Presentation is loading. Please wait.

Presentation is loading. Please wait.

A History of the Next Five Years: (the rise of indoor plumbing)

Published byEstella Austin Modified over 5 years ago

Similar presentations

Presentation on theme: "A History of the Next Five Years: (the rise of indoor plumbing)"— Presentation transcript:

1 A History of the Next Five Years: (the rise of indoor plumbing)

2 2/22/2019

3 Topics Hooking applications to the plumbing
Role and rule based authorization Work flow Virtual organizations Privacy managers Global issues 2/22/2019

4 Hooking applications to the plumbing
The importance of presence in real time communications Externalizing from the application as more of the plumbing gets created E.g authentication, group management, privilege management Integration, integration, integration Fine-grain access control is attractive and dangerous; beware of complexity 2/22/2019

5 Role and rule based authorization
Role-based is the only scalable approach Requires campus business process reengineering Roles have standard modifiers, such as limits, prerequisites, expiration dates, etc. Delegation of roles desirable but tricky Rule-based allows lots of real-time exceptions Doctors in the emergency room Visitors with laptops in the library When processor use drops below 10% 2/22/2019

6 Work Flow Closely related to authorization, in technology and practice
Applies to a wide variety of situations, from business uses to job scheduling in grids to message handling. May be a common architecture across those use cases, and perhaps tools of relatively broad scope to build. 2/22/2019

7 Virtual Organizations (VO’s)
Examples, differentiators, current challenges The common requirements Background on recent middleware work The virtual organization support space Role of enterprise and of federation Role of virtual organization support center Role of virtual organization The business case for/against the model How do we know if it is viable… 2/22/2019

8 Virtual Organizations
Geographically distributed, enterprise distributed community that shares real resources as an organization. Examples include team science (NEESGrid, HEP, BIRN, NEON), digital content managers (library cataloguers, curators, etc), a state-based life-long learning consortia, a group of researchers coordinating a launch vehicle payload, etc. On a continuum from interrealm groups (no real resource management, few defined roles) to real organizations (primary identity/authentication providers) Want to leverage enterprise middleware and external trust fabrics, as well as support centers 2/22/2019

9 Virtual Organizations have…
Real resources that they share and manage May be computational resources May be scientific instruments May be bandwidth May be shared data and content Economic data Museum materials Cultural and artistic works A relatively small set of users who tend to travel in common circles Often the need to have some accounting and regulatory compliance 2/22/2019

10 Not Virtual Organizations
University of Colorado, Boulder. LBL. Fred Hutchinson Cancer Center. etc. – these are enterprises, doing primary identity management services for faculty, students and staff the Beverly PTA wiki, Alt.gerbils-in-leather – these are groups, a set of people with a common interest but not managing real resources AOL, MSN, IdentityCommons, etc. – these are commercial identity service providers 2/22/2019

11 Looking at V.O.s from a plumber’s view
2/22/2019

12 National Science Digital Library Content Managers
2/22/2019

13 The TeraGrid 2/22/2019

14 The Hadron Collider cluster of experiments
2/22/2019

15 Virtual organizations vary…
By lifetime of VO Some are relatively short-term, perhaps 1-2 years Some may persist for extended periods By size By cluster – at any one time, experiments (virtual orgs) are active at Fermi Lab, CERN. A shuttle launch may need coordination among several vo’s that have equipment aboard. By type of domain-specific tools A number are using Grids A number subscribe to major scientific data streams Some have no domain-specific tools 2/22/2019

16 Being a VO is hard… There are new requirements for security
There is the need for development of operational models that integrate requirements from sites with requirements from science Simplified end-user tools that are consistent with the rest of a user’s experience would be very helpful. Diagnostics across so many systems is difficult and getting significantly worse 2/22/2019

17 Being a VO is hard… Many resources use geographically-oriented access controls Regulatory requirements might span countries The local IT infrastructure of members of a VO may vary widely Tools are not designed to work together, present a common management infrastructure, etc. 2/22/2019

