campus middleware in the service of science keith hazelton internet2 middleware architecture...
TRANSCRIPT
Campus middleware in the service of Science
Keith HazeltonInternet2 Middleware Architecture Committee for Education
NSF Internet2 DayOctober 19, 2006
Middleware serving science• The vision: from siloed applications to layered services• A fictional illustrative example• Examples from the real world• Results so far• Who is involved• Scope of work• The emergence of Federations and Virtual
Organizations
A Map of Middleware Land
Vision in one slide• Build a campus/enterprise core middleware
infrastructure that• Serves the overall enterprise IT environment, providing business
drivers and institutional investment for sustainability and scalability• Is designed to support the research and instructional missions
• Implies consistent approaches and common practices across campuses and internationally
• Build, plumb, and replumb the tools of research on top of that emergent infrastructure• Domain-specific middleware (grids, sensor nets, etc)• Common collaboration tools (video, protected wikis, shared
calendaring, audioconferencing, etc.)
Components of Core Middleware:Internet2 with NSF support
Why
• Ease of use•Common tools used in a consistent fashion•Allow students to access research capabilities in
instructional environments • Better security• Integrate with local security • Facilitate flexible options for effective use•Preserve privacy but maintain accountability
Why• Realizes efficiencies, economic and strategic, that
serves both the institution and its individuals• Facilitate advanced networking and science• Trust-mediated transparency• Transparent-to-use tools for collaboration•Better diagnostics
An Example: Jean Blue and VOGUE
• Hypothetical Professor Jean Blue•Professor of Micro-astro Physics at
Sandstone U, teaching MAP 1010•PI of international VOGUE project•Fiscal authority of local VOGUE funds•Parking permit for Lot 421• ID Card 465631-1289
Integrating science and education• Jean Blue, as PI of VOGUE, gets lots of research
capabilities that need to work in education. • Assign to students of MAPS 101 permission to read the
VOGUE mass-hypometer• Assign to the four TA/discussion leaders permission to reset
the mass-hypometer• Facilitate on-line discussions among the students taking
classes at other universities from her co-PI’s• Have read/write privileges on the VOGUE wiki, and give her
students read access to parts of the Wiki
• There are many, many problems with the current ad hoc approaches
Functions and Roles for Jean Blue
• Lead VOGUE scientist•Run experiments•Manage instruments and data•Administer rights for others to manage I&D•Collaborator – audioconferences, IM, wikis
• Co-PI of VOGUE grant•Manage local financial accounts•Approve local hires•Edit and electronically submit proposals
Functions and Roles for Jean Blue
• VOGUE Disseminator•Provide editorial content for outreach wiki•Mentor K-12 teachers in community
programs• Educator• Teach undergraduate classes using research
tools•Supervise graduate students, TA’s, etc.
Concrete examples•Elsevier, JSTOR e-resource providers: – Scientists aren't even aware that their
access to digital library materials is mediated by NMI federating software, shibboleth (Ohio State)
•Physics professor using WebAssign service for content and testing (Penn State)
Concrete examples•Cancer Biomedical Informatics Grid •Incorporates NMI group/role management
and federation software in caGrid 1.0, rolling out in December
Concrete examples•Scientists in Denmark and Norway
have access to supercomputer facility through a portal in Finland
•Shib-enabled access to Condor– Georgetown users, Univ. of Wisconsin
resources
The Vision, from the User View
• A consistent set of tools to manage their campus and virtual organization lives•Provide a common approach to
authentication, authorization, delegation, etc.•Permit activities that cross educational and
virtual organization boundaries•Provide usability, security and privacy•Satisfy regulatory and audit requirements
From Vision to Reality• We’re now 5-6 years into a multi-year
development and deployment effort
• Broad participation of higher education and the commercial sector in the US and internationally
• Deep engagement with the federal government
• Key players include Internet2, NSF, Educause, GSA, NIH, etc.
The results so far• Effective promotion of issues, roadmaps, etc to
campuses and corresponding investment by campuses (“2006 Number 1 IT Issue”)
• Broad adoption of community standards• Provision of key open-source components• Shape major technical standards • Creation of inter-institutional trust fabrics to provide
federated identity infrastructure• Consistent international deployments, some more
extensive than the US • The early beginnings of virtual organization
development.
Who’s involved
• Many interested parties – the time is now, for both the needs and the capabilities
• Within the academic sector, driven by campus IT organizations supplying architects, working open source code, and participation in community standards processes
• In the corporate sector, both vendors and large, heterogeneous companies see the needs and opportunities
Who’s involved
• Initiatives within government, from NSF NMI to GSA E-Authentication, providing project funding and use the resulting products.
• Internationally, R&E sectors are active and in some cases exceeding US efforts
• Internet2 Middleware Initiative and MACE have been focus points and coordination mechanisms.
Scope of work•Core middleware infrastructure, including directories, authentication, authorization, etc. in service to academic, administrative and research missions.
•An emerging set of developments in virtual organization support, including both basic collaboration tools and platforms such as GridShib
•Deliverables are open source software (Shib, Signet, Grouper, etc.), community standards (eduPerson, eduOrg), best practices, dissemination and sharing, and some modest services (InCommon, USHER)
Parallel trajectories outside the US
• e-Science initiatives in Great Britain and Australia• both include heavy investment in middleware
development• many of the projects building on prior NSF
Middleware Initiative deliverables from Internet2
• Most notably: National Higher Education Shibboleth deployment in Great Britain
Parallel trajectories outside the US
• January 2005, the Australian Department of Education, Science and Training (DEST) and the UK Joint Information Systems Committee (JISC) signed a DEST-JISC Cooperation Framework
• Closer collaboration, continued investment in e-Science and related middleware activities
Federations Concept
Federated identity and virtual organizations
• Campuses build consistent and sustainable middleware infrastructures
• Federating software and federations create effective inter-institutional collaboration infrastructure on that substrate
• Federations peer internationally and across sectors to extend the value
• Virtual organizations leverage campus infrastructure and peered federations for user-centric enterprise-leveraged collaborations
The Art of Federating
GridShib• A set of approaches to leveraging federated
identity in Grids• Projects leverage local authentication in a variety
of ways, and some contemplate extending local authorization approaches to Grids
• All approaches provide significant improvements to user experience, security, privacy, cost of operations and more.
• Pilot deployments planned in the next few months across a part of the Teragrid
The impacts on cyberinfrastructure“The event was a nice example of why you get on an
airplane and travel to a workshop - to make progress about 50 times faster than exchanging email and position papers! Having made this investment, we are ready to take the next concrete steps to make this vision a reality.
Improving security and usability at the same time. How often do you get a chance to do that? “
Charlie Catlett, Teragrid Director
Q & A