Middleware Planning and Deployment 101: Setting the Stage

Slides:



Advertisements
Similar presentations
Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
Advertisements

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Copyright Ann West This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.
Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.
Understanding Active Directory
Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
The Business of Identity Management Barry R. Ribbeck Director Systems Architecture & Infrastructure Rice University
Middleware Business Case and Stakeholders: The why and who of enterprise. Mark Crase, Ed.D. Sr. Director, Technology Infrastructure Initiatives The California.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
VETERANS BENEFITS ADMINISTRATION June 10, 2014 eBenefits and Stakeholder Enterprise Portal Training NACVSO Conference 2014.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.
1 EDUCAUSE Midwest Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit Mark.
Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,
Management Primer on Middleware Louise Miller-Finn, Johns Hopkins University Renee Woodten Frost, Internet2 & University of Michigan.
Information Technology AT A GLANCE ― Faculty Need Help? IT HelpDesk—x8888 website—
Middleware Planning and Deployment 201: Implementation Roadmap Keith Hazelton, University of Wisconsin/Internet2 Renee Woodten Frost, Internet2/University.
EDUCAUSE Midwest Regional March 24, 2003 Copyright Ann West This work is the intellectual property of the author. Permission is granted for this.
Middleware Planning and Deployment 101: Setting the Stage Keith Hazelton, University of Wisconsin-Madison/Internet2 Renee Woodten Frost, Internet2/University.
Middleware: Addressing the Top IT Issues on Campus Renee Woodten Frost Internet2 and University of Michigan CUMREC May 13, 2003.
U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.
UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
Internet2 Middleware Initiative. Discussion Outline  What is Middleware why is it important why is it hard  What are the major components of middleware.
Information Technology Current Work in System Architecture January 2004 Tom Board Director, NUIT Information Systems Architecture.
26 November 2015 Middleware Planning and Deployment 101: Setting the Stage Ann West EDUCAUSE/Internet2 27 October 2002 Ann West EDUCAUSE/Internet2 27 October.
MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Topics in Directories: Groups Dr. Tom Barton The University of Memphis.
Welcome to Base CAMP: Enterprise Directory Deployment Ken Klingenstein, Director, Internet2 Middleware Initiative Copyright Ken Klingenstein This.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
NSF Middleware Initiative Purpose To design, develop, deploy and support a set of reusable, expandable set of middleware functions and services that benefit.
Origins: The Requirements of Participating in Federations CAMP Shibboleth June 29, 2004 Barry Ribbeck & David Wasley.
NSF Middleware Initiative and Enterprise Middleware: What Can It Do for My Campus? Renee Woodten Frost Internet2/University of Michigan.
NSF Middleware Initiative and Enterprise Middleware: What Can It Do for My Campus? Mark Luker, EDUCAUSE Copyright Mark Luker, This work is the intellectual.
1 EDUCAUSE Mid-Atlantic Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Identity and Access Management
Quantum Leap Project Management
Stop Those Prying Eyes Getting to Your Data
ATF FACULTY MEMBER TRAINING ACADEMIC YEAR
Middleware: Addressing the Top IT Issues on Campus
Use case: Federated Identity for Education (Feide)
Subject Name: MANGEMENT INFORMATION SYSTEM Subject Code:10IS72
California State University CSUconnect Federation
Data and Applications Security Developments and Directions
John O’Keefe Director of Academic Technology & Network Services
InCommon Steward Program: Community Review
FACS College Forum December 6, 2017 onesource.uga.edu.
THE STEPS TO MANAGE THE GRID
South African Identity Federation
Middleware: Addressing the Top IT Issues on Campus
President’s Administrative Innovation Fund: Connecting IT Subject Matter Expertise CIO Council Update
ATF FACULTY MEMBER TRAINING ACADEMIC YEAR
CIO Council Update: HarvardKey
Dartmouth College Status Report
PASSHE InCommon & Federated Identity Workshop
October 20, 2004 CAMP: Delivering, Sourcing, and Securing Services Throughout the Student Identity Life Cycle Stage 1: Establishing a Relationship.
October 20, 2004 CAMP: Delivering, Sourcing, and Securing Services Throughout the Student Identity Life Cycle Stage 1: Establishing a Relationship.
INFORMATION TECHNOLOGY NEW USER ORIENTATION
Agenda Purpose for Project Goals & Objectives Project Process & Status Common Themes Outcomes & Deliverables Next steps.
Data, Policy, Stakeholders, and Governance
Introduction to SOA Part II: SOA in the enterprise
WORKSHOP Establish a Communication and Training Plan
Presentation transcript:

