Download - MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn
![Page 1: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/1.jpg)
MyVOCS
My Virtual Organization Collaboration System
John-Paul RobinsonJill GemmillJason Lynn
Universty of Alabama at BirminghamOffice of the Vice President of Information Technology
Academic Computing
![Page 2: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/2.jpg)
What We'll Cover
● System Design Overview● System Tour● Future Work
![Page 3: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/3.jpg)
What We Wanted
● Virtual Organization Collaboration Environment for the UABgrid
● Communication -- Email● Data Organization -- CMS● Collaborative Editing -- Wiki● Document Sharing -- File Manager
● Demonstrate Utility of Middleware ● Leverage existing open source applications● Use middleware in familiar application contexts● Engage developer communities
![Page 4: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/4.jpg)
Requirements
● Leverage institutional identity ● Support inter-institutional collaborations● Centrally defined membership lists and
roles● Central attributes shared across
application and system administration boundaries
● VO autonomy from attribute stores out of their administrative control
![Page 5: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/5.jpg)
In a Nutshell
● Create an environment that enables collaborations among a relatively small part of the population which can cross organizational boundaries for users that don't have administrative authority over anything but their own VO and it's associated resources.
![Page 6: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/6.jpg)
The Model in Our Mind
● Helpful metaphor is desktop experience on a multi-user platform
● Can move seamlessly from one application to the next and each respects your identity by trusting the identity and group info they are given from a central attribute store which is made available because they trusted the login program to authn you.
● The model is Unix● Unix is a good model because from it's earliest
days it was successfully used to enable collaborations.
● Has the abstractions needed for a complete system environment
![Page 7: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/7.jpg)
High-level Picture of Environment
![Page 8: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/8.jpg)
Diagram of System Environment
![Page 9: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/9.jpg)
A Note on Terminology
● To discuss the two sides of this application space, some terms need to be clarified
● General or loose patterns ● “vo” prefix to identify a component that is
internal to the VO Shibboleth space, eg. “vocore” and “voapp”
● Alternate between the use of “VO” and “list”. ● “list” is a vo definition as well as a
communication service● The terminology is still evolving
![Page 10: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/10.jpg)
What We Chose
● Use Shibboleth for the inter-application, cross-organizational, attribute transfer
● Use mailing list management software as the foundation or core of the VO environment
● Use existing open source tools with established use as collaboration tools
● Didn't want to build the environment from scratch● If designed correctly, would be able to incorporate
interesting new applications in the future
![Page 11: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/11.jpg)
Why Pick a Mailing List Manager?
● Mailing lists are common tool for enabling cross-organizational collaborations
● Mailing list software has correct procedural abstractions for membership and roles
● Users self register for membership in list ● List owner has privileges to manage own list, he
is the vo administrator● Moderated list/group membership possible
● Enables a single service to host many distinct communities.
![Page 12: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/12.jpg)
Why Pick Sympa?
● Established mailing list package● Support for Shibboleth● Has complete UI for interacting with list
for list users and list owners● Nicely integrated with MTA so creating
a list/vo doesn't require admin intervention.
● SQL backend allowing 3rd party access● Could use shibboleth AA out of the box
![Page 13: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/13.jpg)
Touring the System
● VO Core● VO Directory● Account Initialization
● VO Activities ● Joining a VO● Creating a VO● Managing a VO
● VO Applications
![Page 14: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/14.jpg)
Navigating the VO Name Space
● Published list of VOs● Categories of VOs● Pick a VO to access it's main page
● This is part of the vocore service● Similar concept to the Yahoo! directory
![Page 15: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/15.jpg)
Navigating the VO Name Space
Goto Browser
![Page 16: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/16.jpg)
Account Initialization
● Initialization Step● Maps institutional identity to VO identity● Collect minimum required information for a
working VO environment (name/email)● Required only once, subsequent logins are
automatic ● Should be viewed as as the vocore setup
wizard for individual users.● Remember: model is desktop application space.
