Presentation is loading. Please wait.

Presentation is loading. Please wait.

Middleware, Ten Years In: Vapority into Reality into Virtuality Dr. Ken Klingenstein, Senior Director, Middleware and Security, Internet2 Technologist,

Published byDoreen Maxwell Modified over 8 years ago

Similar presentations

Presentation on theme: "Middleware, Ten Years In: Vapority into Reality into Virtuality Dr. Ken Klingenstein, Senior Director, Middleware and Security, Internet2 Technologist,"— Presentation transcript:

1 Middleware, Ten Years In: Vapority into Reality into Virtuality Dr. Ken Klingenstein, Senior Director, Middleware and Security, Internet2 Technologist, University of Colorado at Boulder

2 kjk@internet2.edu Topics Middleware, Ten Years In From Vapor to Reality Some of the successes Some of the failures Middleware, Ten Years Forward From Reality to Virtuality Organizations Resources Communities From Virtuality back to Reality

3 kjk@internet2.edu Before there was middleware apps

4 kjk@internet2.edu First Vapors When end-user PKI was months away… When the big application houses didn’t care about middleware We knew it was something about authentication and authorization We couldn’t agree about much – payloads or protocols or spelling

5 kjk@internet2.edu In the beginning Directories Authentication apps

6 kjk@internet2.edu Dealing with the apps Directories Authentication apps

7 kjk@internet2.edu Filling out the portfolio Directories Authentication Groups Privileges Authorization

8 kjk@internet2.edu Federation Authentication Directories Authentication Directories Federation

9 kjk@internet2.edu COmanage Authentication Directories Authentication Directories Federation

10 kjk@internet2.edu Vapors become Reality When end-user PKI was months away… When the big application houses care so much they have to own it Middleware as the new lock-in point Federation as identity infrastructure and attributes as the payloads IdM not a local industry anymore

11 kjk@internet2.edu Some of the successes Building a fundamental new layer of Internet infrastructure Engaging a broad and growing international group of expertise Crafting a larger world that works for the R&E needs Proving that security and privacy can work together

12 kjk@internet2.edu More successes Focusing on the schema early on Coming together around SAML, and getting the rest of the world to come along… Working towards scaling (rough consensus and running code) Seeing parts of other worlds

13 kjk@internet2.edu Some of the failures The directory of directories… End-to-end end-user PKI Establish resources to support the infrastructure Diagnostics The rest of the middleware stack

14 kjk@internet2.edu Middleware, Ten Years Forward Working on Attributes and Federation Growing our federations Interfederation and Soup The Attribute Ecosystem Learning the Tao of Attributes Building and Managing the Virtual Integration, Integration, Integration

15 kjk@internet2.edu Growing our Federations Deciding on the services Core services – identity/attributes for access controls Value added services – content aggregation, roaming, PKI and SSL services, collaboration platforms, Silver Finding the business models Finding the governance structures Making a marketplace

16 kjk@internet2.edu Interfederation and Soup Interfederation essential to scale Across vertical sectors Internationally To the consumer marketplace Confederation and Overlays will also exist Soup Institutional groups that cut across segments – geography, shared business purpose, etc Mix of special purpose and infrastructure federations tangled

17 kjk@internet2.edu Attribute ecosystem use cases… Obtaining student consent for information release FEMA needing first responders attributes and qualifications dynamically High-confidence attributes Access-ability use cases AAMC step-up authentication possibilities Public input processes Grid relying parties aggregating VO and campus The “IEEE” problem The “over legal age” and the difference in legal ages use cases Self-asserted attributes – friend, interests, preferences, etc

18 kjk@internet2.edu Attribute Ecosystem Key Issues Attribute Aggregation Attribute Metadata Sources of authority and delegation Schema management, mapping, etc User interface Privacy and legal issues

19 kjk@internet2.edu Attribute aggregation Gathering attributes from multiple sources From IdP or several IdP From other sources of authority From intermediaries such as portals Static and dynamic acquisition Many linking strategies Will require a variety of standardized mechanisms – Bulk feeds, user activated links, triggers