Middleware Planning and Deployment 101: Setting the Stage Keith Hazelton, University of Wisconsin-Madison/Internet2 Renee Woodten Frost, Internet2/University of Michigan

Middleware Planning and Deployment 101 2 Agenda Introductions Middleware: What and Why? Concepts and Architectures Discussion Break Building a Business Case Research and Resources March 24, 2003 Middleware Planning and Deployment 101 2

Middleware Planning and Deployment 101 3 MW 101 Outcomes Understand what middleware is Recognize the value of a common middleware architecture Begin planning for your own business case Review Outcomes slides – tweaked those March 24, 2003 Middleware Planning and Deployment 101 3

Middleware Planning and Deployment 101 4 Middleware in Action March 24, 2003 Middleware Planning and Deployment 101 4

Middleware Planning and Deployment 101 5 Dr. Alice Agnew has just been hired to Chair the Dept. of Physiology and is very anxious to get access to campus IT resources such as e-mail, calendar, web services and the mainframe and cannot wait for the requisite 3-5 business days it takes to get the accounts setup. Since IT already knows of her through the HR system, she can use a self-service interface to accomplish this goal. And because her new institution has her new credentials, she does not need to give her research consortium new credentials. March 24, 2003 Middleware Planning and Deployment 101 5

Middleware Planning and Deployment 101 6 Dr. Alice Agnew Self-registration Minimal time delay for enabling services Administrative data flows to research applications Administrative and security services integration Privacy trust Inter-organizational impact University vouches for and acts on behalf of Alice March 24, 2003 Middleware Planning and Deployment 101 6

Middleware Planning and Deployment 101 7 Mary has been reported to the Dean of Students for plagiarism. Through the campus portal, the Dean with authorization, accesses the Student Information System, where he searches for Mary’s record. He places an electronic “hold” on it and sends an e-mail to Mary requesting her presence at a preliminary discipline hearing. Minutes later, Mary cannot check out library books, enter restricted labs, use the student health facilities, or access her computer files. After reviewing Mary’s case, the Dean finds the accusation in error and removes the “hold,” restoring Mary’s access within minutes. March 24, 2003 Middleware Planning and Deployment 101 7

Middleware Planning and Deployment 101 8 Mary Decision maker performs action Integration of services Increased security Status change affects service offerings Short-time to disable and enable services Suite of services Suite of student services tied together March 24, 2003 Middleware Planning and Deployment 101 8

Middleware Planning and Deployment 101 9 Sam is taking a class in genetics at Alpha U and needs to do some research for a paper. At lunch, he goes online to access a restricted EBSCO database AU shares with Beta U. A window pops up in the browser asking if it’s okay for AU to give EBSCO information about his status --- only students from subscribing institutions can access the database. He clicks ok, knowing that only his status is passed, not his name or contact information. The browser then loads the restricted website. March 24, 2003 Middleware Planning and Deployment 101 9

Middleware Planning and Deployment 101 10 Sam Privacy trust Sam controls personal information flow Administrative and security services integration Inter-campus access University vouches for and acts on behalf of Sam Trust – indiv and institutional March 24, 2003 Middleware Planning and Deployment 101 10

What is IT being asked to do? One stop for university services (portal) integrated with course management systems Email-for-life Automatic creation and deletion of computer accounts Submission and/or maintenance of information online Privacy protection March 24, 2003 Middleware Planning and Deployment 101 11

Middleware Planning and Deployment 101 12 More on the “to do” list Multi-campus scanning electron microscopes Integrated voicemail, email, and faxmail for Advancement staff Secure PDA and wireless support All-campus email announcements (spam) Expensive library databases shared with other schools by joint agreement Browser or desktop preferences follow you March 24, 2003 Middleware Planning and Deployment 101 12

What questions are common to these scenarios? Are the people using these services who they claim to be? Are they a member of our campus community? Have they been given permission? Is their privacy being protected? What is the answer…? March 24, 2003 Middleware Planning and Deployment 101 13

Enterprise Middleware Definitions March 24, 2003 Middleware Planning and Deployment 101 14

Middleware Planning and Deployment 101 15 Specialized networked services that are shared by applications and users A set of core software components that permit scaling of applications and networks Tools that take complexity out of application integration A second layer of the IT infrastructure, sitting above the network A land where technology meets policy The intersection of what networks designers and applications developers each do not want to do March 24, 2003 Middleware Planning and Deployment 101 15

