Presentation is loading. Please wait.

Presentation is loading. Please wait.

Leading in a new IT environment: Old saws and new technologies.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Leading in a new IT environment: Old saws and new technologies."— Presentation transcript:

1 Leading in a new IT environment: Old saws and new technologies

2 Disclaimers The abstract and the talk The ambiguity of the title The work of many, many others …and my good seat in the house

3 About the title, and our topics today  Leading in a new IT environment A bit player in some very fine plays… A few frontiers from the past 25 years Some new frontiers for the next several years  Leading, in a new IT environment The challenges for IT leaders in the new frontiers Some trusty old saws A few potentially useful new saws

4  Leading in a new IT environment: A few frontiers from the last 25 years The changing form and face of computing Making the Internet market The rise of the middle layer

5 The changing form and face of computing Technical The move from mainframe to mini to micro to LAN to client server to grid to mobile device to … The move from pocket-protected user to pocket pc user With each technical shift so shift the politics The role of the central IT organization Much of the economics The policy needs

6 What we were leading in then… IT as services, not as cycles Having the mainframe was not a blessing The network as the driver A shift in the funding model And the rise of the have-nots And the loss of a commons And the banner message of the day

7 Making the Internet market The late sixties and seventies established the core TCP/IP technologies and value to the CS community The eighties made a mass market of technology, applications and content The nineties created business plans and businesses

8 What we were leading in then… A fundamental new infrastructure, with business models (occasionally) and large scale industry A lack of governance structure, with an array of processes that lurch forward A distributed, non-hierarchical information space A seismic shift from local to global thinking

9 The recent rise of the Middle layer Building campus/enterprise core middleware infrastructure that Serves the overall enterprise IT environment Is designed from the start to support the research and instructional missions - Implies consistent approaches and common practices across campuses and internationally Basic elements include identity management, directories, group and privilege management, workflow, authority trees, etc… Application developers are now interested in outsourcing core needs to a middleware infrastructure

10 The rise of federations Federations offer a flexible and largely scalable privacy preserving identity management infrastructure Federations are occurring broadly, and internationally, to support inter-institutional and external partner collaborations They provide a powerful leverage of campus credentials Federations are learning to peer Internal federations are also proving quite useful

11  Leading in a New IT Environment: Some Frontiers for the Next Several Years Integrating Internet Identity Trust Fabrics and Virtual Organizations Authorization and the Attribute Ecosystem Plumbing the applications The rise of the collaboration layer

12 Types of Internet identity Federated Inter and intra enterprise; bi-lateral or multi-lateral In academic settings, privacy preserving capabilities and international use are helpful Often is role and entitlement oriented P2P Originally PGP Now Infocard, OpenId, etc. May be coupled with reputation systems for trust (Global may still happen)

13 Identity integration goals First, of federated and p2p identity Many levels of integration – tokens, GUI, privacy management paradigm, trust fabrics… Then, of identity and privilege management Assignment and management of permissions to users by those with authority to grant such access Addresses the static aspects of the authorization space, with audit, delegation, prerequisites, etc. Permissions can be enterprise or virtual organization

14 Trust fabrics Federations themselves are still very early Climbing the LOA curve Business models are ripe with possibilities and uncertainties Interfederation – Peering, Leveraged, Confederation, Intersecting Reputation systems integration into federated trust.

15 Of Federations and Virtual Organizations Federations provide general trust fabrics for use by many users accessing a variety of resources Specific collaborations among small subsets of users, typically a science experiment or a research community, are VO’s. The intent is to leverage peered federations to support the identity management needs of virtual organizations, for both general collaboration and the domain science software/systems. International aspects of many VO’s drives peering of federations Note that VO’s can build across P2P trust

16 Peering Parameters: LOA Attribute mapping Legal structures Liability Adjudication Metadata VO Support Economics Privacy