20 kjk@internet2.edu Attribute metadata Federated attributes need common meaning Representation of meaning At a system level At a user level LOA associated with the value assigned “Code+data equals programs” LOA itself faces “re-interpretations” Separation of components of LOA Use of “step-up” authentication

21 kjk@internet2.edu Sources of authority Who gets to assign semantics (and syntax) to an area? How can they delegate assignment of value? What needs to be retained for audit/diagnostic

22 kjk@internet2.edu Schema management, mappings Registries for schema Role of national level schema How to avoid mappings How to handle mappings

23 kjk@internet2.edu User Interface “It’s the attributes, urn:mace:incommon:entitlement:clue:zero”, deprecated… Needs include translation of oid to english, to inform of the consequences of release decision, recording consent and getting the defaults right so that this is seldom used Metaphors such as Infocard are useful, but will need extensions and utiization

24 kjk@internet2.edu Privacy management Two approaches emerging uApprove http://www.switch.ch/aai/support/tools/uApprove.ht mlhttp://www.switch.ch/aai/support/tools/uApprove.ht ml InfoCard/Higgins Who sets attribute release policies? Who overrides the settings? What logs are kept?

25 kjk@internet2.edu

26 GSA Workshop: 属性之道 The Tao of Attributes Begin exploring the attribute issues Using federal use cases, including Citizenship, voting residency Access-abilities First responder capabilities PI-person Motivate the larger requirements, drive privacy policies Explore rich query languages, etc. All-star cast at the end of September at NIH

27 kjk@internet2.edu Virtuality Virtual Communities Virtual Machine Appliances Virtual Services Internet protocols with trust and identity

28 kjk@internet2.edu Virtual Communities A virtual enterprise that wants to play real well with real enterprises. Needs coordinated identity management for collaboration and domain tools

29 kjk@internet2.edu Virtual Machine Appliances Allows clueless groups and other VO’s to handle collaborations Brilliant way to handle peak load requirements Vexing issues of application updates, coordination of configuration among apps, etc. Must fit fully in the attribute ecosystem and reshape themselves on need

30 kjk@internet2.edu Virtual Services Clouds as low-start-up, largely scalable cyber infrastructure Cycles, storage, collaboration Fits into the domestication paradigm Clouds as legally tangled, non-standard,confusion Location and ownership of data Ability to adapt to new protocols Proprietary cloud internals

31 kjk@internet2.edu Integration, Integration and Integration Of types of Internet identity Of identity with protocols Domestication of applications

32 kjk@internet2.edu Internet identity Federated identity Enterprise centric, exponentially growing, privacy preserving, rich attribute mechanisms Requires lawyers, infrastructure, etc User centric identity P2P, rapidly growing, light-weight Marketplace is fractured; products are getting heavier to deal with privacy, attributes, etc. Unifying layers emerging – Cardspace, Higgins, OAuth

33 kjk@internet2.edu Integration Different forms of Internet identity will exist, serving different purposes, arising from different constituencies The trick is the intelligent integration of the technologies, at user and application level Cross-overs are happening Shib and Openid SAML and high assurance PKI – holder of key Infocard/Higgins as an overarching user experience Federation and portal integration

34 kjk@internet2.edu Integration of identity and protocols Trust, Identity and the Internet - ISOC initiative to introduce trust and identity-leveraged capabilities to many RFC’s and protocols Acknowledges the assumptions of the original protocols about the fine nature of our friends on the Internet and the subsequent realities http://www.isoc.org/isoc/mission/initiative/trust.shtml First target area is DKIM; subsequent targets include federated calendaring and sharing, firewall traversal

35 kjk@internet2.edu Domestication of Applications Identity, groups, roles, privileges What else to integrate? At what layers to specify the integration? How to integrate across the layered domestication specifications How much domestication is too much?