18 The Common Requirements
Communications support Multiple options for real-time and asynchronous intraVO work Integrated into the rest of one’s “presence” Collaboration support Transparent web content access control Workflow Diagnostics Plumbing the control plane into the domain science systems and virtual organization software Plumbing the vo technologies into the local enviroment 2/22/2019

19 Support services VO Service Center Collaboration services
Plumbing Into domain applications Collaboration services Communication services Enterprise based virtual organization shims Core middleware federation 2/22/2019

20 Communication support
Add this address book to my desktop video client as a vo setup Shared calendar access: Grant the following roles in my vo permission to read my calendar at a campus-equivalent level A “transparently manageable” mail list for the vo. Provide and maintain an IM buddy list for the vo Diagnostics 2/22/2019

21 Collaboration support
A transparent and managed wiki A transparent and managed set of web access controls Role based authorization Workflow A p2p trust fabric for vo use Data models Of the data Of the meta-data – what are the privileges, rights. Etc Management of international issues in privacy, copyright, etc. 2/22/2019

22 Plumbing the control plane
Management of the management aspects of the domain tools Domain tools include Globus for Grids, Chemistry workbench, a historical data archive manager, etc. Management aspects deal largely with managing users and uses, but can have initial configuration components “2% of the science, 50% of the pain …” Providing a common user experience for both enterprise and vo systems Today, each app believes it is the only one in your life… Common models, terminology, controls, etc. Distinct privileges being managed Integration of vo and enterprise Students in class X can run vo experiment Y VO and enterprise requirements can be joined 2/22/2019

23 Example University financials 1
2/22/2019

24 Example University financials 2
2/22/2019

25 Example University financials 3
2/22/2019

26 VO authorization 1 2/22/2019

27 VO authorization 2 2/22/2019

28 VO authorization 3 2/22/2019

29 The Middleware Work… The Basic Approach
Focus and manner of work The role of Mace The work at the enterprise level Directories Web SSO, namespace and basic authentication Signet The work at the federation level Shibboleth The work at the virtual organization level Bits and pieces 2/22/2019

30 The Model: Enterprises, Federations, VO’s
Given the strong collaborations within the academic community, there is an urgent need to create inter-realm tools, so Build consistent campus and enterprise middleware infrastructure deployments, with outward facing objectclasses, service points, etc. and then Federate those enterprise deployments, using the outward facing campus infrastructure, with interrealm attribute transports, trust services, etc. and then Leverage that federation to enable a variety of applications from network authentication to instant messaging, from video to web services, and then, going forward Create tools and templates that support the management and collaboration of virtual organizations by building on the federated campus infrastructures. 2/22/2019

31 Middleware Axioms Work the core areas
Focus on interrealm and collaborative needs Use federated administration as the lever; have the enterprise broker most services (authentication, authorization, resource discovery, etc.) in inter-realm interactions Develop a consistent directory infrastructure within R&E Provide security while not degrading privacy. Foster interrealm trust fabrics: federations and virtual organizations Leverage campus expertise and build rough consensus Support for heterogeneity and open standards Influence the marketplace; develop where necessary 2/22/2019

32 RL “Bob” and Keith 2/22/2019

33 The Virtual Organization Support Space
Role of enterprise and of federation Role of virtual organization support center Role of virtual organization The business case for/against the model 2/22/2019

34 Enterprise and federation
Collaboration and communications infrastructure Common plumbing interface Storage of VO attributes in enterprise object classes Hosting VO services for some VO Federation Trust fabric for enterprise assertions Dissemination of VO objectclasses International trust fabric 2/22/2019

35 VO Service Centers To provide infrastructure services for users whose enterprises can’t play To coordinate the dissemination of enterprise shims relative to the vo’s supported in the area To coordinate international efforts for multi-national vo’s To help train vo’s in the use of the tools and the organizational issues 2/22/2019

36 Virtual organization Data and metadata models
Attribute and role definition Domain specific infrastructure 2/22/2019

37 Privacy Managers 2/22/2019

38 Global Issues Privacy Discrepancies Government trust peering
And, sigh, time zone issues 2/22/2019

Download ppt "A History of the Next Five Years: (the rise of indoor plumbing)"

Similar presentations

Unified Communications Bill Palmer ADNET Technologies, Inc.

