Presentation is loading. Please wait.

Presentation is loading. Please wait.

Taking Care of Our Core Business: Managing Collaborations Dr. Ken Klingenstein, Senior Director, Internet2 Middleware and Security.

Published byThomas Lee Modified over 8 years ago

Similar presentations

Presentation on theme: "Taking Care of Our Core Business: Managing Collaborations Dr. Ken Klingenstein, Senior Director, Internet2 Middleware and Security."— Presentation transcript:

1 Taking Care of Our Core Business: Managing Collaborations Dr. Ken Klingenstein, Senior Director, Internet2 Middleware and Security

2 Presenter’s Name Topics Internet identity The bloom of collaboration tools Collaboration management platforms Domesticated applications Use by virtual organizations Next step issues

3 Presenter’s Name Types of Internet identity Federated Leveraging enterprise identity for inter-realm purposes Authentication, entitlements and attributes are the common payloads Privacy, security and trust are the critical issues P2P Originally PGP, now Infocard, OpenId, etc. Need trust fabrics - may be coupled with reputation systems for trust – and privacy mechanisms Both are growing at exponential rates

4 Presenter’s Name Federated Identity Enterprises exchanging assertions about users Real time exchanges of standardized attribute/value pairs Often identity based but can preserve privacy through the use of attributes Basis for trusting the exchanged assertions via common policies, legal agreements, contracts, laws, etc. Federations offer a flexible and largely scalable privacy preserving identity management infrastructure

5 Presenter’s Name Another Internet identity - P2P Identities Provides tokens for interpersonal trust, but not trust (needs reputation systems, etc) Easy for application developers to incorporate Use cases include blogs and wikis, file and photo sharing, some encrypted email, etc. Layered space – Cardspace by MS, Higgins and the Bandits, OpenId, etc. Rapidly growing but starting to hit the hard issues: Revocation Delegation and transitive trust Privacy

6 Presenter’s Name Collaboration and Federated Identity Two powerful forces being leveraged the rise of federated identity the bloom in collaboration tools, most particularly in the Web 2.0 space but including file shares, email list procs, etc Collaboration management platforms provide identity services to “well-behaved” collaboration applications Results in user and collaboration centric identity, not tool-based identity

7 Presenter’s Name A Bloom of Collaboration Tools An over-abundance of new tools that provide rich and growing collaboration capabilities (aka Web 2.0) Do you Wiki, blog, moodle, sakai, IM, Chat, videoconference, audioconference, calendar, flikr, netmeeting, access grid, dimdim, listserv, webdav, etc Share files among workgroups, access Elsevier, work with the IEEE, etc No uber-app – limits invention and community of users 3 - 4 is fine, but many per user is hard to manage Leads to the need to manage the collaborations and its tools

8 Presenter’s Name Collaboration management examples Wiki access control, email list, IM, etc synchronization Adding a graduate student hired by a VO subgroup to a set of services Can manage the lists, manage access controls for the lab doors, manage the VO wiki, have course management privileges, join the VO chat room, schedule audioconferences… Goal is for the end user or their collabmin to manage these authorizations in an easy and sustainable way Providing access to scholarly material for a class The content lifecycle from research to instruction, for both external content and locally generated content

9 Presenter’s Name Collaboration Management Platforms Goal is to develop a “platform” for handling the identity management aspects of many different collaboration tools Platform includes a framework and model, specific running code that implements the model, and applications that take advantage of the model This space presents possibilities of improving the overall unified UI as well as UI for specific applications and components.