Middleware Planning and Deployment 101 16 Map of Middleware Land March 24, 2003 Middleware Planning and Deployment 101 16

Middleware Planning and Deployment 101 17 What is middleware? Suite of campus-wide security, access, and information services Integrates data sources and manages information about people and their contact locations Establishes electronic identity of users Uses administrative data to assign affiliation and gives permission to use services based on that role March 24, 2003 Middleware Planning and Deployment 101 17

Definitions: Identifiers Identifiers– your electronic identification Multiple names and corresponding information in multiple places Single unique identifier for each authorized user Names and information in other systems can be cross-linked to it Admin systems, library systems, building systems HR, SS, department alumni, stud org., athletic, housing, Legal name – sign your name Bio Betty letting certain information about her sent to U of Beta March 24, 2003 Middleware Planning and Deployment 101 18

Definitions: Authentication Authentication – maps the physical you to an electronic identifier Password authentication most common Security need should drive authentication method Distance learning and inter-campus applications Dean of Students – how did we map him to his electronic name in the first place? How did he prove it? 2 methods of id or did he call up on the phone Bio Betty – Alph U vouched for her; Univ of Bta is taking this for granted; what if they find out that Bio Betty didn’t prove her identity to the school and was given an id and was really Tara the terrorist…? March 24, 2003 Middleware Planning and Deployment 101 19

Definitions: Authorization Authorization services – allowing you access to data and services Affiliated with the school (role) Permitted to use the services based on that role Dean – turn access on and off for offenders Mary – suite of service that were turned off (student) Troubled todd – delegated his authorization to access his information to his assistant. Did want to do it all the time, just in an emergency. March 24, 2003 Middleware Planning and Deployment 101 20

Definitions: Enterprise Directory Services Enterprise Directory services - where your electronic identifiers are reconciled and basic characteristics are kept Very quick lookup function Machine address, voice mail box, email box location, address, campus identifiers Basically a storage spot that can thumb through and look up info for you really quickly Biler bill – keeps location of preference information March 24, 2003 Middleware Planning and Deployment 101 21

Underlying Concepts & Architecture In the next series of slides we’ll discuss several concepts underlying an approach to enabling the vignettes. We’ll then develop several examples to illustrate their use in a simplified IT architecture, and finally return to the vignettes to see how they are enabled by the concepts and architecture.

Middleware Planning and Deployment 101 23 What IT needs to do Determine who you are Determine what resources you can use March 24, 2003 Middleware Planning and Deployment 101 23

Middleware Planning and Deployment 101 24 What IT needs to do Possible ways it might do that Ask you to login and look up info in its own database. Ask you to login in and look up info in a common database. Trust some other source to assert needed info (and other source might ask you to login). Examples Videoconference: current network address Video for course: enrolled in the course Email or calendar: University username Library resource: current member of the set of licensees Login might not be requested in a single signon system if a valid SSO identity credential is provided by the client. March 24, 2003 Middleware Planning and Deployment 101 24

Pause for some terminology Identity: set of attributes. Attributes: specific information stored about you. Authentication: process used to prove your identity. Often a login process. Authorization: process of determining if policy permits an intended action to proceed. Customization: presentation of user interface (UI) tailored to user’s identity. March 24, 2003 Middleware Planning and Deployment 101 25

Three service architectures: #1 Stovepipe (or Silo) Service performs its own authentication. Consults own database for authorization and customization attributes. service authN attrs March 24, 2003 Middleware Planning and Deployment 101 26

#1 Stovepipe (or Silo) Architecture Characteristics Stovepipes authentication and attribute services are run by separate offices. Environment is more challenging to users, who may need to contact each office to arrange for service. No automated life cycle management of resources. Per-service identifiers and security practices make it more difficult to achieve a given level of security across the enterprise. March 24, 2003 Middleware Planning and Deployment 101 27

Three service architectures: #2 Integrated Service refers authentication to and obtains attributes for authorization and customization from enterprise infrastructure services. authentication service service1 service2 attribute service An Organization March 24, 2003 Middleware Planning and Deployment 101 28

#2 Integrated Architecture Characteristics Enterprise authentication and attribute services are run by a central office. All attributes known by the organization about a member can be integrated and made available to services. Automated life cycle resource management is possible across the enterprise. Common identifiers across integrated services make an easier and more secure user environment. March 24, 2003 Middleware Planning and Deployment 101 29

