management of directories
The community remains interested and committed.
We’re not telling the story well