It's fairly common that the first time you use your desktop that you have to provide some data
● The vocore is a service provider in the identity federation
![Page 17: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/17.jpg)
Account Initialization
Goto Browser
![Page 18: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/18.jpg)
Why Prompt for Email?
● Couldn't we get all required information from the home institution?
● Isn't attribute distribution what Shibboleth is supposed to solve?
![Page 19: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/19.jpg)
Carmody/Morgan Conundrum
● Your email as defined by your institution may not be the email you use to communicate
● It may not even be a working email address
● EduPerson can't provide assurances about authenticity of email address
● User is authoritative for this attribute
![Page 20: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/20.jpg)
Account Initialization
Goto Browser
![Page 21: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/21.jpg)
Logging In to the Vocore
● Once the vocore knows the mapping to your vo identity, login proceeds normally
● The mapping is maintained inside Sympa right now
● After login you are ready to participate in a VO or create one
![Page 22: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/22.jpg)
The Dual Role of Sympa
● Sympa plays a dual role ● It is the vocore for registration and attribute
storage● It acts as a service within the VO
● Only a conceptual separation ● Leveraging an application as the vocore that is
not built with this in mind● Possible to implement from the ground up as
two very distinct applications● Possible to introduce separation of concepts
within Sympa● It's very useful to be aware of this separation in
order to leverage the tool to it's maximum
![Page 23: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/23.jpg)
Sympa Modifications
● Sympa uses email address as the user id internally and doesn't have a distinct user identity
● Needed to added userid to email mapping in order to support use as vocore
● Doesn't interfere with standard operation of Sympa
● Only leveraged during the login process
![Page 24: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/24.jpg)
Joining a VO
● A powerful feature of a mailing list is support for the end-user being able to join a group
● Navigate to the list's main page and join the list
● Default role is “member”
![Page 25: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/25.jpg)
Joining a VO
Goto Browser
![Page 26: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/26.jpg)
Creating a VO
● Creation is simple● Click on Create● Define the name, type, title, category, and
description● All VO applications are initialized during create
● Sympa can define different authorization scenarios for list creation
● Currently anyone may create a VO● Could restrict to anyone in InCommon
![Page 27: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/27.jpg)
Creating a VO
Goto Browser
![Page 28: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/28.jpg)
Managing VO Attributes
● VO attribute management is a direct result of management of the list
● Joining a list is how you join a virtual organization. This sets the “member” attribute
● Creating is list is how you become the owner of a virtual organization. This sets the “owner” attribute.
● Being elevated to an editor/moderator in the mailing list is how you gain edit privileges in certain voapps. This sets the “editor” attribute. Only owners may elevate privileges.
![Page 29: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/29.jpg)
Changing Roles
● Role changes occur in the vocore for a specific VO and are changed by the VO owner
● Sympa views this as standard mailing list management
● The other voapps respond to the new role for the user and deliver a different level of service accordingly
![Page 30: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/30.jpg)
Changing Roles
Goto Browser
![Page 31: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/31.jpg)
Meaning of Attributes to VO Applications
● Each tool interprets attributes in a way meaningful to itself
● Need to define the behavior of each role in the different VO application
![Page 32: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/32.jpg)
Behavior Varies with VO Application
● Wiki● Any member may modify
● CMS● Sensitive to member, editor, and owner roles
and give different privileges based on role● File Manager
● Sensitive to roles and gives different privileges based on role
![Page 33: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/33.jpg)
Behavior Varies with VO Application
Goto Browser
![Page 34: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/34.jpg)
Considerations for VO Applications
● What do you need to modify?● Should respect what the application is
capable of doing● Not everything is a swiss army knife● Sometimes it's best to just use a tool for what it
was designed to do● Introducing roles within an app that does have
that concept is probably more work than you want to do
● Remember the desktop: different applications do different things
![Page 35: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/35.jpg)
Name Space Navigation
● The back button doesn't work well to move between apps
● Possible solutions● Use different browser windows for each
application and use the window or tab names to navigate
● Visual integration of application menus, could be complex
● Export application name space via RSS or similar directory publishing technologies and simple menu applications for VO
● Consider the desktop analogy
![Page 36: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/36.jpg)
Visual Integration
● Consistent user experience● Easier if apps support template technology but
may not allow similar layouts● Basic integration could just consistently define
“Home” and “Logout” across applications and use similar logs and colors
● May not be the biggest initial hurdle since users accustomed to some variation across web apps
● Problems● Time intensive● May have to wait for other visual middleware
to advance.