Three service architectures: #3 Federated Service refers authentication to and obtains attributes for authorization and customization from possibly external infrastructure services. authentication service service attribute service Organization 1 Organization 2 March 24, 2003 Middleware Planning and Deployment 101 30

#3 Federated Architecture Characteristics Federated authentication and attribute services rely on participating organization’s enterprise services. Inter-organizational applications such as Grids and digital-library content provision are integrated with and facilitated by enterprise services. March 24, 2003 Middleware Planning and Deployment 101 31

Middleware Initiative Objective Help prepare campuses to implement core middleware for an integrated and ultimately a federated architecture. authentication service service1 service2 attribute service An Organization March 24, 2003 Middleware Planning and Deployment 101 32

Core middleware for an integrated architecture March 24, 2003 Middleware Planning and Deployment 101 33

Middleware Planning and Deployment 101 34 Vignettes Revisited Engage audience to suggest what the vignettes portray. March 24, 2003 Middleware Planning and Deployment 101 34

Middleware Planning and Deployment 101 35 Vignette analysis Set of vignettes portray: Seamlessness of transitions between services Independence of location of service or user Suites of services designed to support activities of different constituencies Absence of need to make prior arrangement for resources required to enable services Services rendered in airport waiting areas remotely March 24, 2003 Middleware Planning and Deployment 101 35

Middleware Planning and Deployment 101 36 Provisioning Vignette: Dr. Alice Agnew begins as department chair<to model> authN Metadirectory HRS attrs Acct Init Service March 24, 2003 Middleware Planning and Deployment 101 36

Middleware Planning and Deployment 101 37 Integrated Services Vignette: Mary accused of plagiarism<to model> Mailbox Lib Proxy authN Files attrs Building access Health Facilities March 24, 2003 Middleware Planning and Deployment 101 37

Middleware Planning and Deployment 101 38 Federated/Restricted Resources Vignette: Sam using remote, online database <to architectures> Content Provider Database1 Federation  University Database 2  University March 24, 2003 Middleware Planning and Deployment 101 38

Middleware Planning and Deployment 101 39 Refreshment Break March 24, 2003 Middleware Planning and Deployment 101 39

Building the Business Case

Business Case Components By definition, middleware cannot be effective unless it maps closely to an institution’s business policies and practices. In this context, a strong business case will… Outline the Institution-specific Drivers Articulate the Opportunities & Challenges Define the Benefits Enumerate the Costs March 24, 2003 Middleware Planning and Deployment 101 41

Middleware Planning and Deployment 101 42 Groups to Consider Business case audience Select stakeholders and possible champions Stakeholders Executive Leadership Business and Finance VPs HR Directors and Registrars CIOs IT staff Program Directors and Data Stewards Auditors and Risk Managers Faculty Staff Students March 24, 2003 Middleware Planning and Deployment 101 42

Institution-specific Drivers Internal Drivers Specific application(s) Financial User expectations External Drivers Federal/state legislation E-enterprise functions Inter-institutional collaboration March 24, 2003 Middleware Planning and Deployment 101 43

Middleware Planning and Deployment 101 44 Opportunities Legislative pressure to reduce paperwork, secure information, and deploy electronic services (grants, financial aid, HIPAA, etc.) Interdisciplinary and inter-institutional research and collaboration Changing needs of teaching and learning User expectations of access to technology Budgetary pressures March 24, 2003 Middleware Planning and Deployment 101 44

Benefits to the Institution Economies for central IT - reduced account management, tighter network security… Economies for distributed IT - reduced administration, access to better information, easier integration of depart. applications... Improved services for students and faculty - access to scholarly information, control of personal data, reduced legal exposures... Participation in future shared environments - Grids, videoconferencing, digital libraries, etc. Participation in new collaborative initiatives - Shibboleth, Inter-institutional resource sharing… March 24, 2003 Middleware Planning and Deployment 101 45

Benefits: Specifically . . Achieves Economies for Central and Distributed IT organizations Access to primary user identity sources such as HR, Payroll, SIS, and secondary sources such as library, parking, alumni assoc., etc. can be more effectively managed by fewer people saving time and money Access to any one of these services can be enabled or disabled more readily Access to a range of services can be accomplished more quickly and in a more coordinated manner Deployment time for new applications is reduced March 24, 2003 Middleware Planning and Deployment 101 46

Benefits: Specifically . . Enhanced Security A secure enterprise directory can: Be used to manage access to multiple apps/services (web, remote access, etc.) to the entire institutional community Facilitate differential access to wireless ports, restricted content, restricted listservs, etc. Allow identity management to be administered by fewer staff Simplified Network and on-line service access A common middleware infrastructure can enable single sign-on access to a larger range of customized and personalized services March 24, 2003 Middleware Planning and Deployment 101 47

