Campus middleware in the service of
Keith Hazelton
Internet2 Middleware Architecture Committee for Education
NSF Internet2 Day
October 19, 2006
Middleware serving science
The vision: from siloed applications to layered services
A fictional illustrative example
Examples from the real world
Results so far
Who is involved
Scope of work
The emergence of Federations and Virtual
A Map of Middleware
Vision in one slide
• Build a campus/enterprise core middleware
infrastructure that
• Serves the overall enterprise IT environment, providing business
drivers and institutional investment for sustainability and scalability
• Is designed to support the research and instructional missions
• Implies consistent approaches and common practices across campuses
and internationally
• Build, plumb, and replumb the tools of research on top of
that emergent infrastructure
• Domain-specific middleware (grids, sensor nets, etc)
• Common collaboration tools (video, protected wikis, shared
calendaring, audioconferencing, etc.)
Components of Core Middleware:
Internet2 with NSF support
• Ease of use
• Common tools used in a consistent fashion
• Allow students to access research capabilities in
instructional environments
• Better security
• Integrate with local security
• Facilitate flexible options for effective use
• Preserve privacy but maintain accountability
• Realizes efficiencies, economic and strategic, that
serves both the institution and its individuals
• Facilitate advanced networking and science
• Trust-mediated transparency
• Transparent-to-use tools for collaboration
• Better diagnostics
An Example: Jean Blue and VOGUE
• Hypothetical Professor Jean Blue
• Professor of Micro-astro Physics at
Sandstone U, teaching MAP 1010
• PI of international VOGUE project
• Fiscal authority of local VOGUE funds
• Parking permit for Lot 421
• ID Card 465631-1289
Integrating science and education
• Jean Blue, as PI of VOGUE, gets lots of research
capabilities that need to work in education.
• Assign to students of MAPS 101 permission to read the
VOGUE mass-hypometer
• Assign to the four TA/discussion leaders permission to reset
the mass-hypometer
• Facilitate on-line discussions among the students taking
classes at other universities from her co-PI’s
• Have read/write privileges on the VOGUE wiki, and give her
students read access to parts of the Wiki
• There are many, many problems with the current ad hoc
Functions and Roles for Jean Blue
• Lead VOGUE scientist
Run experiments
Manage instruments and data
Administer rights for others to manage I&D
Collaborator – audioconferences, IM, wikis
• Co-PI of VOGUE grant
• Manage local financial accounts
• Approve local hires
• Edit and electronically submit proposals
Functions and Roles for Jean Blue
• VOGUE Disseminator
• Provide editorial content for outreach wiki
• Mentor K-12 teachers in community
• Educator
• Teach undergraduate classes using research
• Supervise graduate students, TA’s, etc.
Concrete examples
• Elsevier, JSTOR e-resource providers:
– Scientists aren't even aware that their
access to digital library materials is
mediated by NMI federating software,
shibboleth (Ohio State)
• Physics professor using WebAssign
service for content and testing (Penn
Concrete examples
• Cancer Biomedical Informatics Grid
• Incorporates NMI group/role management
and federation software in caGrid 1.0,
rolling out in December
Concrete examples
• Scientists in Denmark and Norway
have access to supercomputer facility
through a portal in Finland
• Shib-enabled access to Condor
– Georgetown users, Univ. of Wisconsin
The Vision, from the User View
• A consistent set of tools to manage their
campus and virtual organization lives
• Provide a common approach to
authentication, authorization, delegation, etc.
• Permit activities that cross educational and
virtual organization boundaries
• Provide usability, security and privacy
• Satisfy regulatory and audit requirements
From Vision to Reality
• We’re now 5-6 years into a multi-year
development and deployment effort
• Broad participation of higher education and the
commercial sector in the US and internationally
• Deep engagement with the federal government
• Key players include Internet2, NSF, Educause,
GSA, NIH, etc.
The results so far
• Effective promotion of issues, roadmaps, etc to
campuses and corresponding investment by campuses
(“2006 Number 1 IT Issue”)
• Broad adoption of community standards
• Provision of key open-source components
• Shape major technical standards
• Creation of inter-institutional trust fabrics to provide
federated identity infrastructure
• Consistent international deployments, some more
extensive than the US
• The early beginnings of virtual organization
Who’s involved
• Many interested parties – the time is now,
for both the needs and the capabilities
• Within the academic sector, driven by
campus IT organizations supplying
architects, working open source code, and
participation in community standards
• In the corporate sector, both vendors and
large, heterogeneous companies see the
needs and opportunities
Who’s involved
• Initiatives within government, from NSF NMI
to GSA E-Authentication, providing project
funding and use the resulting products.
• Internationally, R&E sectors are active and
in some cases exceeding US efforts
• Internet2 Middleware Initiative and MACE
have been focus points and coordination
Scope of work
• Core middleware infrastructure, including directories,
authentication, authorization, etc. in service to
academic, administrative and research missions.
• An emerging set of developments in virtual organization
support, including both basic collaboration tools and
platforms such as GridShib
• Deliverables are open source software (Shib, Signet,
Grouper, etc.), community standards (eduPerson,
eduOrg), best practices, dissemination and sharing, and
some modest services (InCommon, USHER)
Parallel trajectories outside the US
• e-Science initiatives in Great Britain and Australia
• both include heavy investment in middleware
• many of the projects building on prior NSF
Middleware Initiative deliverables from Internet2
• Most notably: National Higher Education Shibboleth
deployment in Great Britain
Parallel trajectories outside the US
• January 2005, the Australian Department of
Education, Science and Training (DEST) and the UK
Joint Information Systems Committee (JISC) signed
a DEST-JISC Cooperation Framework
• Closer collaboration, continued investment in eScience and related middleware activities
Federations Concept
Federated identity and virtual
• Campuses build consistent and sustainable
middleware infrastructures
• Federating software and federations create
effective inter-institutional collaboration
infrastructure on that substrate
• Federations peer internationally and across
sectors to extend the value
• Virtual organizations leverage campus
infrastructure and peered federations for usercentric enterprise-leveraged collaborations
The Art of Federating
• A set of approaches to leveraging federated
identity in Grids
• Projects leverage local authentication in a variety
of ways, and some contemplate extending local
authorization approaches to Grids
• All approaches provide significant improvements
to user experience, security, privacy, cost of
operations and more.
• Pilot deployments planned in the next few months
across a part of the Teragrid
The impacts on cyberinfrastructure
“The event was a nice example of why you get on an
airplane and travel to a workshop - to make
progress about 50 times faster than exchanging
email and position papers! Having made this
investment, we are ready to take the next concrete
steps to make this vision a reality.
Improving security and usability at the same time.
How often do you get a chance to do that? “
Charlie Catlett, Teragrid Director
Related flashcards

13 Cards


21 Cards


30 Cards


16 Cards

Banks of Germany

43 Cards

Create flashcards