![Page 37: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/37.jpg)
Data Integration
● Tough problem in general but specific data formats are already interchangeable
● Internet-standard messages● Archive in Sympa is good for public access ● Archive in CMS is great for tagging and organizing
new content from message discussion streams● Application replacement is not really
the goal since this is a traditional data migration issue
![Page 38: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/38.jpg)
Non-Federation Participants
● The basic solution requires that someone be willing to sponsor an identity.
● Yahoo/MSN/etc sponsor meaningless but useful identities
● A known user could sponsor an anonymous user giving them enhanced privileges and generating an audit trail
● Identification technologies like PKI-buddy systems could allow a user to become individually identified and qualify for a high quality identity from and IdP
● Need a solution for the infrastructure impoverished
![Page 39: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/39.jpg)
Controlling the VO Attributes
● Distribute attributes for a specific VO exclusively to applications for that VO
● Shib attribute release is on a SP basis● One solution is to elevate the VO identity to a
SP identity at the VO application hosting service
● Another option may be to provide different classifications of voapp hosting services and allow policy decisions to influence if a voapp provider can host applications for a VO
![Page 40: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/40.jpg)
Controlling the VO Application Space
● Can treat this as a distributed computation problem
● Plan to use Grid/Globus technologies under the hood to enable remote control application configuration on hosting providers
● Enables VO hosting trust relationships
![Page 41: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/41.jpg)
VO Attribute Management
● Make it possible to record more attributes for members of the vo and define additional roles within vo
● Introduces complexities of getting the roles to transfer to other apps.
● Attribute management by vo members is one of the most compelling reasons for this arrangement, akin to tagging
![Page 42: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/42.jpg)
Meaning of VO Attributes
● Attribute and role taxonomies and semantics could be developed at the local level by people with an immediate organizational interest in defining them
● If a vo sees the need to defining a new role they can define it an associate people with it
● Applications can then consume new role● These terms can bubble up the chain
as commonalities are discovered.
![Page 43: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/43.jpg)
Adding Grid Resources
● Make it possible for a VO to add it's own resources
● A good example:● Enable registering a group of desktops owned
by film animation students working on different campuses so they can render their animation on their own grid resources
● Keep up with what grid-shib is doing
![Page 44: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/44.jpg)
Define a Meta-WAYF
● In a multi-fed environment, need way for user to select which identity to use
● Effectively asking which federation they want to use
● Complicated question● But analogy to current system login id is there.
Which login account do i use? ● This is needed within the VO to direct
users to the correct identity provider
![Page 45: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/45.jpg)
More applications!
● Want to integrate more applications● Allow users to chose what tools they
want for their VO● Better VO attribute management
● Enhance Sympa (takes it beyond what a MLM might should be, swiss army knife dangers)?
● Replace with Grouper/Signet?● More application integration.
● Almost a never-ending process● See desktop
![Page 46: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/46.jpg)
More Documentation!
● Will be working on documenting developer notes for what issues to consider when integrating applications with middleware
● NMI R6 will include initial iteration with focus on mailing list application integration (coincidentally similar to existing env. ;)
![Page 47: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/47.jpg)
Try the Demo
● Play with the system here:– http://webapp.lab.ac.uab.edu/sympa
● Have questions, send them here:– [email protected]
![Page 48: MyVOCS My Virtual Organization Collaboration System John-Paul Robinson Jill Gemmill Jason Lynn](https://reader036.vdocuments.us/reader036/viewer/2022062806/56814f91550346895dbd4be8/html5/thumbnails/48.jpg)
Questions?