10 Presenter’s Name COmanage A collaboration management platform, supported in part by a NSF OCI grant, being developed by the Internet2 community, with Stanford as a lead institution Well-behaved applications externalize their identity management dimensions to an general identity/group/privilege/etc repository (LDAP, MySQL, etc.) Users manage IdM in a collaboration-centric way, not in a tool-centric way Uses Shibboleth, Grouper, and Signet Open source, open protocol

11 Presenter’s Name Domesticated applications Applications that externalize their identity management dimensions Domestication typically goes in stages – first identity, then group and privilege management, perhaps then provisioning Domestication relative to the external access protocols used (SAML, LDAP, MySQL, web services, etc.) Applications done or being targeted Sympa, Confluence, Asterisk (open-source IP audioconferencing), Dim-Dim (open-source web meeting), Bedeworks (federated open- source calendar), Subversion, JIRA, Al fresco Finally domain science resources – Instrument, Grids

12 Federated Wiki Domain Science Grid Domain Science Instrument University AUniversity B Laboratory X Collaboration Management Platform Collaboration Tools/ Resources Application Attributes Home Org & Id Providers/ Sources of Authority Attribute Ecosystem Flows Attribute/Resource Info Data Store Collaboration Management Platform (CMP) and the Attribute Ecosystem Sources of Authority C o Authorization – Group Info Authorization – Privilege Info Authentication People Picker Other Functions manage File Sharing Calendar Phone/ Video Conference Email List Manager

13 Presenter’s Name Some general COmanage comments A limited number of consoles present the basic identity services; can move directly between services as a standard workflow Early in the development; the GUI is particularly primitive Underlying store is an LDAP directory; alternatives include MySQL db, RTF store, etc. COmanage can be deployed by a campus, a department, a VO, a VO service center; COmanage instances communicate with each other by the “attribute ecosystem” voodoo It is plumbed; hence it is sustainable, secure, flexible.

14 Presenter’s Name The major COmanage consoles Applications – a growing list Identity View basic local stored data Privacy management, using Shib My Groups – manages collaboration groups across the full variety of applications, using Grouper My Privileges – manages permissions that you have and that you assign to others and groups, currently using Signet Once set up, COmanage automatically maintains and updates the applications, reflecting group changes from source feeds, aging privileges, etc.

15 Presenter’s Name Relative Roles of Signet & Grouper Grouper Signet RBAC (role-based access control) model Users are placed into groups (aka “roles”) Privileges are assigned to groups Groups can be arranged into hierarchies to effectively bestow privileges Grouper manages, well, groups Signet manages privileges Separates responsibilities for groups & privileges

16 Presenter’s Name Two types of application enablement “domesticated” apps draw their entitlements, attributes and roles from the CMP directory or db or… (something external to the app) Other apps can have information from COManage pushed into them Static or dynamic provisioning Connectors could be X.509 certs, SAML assertions, etc.

17 Presenter’s Name COmanage specifics Wiki, dev and users being set up Beta release in June, 1.0 in August, OpenLDAP as the data store. Debian VMware Domesticated apps in bundle where licenses permit Testing in several venues and VO’s GUI issues, modularity of components issues

18 Presenter’s Name COmanage next steps Growing the community Of apps and developers Of users Web services, API’s for tools within COmanage Leveraging federations Interactions with other CMP – Myworks, IAMSuites, G5PO, etc

19 Presenter’s Name C o C o C o C o C o How Collaboration Management Platforms (CMP) Communicate Campus Virtual Organization Virtual Organization Service Center Federation Linked Identities SAML Batch Attribute Ecosystem Key COmanage CMP Other CMP C o

20 Presenter’s Name Virtual Organizations An increasing artifact of the landscape of scientific research, largely from the cost complex nature of the new instruments and growing data sets Always inter-institutional, frequently international Having a “mission” in teaching and a need for administration Tend to cluster around unique global scale facilities and instruments Heavily reflected in agency solicitations and peer review processes Being seen now in the arts and humanities

21 Presenter’s Name Virtual Organization Characteristics Distributed across space Distributed across time Dynamic management structures Collaboratively enabled Computationally enhanced

22 Presenter’s Name Building Effective Virtual Organizations A workshop run by NSF in January 2008 to give many newly minted VO’s the wisdom of the ages Cross directorate with OCI catalytic A few very insightful talks Was intended to cover the complex social and economic issues as well as some common technical issues, but veered towards collaboration chaos… http://www.ci.uchicago.edu/events/VirtOrg2008/