17 VOs plumbed to federations

18 Authorization and the Attribute Ecosystem The movement of attributes, entitlements, privileges, etc from sources of authority to identity providers, service providers, middlemen (portals, gateways, proxies, etc.) Includes account linking, the “IEEE problem”, provisioning and deprovisioning, etc. Can be compile time or run time movement Needs protocols, audit and diagnostics, etc. The ecosystem needs to deliver its services in a trustworthy manner; some fabric is required

19 User Application access controls (including network devices) IdP Shib p2p Source of Authority Source of Authority Source of Authority Portal Gateway Proxy Source of Authority Source of Authority Source of Authority Source of Authority Source of Authority Real life in the attribute ecosystem IdP Source of Authority

20 Plumbing the applications Many applications need identity management and access controls There are degrees of plumbing. The minimum is some type of federated identity or use of a standard P2P, along with privacy management Even better would be use of enterprise services for group and privilege management, workflow, diagnostics, etc. Its not just about plumbing; its about user conceptual models Other consistencies are also desirable: metadata tagging, searching, etc.

21 The rise of the collaboration layer An over-abundance of tools that, with careful integration, provide rich and growing collaboration capabilities No uber-app – too restrictive of invention and community Collaboration across virtual organizations, social networks, P2P Asynchronous – wikis, flickr, del.icio.us, webdav, etc. Synchronous - IM, IP audioconferencing, IP videoconferencing, etc All need some plumbing - identity management and access controls…

22 The rise of the collaboration layer plumbing Middleware enabling lots of collaboration applications – common management of identity, access controls, permissions, etc Asynch Fine-grain wikis Identity based – spaces.internet2.edu Attribute-based wikis – “members of the community” discussions Web-accessed shared file stores Collaboratively visible calendaring Real time tools Federated IM – use your local login for external IM use An IM channel for a VO embedded in a campus portal Integrate privacy and authority management into tools

23  Leading, in a new IT environment The new frontier challenges for IT leaders Some trusty old saws A few potentially useful new saws

24 Challenges for IT Leaders - I Providing consistent user experiences The appearance of the collaboration layer User-centric SOA The policies of the collaboration layer The politics of presence The complex nature of privacy

25 Consistent dimensions of user experience User-centric SOA: take common activities out of individual applications; maintain a core set of IdM services for use across applications Identity and Privacy Management, including trust and reputation mechanisms Group and Privilege Management DRM on a wide variety of digital objects, with rich controls Metadata tagging Search on metadata Network layer management issues

26 The politics of presence Who owns the knowledge of your location – the appliance, the service provider, the enterprise, etc. How can the user manage their presence and who has access to it? The doctor in the theater use case Presence logs, legal systems, and other devils

27 The complex nature of privacy Shift from no one knows to “I control who knows” Most users want the defaults to work International deeply compounds Differing policies A US citizen using a Swiss IdP A roaming network user from Australia in the EU. Legal considerations and log files Paradigm clashes happen, e.g. federated identity meets federated search

28 Challenges for IT Leaders - II Normalizing the academy Internal role rationalization Mapping external roles to internal Responding to federation and collaboration Applying identity management up and down the stack To roaming network access, firewall configuration, log management, etc…

29 Normalizing the academy The only thing that scales, for the user and the institution, is role based access controls (with well-managed exception mechanisms) Not our history or culture No obvious leadership position at most institutions Harder still to map external entities to internal roles Growing urgency for more defined structure – workflow, compliance processes, privilege management, federated and virtual use cases What’s hard is not the access control policies, but assigning roles Old wines in new clear bottles make expose floating objects

30 Responding to federation and collaboration Federation policies may place requirements on campus processes and procedures Comes with sweet inducements For some subsets of the larger campus, better identity proofing, better acts of authentication Campus participation in national and international activities Who puts up the EU Article Privacy Directive and when? Brokering for collaboration and the attribute yentah Installing VO schema in enterprise services

31 Applying IdM Up and Down the Stack Using enterprise identity management To provide eduRoam services Trust based transparency and firewall management Scanning rules At the application layer What applications must use enterprise IdM What applications can not use enterprise IdM

32 Some Trusty Old Saws

33 Some trusty old saws Be conservative in the data you send, be liberal in the data you accept There is no problem in computer science that can not be solved with another level of indirection … except the problem of indirection complexity Expect the unexpected use Disruptive technologies usually change the economics There is a time for hierarchy, and a time for peering

34 A few other old saws Without end to end transparency, innovation is limited and generally twisted Duct tape inside software tends to hold forever The sooner you start, the longer it takes Try doing it with the engine running Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.