Middleware Planning and Deployment 101 48 Challenges Investing the time and effort for planning, review and negotiation Surviving the politics of reviewing/revising data stewardship policies and procedures Resource reallocation – People and $$! Covering up-front costs Finding $$ to build/maintain data feeds from authoritative data sources to central directory Potential legal risk WRT publishing personal data in white pages March 24, 2003 Middleware Planning and Deployment 101 48

Expected Costs to the Institution Modest increases in capital equipment and staffing requirements for central IT Considerable time and effort to conduct campus wide planning and vetting processes One-time costs to retrofit some applications to new central infrastructure One-time costs to build feeds from legacy source systems to central directory services The political wounds from the reduction of duchies in data and policies March 24, 2003 Middleware Planning and Deployment 101 49

Enterprise Directory Costs Phase 1: Building the Enterprise Directory Hire new staff vs. Repurpose current staff New equipment/software vs. Use of existing resources Phase 2: Deploying Applications Application dependent, but ROI is high considering: Cost Savings Lost Productivity Increased Opportunity Increased Security March 24, 2003 Middleware Planning and Deployment 101 50

Middleware Planning and Deployment 101 51 Where are you in your business case process? March 24, 2003 Middleware Planning and Deployment 101 51

Research and Resources

Middleware Planning and Deployment 101 53 Research Community Expert, diverse leadership and collaborators Broad participation and review MACE and related working groups NSF catalytic grants Early Adopters Higher Education Partners campuses, CNI, CREN, GRIDS, NACUBO, NACUA… Government Partners NSF, NIH, NIST, fPKI TWG… Corporate Partners Liberty Alliance, IBM, Sun, WebCt, Radvision, … International communities Standards bodies IETF, ITU, OASIS March 24, 2003 Middleware Planning and Deployment 101 53

NSF Middleware Initiative NSF award for middleware integrators to GRIDS Center Globus (NCSA, UCSD, University of Chicago, USC/ ISI, and University of Wisconsin) NMI-EDIT Consortium Internet2, EDUCAUSE, and SURA Separate awards to academic pure research components Build on the successes of the Globus project and Internet2/MACE initiative Multi-year effort A practical (deployment) activity that necessitates some research Releases occur every six months, roughly May and October March 24, 2003 Middleware Planning and Deployment 101 54

Research Working Groups/Projects Directories Group Utilities Directory Management Utilities Practice Papers and Implementation Roadmap Directory Schema Shibbolet: Inter-institution web access PKI: HEPKI-TAG & PAG, S/MIME, PKI Labs Middleware for Video – VC, Video on Demand Medical Middleware March 24, 2003 Middleware Planning and Deployment 101 55

Enterprise Middleware Resources Available NMI-EDIT Release Components Software Directory Object Classes Conventions and Practices Recommended Practices White Papers Policies Services March 24, 2003 Middleware Planning and Deployment 101 56

Enterprise Middleware Educational Opportunities Workshops Pre-conference Seminars at EDUCAUSE Regional Meetings (Like this one) Campus Architectural Middleware Planning Workshops CAMP – June 4-6, 2003 Management and Technical staff Campuses beginning implementations Advanced CAMP– July 9-11, 2003 Highly technical Research topics Campuses with mature directory and authentication infrastructures March 24, 2003 Middleware Planning and Deployment 101 57

On-line Resources Available Introductory Documents Sample Middleware Business Case and corresponding Writer’s Guide Identifiers, Authentication, and Directories: Best Practices for Higher Education Identifier Mapping Template and Campus Examples See resource list March 24, 2003 Middleware Planning and Deployment 101 58

Websites and Discussion Lists http://middleware.internet2.edu http://www.nmi-edit.org Look for the Enterprise Implementation Directory Roadmap Coming in April! Middleware information and discussion lists http://mw-announce@internet2.edu http://mw-discuss@internet2.edu NMI lists (see websites) EDUCAUSE Constituency Group on Middleware Coming Soon! March 24, 2003 Middleware Planning and Deployment 101 59

Middleware Planning and Deployment 101 60 Contacts Keith Hazelton University of Wisconsin-Madison/Internet2 hazelton@doit.wisc.edu Renee Woodten Frost Internet2/University of Michigan rwfrost@internet2.edu March 24, 2003 Middleware Planning and Deployment 101 60

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.