23 Presenter’s Name Collaboration and Virtual Organizations VOs are first collaborative organizations General collaboration tools – listservs, wikis, audioconferencing, videoconferencing, shared calendars, etc. Academic collaboration tools – grant proposal and administration management, paper development and publication Many support components for such activities can also meet needs in the domain science management

24 Presenter’s Name Two specimen VO’s LIGO-GEO-VIRGO (www.ligo.org)www.ligo.org Ocean Observing Initiative (http://www.joiscience.org/ocean_observing)http://www.joiscience.org/ocean_observing Interests include federated identity, COmanage, and domain science use Both have international characteristics

25 Presenter’s Name Next Steps and Issues Feedback from virtual organizations Enterprise and VO deployments Leverage federations Inter-federation peering Virtual organization support centers The attribute ecosystem

26 Presenter’s Name Lessons Learned Collaborate externally; compete internally Time zones are hell Big turf issue of the local VO sysadmin Many of the instruments are black-boxes Physical access controls matter Scientific accomplishments and egos

Download ppt "Taking Care of Our Core Business: Managing Collaborations Dr. Ken Klingenstein, Senior Director, Internet2 Middleware and Security."

Similar presentations

The Basics of Federated Identity. Overview of Federated Identity and Grids Workshop Session 1 - for all Basics and GridShib Session 2 – more for developers.

The Basics of Federated Identity. Overview of Federated Identity and Grids Workshop Session 1 - for all Basics and GridShib Session 2 – more for developers.
From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…

From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.

Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.
Internet2 and other US WMD Update. Topics Update on non-merger, Newnet (and the control plane), InCommon and other feds “Product” update – Shib, Grouper,

Internet2 and other US WMD Update. Topics Update on non-merger, Newnet (and the control plane), InCommon and other feds “Product” update – Shib, Grouper,
Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.

Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.
A Middleware Unified Field Theory Identity Management / Directories Privileges / Groups Single Sign-On / Federation Enterprise Integration from network.

A Middleware Unified Field Theory Identity Management / Directories Privileges / Groups Single Sign-On / Federation Enterprise Integration from network.
Spark Web 2.0 Tools for Communication and Collaboration David Grogan Manager, Curricular Technology Group UIT Academic Technology Tufts University What.

Spark Web 2.0 Tools for Communication and Collaboration David Grogan Manager, Curricular Technology Group UIT Academic Technology Tufts University What.
Internet Scale Identity, Collaboration and Higher Education.

Internet Scale Identity, Collaboration and Higher Education.
Leading in a new IT environment: Old saws and new technologies.

Leading in a new IT environment: Old saws and new technologies.
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
Welcome Acknowledgments and thanks Security Acronymny: then and now What’s working What’s proving hard.

Welcome Acknowledgments and thanks Security Acronymny: then and now What’s working What’s proving hard.
Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.

Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.
New CyberInfrastructure for Collaboration between Higher Ed and NIH.

New CyberInfrastructure for Collaboration between Higher Ed and NIH.
FIM-ig Federated Identity Management Interest Group.

FIM-ig Federated Identity Management Interest Group.
Technical Overview of Kuali Rice UC Davis, Information & Educational Technology January 2009.

Technical Overview of Kuali Rice UC Davis, Information & Educational Technology January 2009.
Intro to Identity for Developers Tom Barton, U Chicago Scott Cantor, Ohio State Patrick Michaud, U Washington.

Intro to Identity for Developers Tom Barton, U Chicago Scott Cantor, Ohio State Patrick Michaud, U Washington.
Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.

Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.
Stuff Ken Klingenstein. Stuff sack InCommon Stuff Infocard, Open Id, etc… Federation soup Cormack slides on EU (and US) privacy International.

Stuff Ken Klingenstein. Stuff sack InCommon Stuff Infocard, Open Id, etc… Federation soup Cormack slides on EU (and US) privacy International.
Shib in the present and the future Ken Klingenstein Director, Internet2 Middleware and Security.

Shib in the present and the future Ken Klingenstein Director, Internet2 Middleware and Security.

Similar presentations

Ads by Google