Campus middleware in the service of Science Keith Hazelton Internet2 Middleware Architecture Committee for Education NSF Internet2 Day October 19, 2006

Middleware serving science The vision: from siloed applications to layered services A fictional illustrative example Examples from the real world Results so far Who is involved Scope of work The emergence of Federations and Virtual Organizations

A Map of Middleware Land

Vision in one slide Build a campus/enterprise core middleware infrastructure that Serves the overall enterprise IT environment, providing business drivers and institutional investment for sustainability and scalability Is designed to support the research and instructional missions Implies consistent approaches and common practices across campuses and internationally Build, plumb, and replumb the tools of research on top of that emergent infrastructure Domain-specific middleware (grids, sensor nets, etc) Common collaboration tools (video, protected wikis, shared calendaring, audioconferencing, etc.)

Components of Core Middleware: Internet2 with NSF support

Why Ease of use Common tools used in a consistent fashion Allow students to access research capabilities in instructional environments Better security Integrate with local security Facilitate flexible options for effective use Preserve privacy but maintain accountability

Why Realizes efficiencies, economic and strategic, that serves both the institution and its individuals Facilitate advanced networking and science Trust-mediated transparency Transparent-to-use tools for collaboration Better diagnostics

An Example: Jean Blue and VOGUE Hypothetical Professor Jean Blue Professor of Micro-astro Physics at Sandstone U, teaching MAP 1010 PI of international VOGUE project Fiscal authority of local VOGUE funds Parking permit for Lot 421 ID Card

Integrating science and education Jean Blue, as PI of VOGUE, gets lots of research capabilities that need to work in education. Assign to students of MAPS 101 permission to read the VOGUE mass-hypometer Assign to the four TA/discussion leaders permission to reset the mass-hypometer Facilitate on-line discussions among the students taking classes at other universities from her co-PI’s Have read/write privileges on the VOGUE wiki, and give her students read access to parts of the Wiki There are many, many problems with the current ad hoc approaches

Functions and Roles for Jean Blue Lead VOGUE scientist Run experiments Manage instruments and data Administer rights for others to manage I&D Collaborator – audioconferences, IM, wikis Co-PI of VOGUE grant Manage local financial accounts Approve local hires Edit and electronically submit proposals

Functions and Roles for Jean Blue VOGUE Disseminator Provide editorial content for outreach wiki Mentor K-12 teachers in community programs Educator Teach undergraduate classes using research tools Supervise graduate students, TA’s, etc.

Concrete examples Elsevier, JSTOR e-resource providers: –Scientists aren't even aware that their access to digital library materials is mediated by NMI federating software, shibboleth (Ohio State) Physics professor using WebAssign service for content and testing (Penn State)

Concrete examples Cancer Biomedical Informatics Grid Incorporates NMI group/role management and federation software in caGrid 1.0, rolling out in December

Concrete examples Scientists in Denmark and Norway have access to supercomputer facility through a portal in Finland Shib-enabled access to Condor – Georgetown users, Univ. of Wisconsin resources

The Vision, from the User View A consistent set of tools to manage their campus and virtual organization lives Provide a common approach to authentication, authorization, delegation, etc. Permit activities that cross educational and virtual organization boundaries Provide usability, security and privacy Satisfy regulatory and audit requirements

From Vision to Reality We’re now 5-6 years into a multi-year development and deployment effort Broad participation of higher education and the commercial sector in the US and internationally Deep engagement with the federal government Key players include Internet2, NSF, Educause, GSA, NIH, etc.

The results so far Effective promotion of issues, roadmaps, etc to campuses and corresponding investment by campuses (“2006 Number 1 IT Issue”) Broad adoption of community standards Provision of key open-source components Shape major technical standards Creation of inter-institutional trust fabrics to provide federated identity infrastructure Consistent international deployments, some more extensive than the US The early beginnings of virtual organization development.

Who’s involved Many interested parties – the time is now, for both the needs and the capabilities Within the academic sector, driven by campus IT organizations supplying architects, working open source code, and participation in community standards processes In the corporate sector, both vendors and large, heterogeneous companies see the needs and opportunities

Who’s involved Initiatives within government, from NSF NMI to GSA E-Authentication, providing project funding and use the resulting products. Internationally, R&E sectors are active and in some cases exceeding US efforts Internet2 Middleware Initiative and MACE have been focus points and coordination mechanisms.

Scope of work Core middleware infrastructure, including directories, authentication, authorization, etc. in service to academic, administrative and research missions. An emerging set of developments in virtual organization support, including both basic collaboration tools and platforms such as GridShib Deliverables are open source software (Shib, Signet, Grouper, etc.), community standards (eduPerson, eduOrg), best practices, dissemination and sharing, and some modest services (InCommon, USHER)

Parallel trajectories outside the US e-Science initiatives in Great Britain and Australia both include heavy investment in middleware development many of the projects building on prior NSF Middleware Initiative deliverables from Internet2 Most notably: National Higher Education Shibboleth deployment in Great Britain

Parallel trajectories outside the US January 2005, the Australian Department of Education, Science and Training (DEST) and the UK Joint Information Systems Committee (JISC) signed a DEST-JISC Cooperation Framework Closer collaboration, continued investment in e- Science and related middleware activities

Federations Concept

Federated identity and virtual organizations Campuses build consistent and sustainable middleware infrastructures Federating software and federations create effective inter-institutional collaboration infrastructure on that substrate Federations peer internationally and across sectors to extend the value Virtual organizations leverage campus infrastructure and peered federations for user- centric enterprise-leveraged collaborations

The Art of Federating

GridShib A set of approaches to leveraging federated identity in Grids Projects leverage local authentication in a variety of ways, and some contemplate extending local authorization approaches to Grids All approaches provide significant improvements to user experience, security, privacy, cost of operations and more. Pilot deployments planned in the next few months across a part of the Teragrid

The impacts on cyberinfrastructure “The event was a nice example of why you get on an airplane and travel to a workshop - to make progress about 50 times faster than exchanging and position papers! Having made this investment, we are ready to take the next concrete steps to make this vision a reality. Improving security and usability at the same time. How often do you get a chance to do that? “ Charlie Catlett, Teragrid Director

Q & A