Unified Communications Bill Palmer ADNET Technologies, Inc.
Polycom Unified Collaboration for IBM Lotus Sametime and IBM Lotus Notes January 2010.

Polycom Unified Collaboration for IBM Lotus Sametime and IBM Lotus Notes January 2010.
The Access Grid Ivan R. Judson 5/25/2004.

The Access Grid Ivan R. Judson 5/25/2004.
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
ASCR Data Science Centers Infrastructure Demonstration S. Canon, N. Desai, M. Ernst, K. Kleese-Van Dam, G. Shipman, B. Tierney.

ASCR Data Science Centers Infrastructure Demonstration S. Canon, N. Desai, M. Ernst, K. Kleese-Van Dam, G. Shipman, B. Tierney.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Data Grid: Storage Resource Broker Mike Smorul. SRB Overview Developed at San Diego Supercomputing Center. Provides the abstraction mechanisms needed.

Data Grid: Storage Resource Broker Mike Smorul. SRB Overview Developed at San Diego Supercomputing Center. Provides the abstraction mechanisms needed.
High Performance Computing Course Notes 2007-2008 Grid Computing.

High Performance Computing Course Notes Grid Computing.
Internet2 and other US WMD Update. Topics Update on non-merger, Newnet (and the control plane), InCommon and other feds “Product” update – Shib, Grouper,

Internet2 and other US WMD Update. Topics Update on non-merger, Newnet (and the control plane), InCommon and other feds “Product” update – Shib, Grouper,
1 Software & Grid Middleware for Tier 2 Centers Rob Gardner Indiana University DOE/NSF Review of U.S. ATLAS and CMS Computing Projects Brookhaven National.

1 Software & Grid Middleware for Tier 2 Centers Rob Gardner Indiana University DOE/NSF Review of U.S. ATLAS and CMS Computing Projects Brookhaven National.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
Grids and Grid Technologies for Wide-Area Distributed Computing Mark Baker, Rajkumar Buyya and Domenico Laforenza.

Grids and Grid Technologies for Wide-Area Distributed Computing Mark Baker, Rajkumar Buyya and Domenico Laforenza.
Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.

Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.
Understanding Active Directory

Understanding Active Directory
Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.

Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.
Intro to Identity for Developers Tom Barton, U Chicago Scott Cantor, Ohio State Patrick Michaud, U Washington.

Intro to Identity for Developers Tom Barton, U Chicago Scott Cantor, Ohio State Patrick Michaud, U Washington.
CI Days: Planning Your Campus Cyberinfrastructure Strategy Russ Hobby, Internet2 Internet2 Member Meeting 9 October 2007.

CI Days: Planning Your Campus Cyberinfrastructure Strategy Russ Hobby, Internet2 Internet2 Member Meeting 9 October 2007.
1 School of Computer, National University of Defense Technology A Profile on the Grid Data Engine (GridDaEn) Xiao Nong

1 School of Computer, National University of Defense Technology A Profile on the Grid Data Engine (GridDaEn) Xiao Nong
What is Cyberinfrastructure? Russ Hobby, Internet2 Clemson University CI Days 20 May 2008.

What is Cyberinfrastructure? Russ Hobby, Internet2 Clemson University CI Days 20 May 2008.
Middleware Support for Virtual Organizations Internet 2 Fall 2006 Member Meeting Chicago, Illinois Stephen Langella Department of.

Middleware Support for Virtual Organizations Internet 2 Fall 2006 Member Meeting Chicago, Illinois Stephen Langella Department of.

Similar presentations

Ads by Google