NSF Middleware Initiative and Enterprise Middleware: What Can It Do for My Campus? Mark Luker, EDUCAUSE Copyright Mark Luker, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.
Topics What is IT being asked to do? What do we mean by “Middleware”? Why is NSF involved? What’s available to help my campus? How can I use it?
What is IT being asked to do? On-line, 24 X 7 university services integrated with Academic course management systems Student life offerings and community events Administrative services for faculty, staff, and students -for-life E-procurement Automatic provisioning of computer accounts based on business rules Workflow and electronic signatures for forms
More on the “to do” list Multi-campus research-project support Secure PDA and wireless support Just-in-time announcements By campus, department, organization, class, major…. Expensive library databases shared with other schools in the system Seamless transfer/integration of student records among state-system or partnering schools
What do all of these have in common? Are the people using these services who they claim to be? Are they a member of our campus community? Are they authorized to use the service? Is their privacy being protected? Is the service being protected? These questions are answered using middleware services.
New Institutional Infrastructure: Identity Management (IdM) A suite of campus-wide security, access, and information services Identity and role-based access Privacy-oriented control Integrated services Increased security with decreased complexity for constituents
Components of IdM Identifiers– your electronic names Multiple names and corresponding information in multiple places Single unique identifier for each authorized user Names and information in other systems can be cross-linked to it
Components of IdM (cont.) Authentication – links the physical you to an electronic identifier Security need should drive authentication method Distance learning and inter-campus applications Authorization – allowing you to use services Affiliated with the school (roles) Permitted to use the services based on those roles
Components of IdM (cont.) Enterprise Directory Services – where your electronic identifiers are reconciled and basic characteristics are kept Very quick lookup function Phone number, addresses, campus identifiers Authentication Access Control Work flow
What is NSF interested in? NSFnet NSF Middleware Initiative (NMI) Scientists and engineers can transparently use and share distributed resources, such as computers, data, and instruments Research and education communities can effectively collaborate using advanced communications tools Internet users around the world can benefit.
NSF Middleware Initiative Purpose To design, develop, deploy and support a set of reusable, expandable set of middleware functions and services that benefit applications in a networked environment
NMI Teams Core NMI EDIT Consortium (Enterprise and Desktop Integration Technologies) EDUCAUSE, Internet2 & SURA GRIDS Center ISI, NCSA, U Chicago, UCSD & U Wisconsin Several additions in 2003 NMI deliverables Software, best practices, white papers, and services NMI Release 4 became available December 2003
NMI-EDIT Consortium Project Goals Create a common, persistent and robust core middleware infrastructure for the R&E community Provide tools and services in support of inter- institutional and inter-realm collaborations Most funding passed through to campuses for work Focus on intra and inter-institutional IdM and related services
What’s available to help my campus? NMI-EDIT Components from Four NMI Releases Authentication: 3 WebISO solutions, credential mapping from Kerberos to PKI, policy documents, registry service Authorization: Architecture and related software and libraries for multi-institution collaboration and resources sharing: Shibboleth and PERMIS Enterprise Directories: Higher-ed schemas, operational monitoring and schema analysis tools; practices in design, groups, metadirectories; implementation roadmap
What’s available to help my campus? NMI-EDIT Components from NMI Releases (cont.) Integration Activities with Grid environment: Credential mapping from campus to Grid environment, GLUE schema analysis tool Applications: Directory schema for video; video middleware cookbook Education: Venues for learning about IdM including CAMPs and on-line deployment materials for directories
NMI-EDIT Findings Consensus on inter-institutional middleware standards and maturing architecture to support collaborative applications Widespread interest in Shibboleth within R&E communities Credential mapping from core enterprise to Grid service Grid adoption of SAML in Open Grid Services Architecture (OGSA)
NMI-EDIT Findings (cont.) Creation and maintenance of a heavily referenced set of design and best practices documents Effective linkages with International research communities Discovery and development of campus IT staff Influence on both federal and commercial standards Direct outreach to over 320 institutions
Upcoming Work Authorization White papers, tools, templates, software to help campuses establish role-based authorization services that can be leveraged for campus and inter-institutional applications Middleware diagnostics Architecture, services, software to help trouble shoot inter-institutional IdM-related problems
Upcoming Work (cont.) Virtual organizations Geographically and enterprise distributed community that shares real resources as an organization Develop architecture, software, tools and related services to integrate campus IdM systems to enable virtual organizations
The pieces fit together… Campus infrastructure Developing and encouraging the deployment of identity management components, tools, and support services Inter-realm infrastructure Leveraging the local organizational infrastructure to enable access to the broader community though Building on campus identity management infrastructures Extending them to contain standard schemas and data definitions Enabling the exchange of access information in a private and secure way Developing diagnostic tools to make complex middleware interactions easier to understand
How can I use it? Review what’s available at Development page links to available components Getting Started page links to beginning resources Enterprise Directory Implementation Roadmap More information on the NMI is available at
How can I use it? (cont.) Educate yourself about IdM and its role (cont) Recent article in EDUCAUSE Quarterly Attend an NMI-EDIT workshop EDUCAUSE Annual and Regional meetings Internet2 Member Meetings Attend an NMI-EDIT CAMP CAMP Workshop on Directories Feb 3-6 Tempe AZ Beginning IdM Workshop on Feb 3 Directory Workshop or June (Boulder); November (San Diego) 2004
More information….. Mark Luker Education, participation, and resources questions Ann West