36 kjk@internet2.edu Virtuality back into Reality Our use cases continue to lead the corporate sector Our needs are more urgent than they are different Our students become the new consumers The shared vision is more powerful than the individuals who share it

37 kjk@internet2.edu We’ve Lost Some Along the Way…

38 kjk@internet2.edu We’ve Picked Up Some New Ones…

39 kjk@internet2.edu Final Thoughts Important, if somewhat invisible, work has been done There are significant opportunities ahead Its been a ride

Download ppt "Middleware, Ten Years In: Vapority into Reality into Virtuality Dr. Ken Klingenstein, Senior Director, Middleware and Security, Internet2 Technologist,"

Similar presentations

The Basics of Federated Identity. Overview of Federated Identity and Grids Workshop Session 1 - for all Basics and GridShib Session 2 – more for developers.

The Basics of Federated Identity. Overview of Federated Identity and Grids Workshop Session 1 - for all Basics and GridShib Session 2 – more for developers.
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
TF-EMC2 – Internet2 update Dr. Ken Klingenstein, Senior Director, Middleware and Security, Internet2 Technologist, University of Colorado at Boulder.

TF-EMC2 – Internet2 update Dr. Ken Klingenstein, Senior Director, Middleware and Security, Internet2 Technologist, University of Colorado at Boulder.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.

Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.
Internet Scale Identity, Collaboration and Higher Education.

Internet Scale Identity, Collaboration and Higher Education.
Fed-Ed Dec 08: Updates on Federations Dr. Ken Klingenstein, Senior Director, Middleware and Security, Internet2 Technologist, University of Colorado at.

Fed-Ed Dec 08: Updates on Federations Dr. Ken Klingenstein, Senior Director, Middleware and Security, Internet2 Technologist, University of Colorado at.
Leading in a new IT environment: Old saws and new technologies.

Leading in a new IT environment: Old saws and new technologies.
The Co-mingled Universe of R&E Networking: the reprise Ken Klingenstein Director, Internet2 Middleware and Security Ken Klingenstein Director, Internet2.

The Co-mingled Universe of R&E Networking: the reprise Ken Klingenstein Director, Internet2 Middleware and Security Ken Klingenstein Director, Internet2.
Welcome Acknowledgments and thanks Security Acronymny: then and now What’s working What’s proving hard.

Welcome Acknowledgments and thanks Security Acronymny: then and now What’s working What’s proving hard.
Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.

Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.
A Robust Health Data Infrastructure P. Jon White, MD Director, Health IT Agency for Healthcare Research and Quality 2014-06-10.

A Robust Health Data Infrastructure P. Jon White, MD Director, Health IT Agency for Healthcare Research and Quality
Intro to Identity for Developers Tom Barton, U Chicago Scott Cantor, Ohio State Patrick Michaud, U Washington.

Intro to Identity for Developers Tom Barton, U Chicago Scott Cantor, Ohio State Patrick Michaud, U Washington.
Shib in the present and the future Ken Klingenstein Director, Internet2 Middleware and Security.

Shib in the present and the future Ken Klingenstein Director, Internet2 Middleware and Security.
Accelerating Events in Internet Identity and Privacy Dr. Ken Klingenstein, Senior Director, Middleware and Security, Internet2 Technologist, University.

Accelerating Events in Internet Identity and Privacy Dr. Ken Klingenstein, Senior Director, Middleware and Security, Internet2 Technologist, University.
Updates on Internet Identity. Topics Consumer marketplace update The big consumer players – OIX - and the other big consumer players.

Updates on Internet Identity. Topics Consumer marketplace update The big consumer players – OIX - and the other big consumer players.
BfB: Supporting Collaboration with Infrastructure.

BfB: Supporting Collaboration with Infrastructure.
Www.egi.eu EGI-Engage www.egi.eu EGI-Engage Engaging the EGI Community towards an Open Science Commons Project Overview 9/14/2015 EGI-Engage: a project.

EGI-Engage EGI-Engage Engaging the EGI Community towards an Open Science Commons Project Overview 9/14/2015 EGI-Engage: a project.
External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.

External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.
Digital Object Architecture

Digital Object Architecture

Similar presentations

Ads by Google