35 A few new saws

36 New saws Higher ed is fractal in structure Scaling is always an issue, and scaling changes things a lot. The first thing any good new technology does is show how bad the existing policies are Complexity is contagious Change only happens where people are experiencing pain

37 New saws It is often not about solving the problem; many problems have approaches at several layers of the extended stack. Solving the problem at the right level is the trick. The only numbers of importance in computing are 1, 2 and many - with its meta counting variant: 1, 2, Schema Any piece of software reflects the organizational structure that produced it

38 New saws The first thing one learns from an interoperability protocol is all the ways in which we can’t operationally interoperate. The intersection of privacy and collaboration is a tricky spot In theory, there is no difference between theory and practice; In practice, there is What ever it is that hits the fan will not be distributed evenly.

39 Willingness to lead… “ There is only the fight to recover what has been lost And found and lost again and again: and now, under conditions That seem unpropitious. But perhaps neither gain nor loss. For us, there is only the trying. The rest is not our business.” TS Eliot

40 Thanks…

Download ppt "Leading in a new IT environment: Old saws and new technologies."

Similar presentations

The Basics of Federated Identity. Overview of Federated Identity and Grids Workshop Session 1 - for all Basics and GridShib Session 2 – more for developers.

The Basics of Federated Identity. Overview of Federated Identity and Grids Workshop Session 1 - for all Basics and GridShib Session 2 – more for developers.
1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.

1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.
From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…

From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…
Standards Certification Education & Training Publishing Conferences & Exhibits Using Outbound IP Connections for Remote Access EXPO 2005 Chicago, IL.

Standards Certification Education & Training Publishing Conferences & Exhibits Using Outbound IP Connections for Remote Access EXPO 2005 Chicago, IL.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Internet2 and other US WMD Update. Topics Update on non-merger, Newnet (and the control plane), InCommon and other feds “Product” update – Shib, Grouper,

Internet2 and other US WMD Update. Topics Update on non-merger, Newnet (and the control plane), InCommon and other feds “Product” update – Shib, Grouper,
Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.

Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
Internet Scale Identity, Collaboration and Higher Education.

Internet Scale Identity, Collaboration and Higher Education.
The Co-mingled Universe of R&E Networking: the reprise Ken Klingenstein Director, Internet2 Middleware and Security Ken Klingenstein Director, Internet2.

The Co-mingled Universe of R&E Networking: the reprise Ken Klingenstein Director, Internet2 Middleware and Security Ken Klingenstein Director, Internet2.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Welcome Acknowledgments and thanks Security Acronymny: then and now What’s working What’s proving hard.

Welcome Acknowledgments and thanks Security Acronymny: then and now What’s working What’s proving hard.
Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.

Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Understanding Active Directory

Understanding Active Directory
New CyberInfrastructure for Collaboration between Higher Ed and NIH.

New CyberInfrastructure for Collaboration between Higher Ed and NIH.
A Robust Health Data Infrastructure P. Jon White, MD Director, Health IT Agency for Healthcare Research and Quality 2014-06-10.

A Robust Health Data Infrastructure P. Jon White, MD Director, Health IT Agency for Healthcare Research and Quality
(ITI310) SESSIONS 9-10-11-12: Active Directory By Eng. BASSEM ALSAID.

(ITI310) SESSIONS : Active Directory By Eng. BASSEM ALSAID.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
Intro to Identity for Developers Tom Barton, U Chicago Scott Cantor, Ohio State Patrick Michaud, U Washington.

Intro to Identity for Developers Tom Barton, U Chicago Scott Cantor, Ohio State Patrick Michaud, U Washington.

Similar presentations

Ads by Google