Going Forward: Year 2 NMI and Higher Ed Middleware

1
Going ForwardYear 2 NMI and Higher Ed Middleware
2
Agenda

• Assessment of CAMP
• Assessment of processes
• web site, email lists, virtual briefings,
  meetings (session and preconference options)
• Going Forward
• NMI Year 2
• Higher Ed Middleware
• Take-aways

3
NMI-EDIT Participation and Resources

• Websites
• NMI nsf-middleware.org
• NMI-EDIT www.nmi-edit.org
• Internet2middleware.internet2.edu
• EDUCAUSE www.educause.edu
• Refer to the websites for more information on
  email lists
• Education and Workshops
• CAMPs
• Presentations and tutorials
• Working groups
• Renee Frost (rwfrost_at_internet2.edu)
• participation_at_nmi-edit.org
• Questions, requests, comments
• Ann West (awest_at_educause.edu)

4
CAMP Assessment

• Content
• too lofty/pretty fine/too detailed
• too intense/fine/more
• too immediate/fine/too long range
• political/technical balance
• Format
• panels? Presentations? Hand waving? Others?
  break into workgroups?
• bofs?
• Facilities
• location (global, local)
• wireless

5
Process Assessment

• web site (public and private/shared)
• email lists
• virtual briefings
• meetings (session and preconference options)
• Other ideas?
• Volunteer mechanisms

6
Going Forward

• NMI
• Higher Ed Middleware
• Virtual Organizations identifier crosswalks,
  etc
• PKI - HEBCA, CREN CA, S/MIME, SEVIS
• GGF what role for the enterprise? (security,
  accounting)
• Shibboleth 1.0 and FOO
• Upperware video, DRM, common calendars
• Affiliated directories
• AuthZ
• Centralized Services

7
NMI The Process

• Releases approximately every six months next
  one (Release 2) Oct 27, 2002
• Will continue to be a mix of software (programs
  and objectclasses), good practices and
  recommendations, and architectural whitepapers
• May be an opportunity to announce services
  (bridge CAs, registries, etc.) as well
• GridsCenter anticipates some (relatively modest)
  enhancements to Globus Toolkit 2.0, no OGSA
• EDIT Team anticipates Shibboleth 1.0 (RM
  0.5,ARPManager 0.5), eduOrg, Pubcookie 3.0, LDAP
  Analyzer, Architectural Papers in Video, Digital
  Rights Management, etc.
• Integration? Leveraging Campus Infrastructure in
  Grids?

8
Objectclasses in R2

• eduPerson 1.5 final
• eduOrg 1.0 final, eduOrg 1.5 experimental
• VoDendPoint 1.0 experimental
• Status of docs
• draft in the works, grist for the mill
• experimental consensus by work group (e.g.
  Mace-dir)
• rpr released for public review vetted fully
  within I2 community
• final as good as it gets (international,
  corporate, broader higher ed commentary)

9
Virtual Organizations

• Grid experiments, digital library consortiums,
  Internet2 VideoCommons, etc.
• Share real (realm-based) resources among a sparse
  set of (interrealm) users
• Requirements for authentication and
  authorization, resource discovery, etc need to
  leverage federated and hierarchical
  infrastructures.

10
Support services for VOs

• Centralized
• unique vo names and associated namespaces,
  objectclasses required
• trust model items (cert profiles, roots, etc.)
• At origin enterprises
• enterprise-wide app directories
• local security to vo security
• local directory mods
• At the target enterprises
• agency requirements

11
PKI

• SEVIS
• HEBCA next steps
• CREN CA next steps
• S/MIME
• Server side issues
• Open-Source CAs

12
Global Grid Forum

• Is GGF a standards organization for us?
• a way to internationalize academic objclasses,
  PKI enablement, etc.
• Is GGF a standards organization against us?
• security? accounting? web services?
• Is GGF a standards organization?
• can it be effective? can it define appropriate
  scope?
• What will we do if a Grid lands on campus?

13
Shibboleth 1.0 and FOO

• Pilots start almost immediately
• Next three months
• Completion of coding, security testing,
  performance enhancements, monitoring tools
• Serious work on resource managers and attribute
  release managers
• Architecting a fuller vision of resource
  managers and attribute management
• Shib 1.0
• FOO (federating organizations organization) to
  discuss the hard issues of multiple federations,
  subclubs, implementation, etc.

14
Upperware

• Video
• slowness in H.323 land
• a coming to grips in SIP space
• open clients and proxies
• DRM
• the workshop
• an architectural white paper in the fall
• Common calendars? Portals? OKI?

15
Got AuthZ?

• Role-based group-implemented access controls
• promote the Stanford work
• An enhanced model of the target side
• PDP
• PEP
• policy languages
• rights languages
• etc

16
What Centralized Services are Needed?

• A Sector CA?
• Higher Ed Bridge CA?
• Cert stores?
• UDDI host?
• Name Spaces? For what names (docs, attributes,
• Registries
• for Clubs
• for Virtual Organizations
• for Objectclasses

17
Take-aways

• Wireless authn/z done via forcing a web browser
  to a DMZ net
• Server-side PKI to solve immediate needs and get
  our feet wet
• El Dupe not yet dead
• Flashing twelves can drive a training curve
• Shib is gaining traction in the library community
• State diagrams and transition rules for account
  management are excellent tools
• IPSEC and VPNs in the wireless space
• End-entity PKI still not nigh
• Identity Management falls to those that need IT
• File sharing needs are still strong
• Pay for printing is a rat hole

18
Takeaways

• Librarians like us and we like them cause they
  understand and promote privacy
• sampleUperson installed in many places
• RBAC is viable and a win
• Registries and underlying databases help the
  management of directories
• The community remains interested and committed.
• Were not telling the story well