NMI at Work: Case Studies from the NSF Middleware Initiative David Bantz, University of Alaska System Mark Crase, California State University Miguel Soldi,

Slides:



Advertisements
Similar presentations
PERSEUS : Portal-enabled Resources via Shibbolized End-user Security 16 May 2005JISC Core Middleware Programme Meeting, Loughborough 1 PERSEUS Project.
Advertisements

How Identity and Access Management Can Help Your Institution Touch Its Toes Renee Woodten Frost Internet2 and University of Michigan Kevin Morooney The.
The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
1 Collaborators at the Gates of Troy: Extending eServices at USC.
Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.
Information Resources and Communications University of California, Office of the President Information Technology Services The California State University.
Technical Review Group (TRG)Agenda 27/04/06 TRG Remit Membership Operation ICT Strategy ICT Roadmap.
An Identity Management Vision for California Education A. Michael Berman, Cal Poly Pomona Mark Crase, CSU Office of the Chancellor Copyright A. Michael.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
Your Logo Here An Administrative Framework for the Blackboard Academic Suite Presented By Chris J Jones University of Oklahoma HSC April 13, 2005.
Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
The Identity Management Collaborative: A SIMI Pilot Project Cal Poly San Luis Obispo California State University Stanislaus The Office of the Chancellor.
July 12, 2005 CSU SIMI Workshop - Melding Policy and Technology to Manage Identity1 Provisioning Services Collaborative CSU, East Bay and CSU, San Bernardino.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Copyright Statement © Jason Rhode and Carol Scheidenhelm This work is the intellectual property of the authors. Permission is granted for this material.
The Business of Identity Management Barry R. Ribbeck Director Systems Architecture & Infrastructure Rice University
Sharing MU's SharePoint Experience 2005 Midwest Regional Conference Innovative Use of Technology: Getting IT Done Wednesday, March 23, 2005.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.
NMI-EDIT Outreach: The first five years. Topics for Today  NMI-EDIT background  Activities  Outcomes  Resources.
Roles and Responsibilities
A case study of Shibboleth deployment within the U.T. System June 26, 2006 Paul Caskey University of Texas System Copyright Paul Caskey 2006 Not Your Father’s.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.
Oracle Open World 2014 Integrating PeopleSoft for Seamless IT Service Delivery: Tips from UCF 1 Robert Yanckello, Chief Technology Officer University of.
U.S. Department of Agriculture eGovernment Program August 14, 2003 eAuthentication Agency Application Pre-Design Meeting eGovernment Program.
Australian Access Federation and other Middleware Initiatives Presented at TF-EMC2, Prague 4 Sep 2007 Patty McMillan, The University of Queensland.
SUNY System Administration Federation Overview Gavin Hogan July 15th, 2009 A work in progress….
Middleware: Addressing the Top IT Issues on Campus Renee Woodten Frost Internet2 and University of Michigan CUMREC May 13, 2003.
2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.
Top Issues Facing Information Technology at UAB Sheila M. Sanders UAB Vice President Information Technology February 8, 2007.
UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.
Capture the Movement: Banner 7.0 and Beyond Susan LaCour, Senior Vice President, Solutions Development California Community Colleges Banner Group.
Internet2 Middleware Initiative. Discussion Outline  What is Middleware why is it important why is it hard  What are the major components of middleware.
FEDERATIONS Clair Goldsmith, Ph.D., Associate Vice Chancellor and CIO September 27,
The National Science Digital Library & Shibboleth.
MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.
GLOCO – Integrated Corporate Portal Part 3 – Implementation Plan Presented by Team 3 1 Team 3 Members: Joyce Torres Kenneth Kittredge Pamela Fisher Ruzhena.
GLOCO – Integrated Corporate Portal Part 3 – Implementation Plan Presented by Team 3 1 Team 3 Members: Joyce Torres Kenneth Kittredge Pamela Fisher Ruzhena.
Digital Diversity: Multi- institutional Access to Distributed Course Resources Barry Ribbeck UT HSC - Houston.
University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.
A Strategy for Moving from Commercial to an Open Source Environment Jeshua Pacifici, GEDI Assistant Director and Learning Systems Consultant.
Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck
A Word from the Sponsors NMI-EDIT comprises Internet2 and EDUCAUSE –NSF Middleware Initiative (NMI)-Enterprise and Desktop Integration Technologies Consortium.
Regional Cyberinfrastructure Planning Great Plains Network Greg Monaco, Ph.D. Director for Research and Cyberinfrastructure Initiatives
NMI-EDIT AND Small College Security & ID Management Issues Discussion John Bruggeman, Director of Information Systems, Hebrew Union College-Jewish Institute.
Welcome to Base CAMP: Enterprise Directory Deployment Ken Klingenstein, Director, Internet2 Middleware Initiative Copyright Ken Klingenstein This.
Federations: The New Infrastructure Speaker Name Here Date Here Speaker Name Here Date Here.
Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey.
What does it mean to be a RETA Instructor this project? Consortium for 21 st Century Learning C21CL
NSF Middleware Initiative and Enterprise Middleware: What Can It Do for My Campus? Renee Woodten Frost Internet2/University of Michigan.
Bringing it All Together: Charting Your Roadmap CAMP: Charting Your Authentication Roadmap February 8, 2007 Paul Caskey Copyright Paul Caskey This.
NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.
Middleware Deployment Issues: The Institutional Environment Mark Crase, California State University Office of the Chancellor Internet2 Middleware CAMP.
Welcome to CAMP Directory Workshop Ken Klingenstein, Internet2 and University of Colorado-Boulder.
CAMP Shibboleth: Next Steps Steve Carmody, Brown University Ann West, Educause/Internet2/Michigan Tech.
CAMP Wrap-up: Identity Management Resources from NMI-EDIT.
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
NSF Middleware Initiative and Enterprise Middleware: What Can It Do for My Campus? Mark Luker, EDUCAUSE Copyright Mark Luker, This work is the intellectual.
University of Texas System
California State University CSUconnect Federation
John O’Keefe Director of Academic Technology & Network Services
Regional Cyberinfrastructure Planning
ISG focusing on and dedicated for middleware technologies
Information Technology Organization Overview RFP #220-05
Presentation transcript:

NMI at Work: Case Studies from the NSF Middleware Initiative David Bantz, University of Alaska System Mark Crase, California State University Miguel Soldi, The University of Texas System Gordon Springer, University of Missouri, Columbia Ann West, EDUCAUSE/ Internet 2 David Bantz, University of Alaska System Mark Crase, California State University Miguel Soldi, The University of Texas System Gordon Springer, University of Missouri, Columbia Ann West, EDUCAUSE/ Internet 2

2 EDUCAUSE / Internet 2Introduction

3 NSF Middleware Initiative Create a national interoperable middleware infrastructure for education and research Analogous to building NSFNet Funded two Teams in 2001 Grids Center (Tie resources together) NMI-EDIT (Enable seamless and secure access)

4 NMI-EDIT: Identity and Access Management How do you create a national infrastructure? Solve a problem Create awareness Develop a path Address the gaps and challenges Offer education Provide a community

5 Life after Grants: Extending the Reach Addressing the deployment support challenge Explore bridge support-structure Encourage cohort partnerships Develop diverse models of support Assist a wider scope of schools Start with state systems and network service providers

6 Extending the Reach Funded in 2004 Enabling interoperable IdM deployments Exploring diverse business models, services, and products for Identity management training, consulting, and deployment Disseminating information to spur similar activities Informing NMI-EDIT outreach and technology-related products

7 Extending the Reach Awards California State University System Great Plains Network Consortium University of Alaska System University of Texas System

8 University of Alaska System Enterprise Directories

9 University of Alaska System Enterprise Directories Identified Business Needs (~2003): addressing Unique identifier(s) White pages Phonebooks Directory synchronization

10 University of Alaska System Enterprise Directories Institutional Constraints: UA System has single ERP (Banner) Universities expect autonomy Individuals have multiple affiliations

11 University of Alaska System Enterprise Directories Pragmatic Goals for Deployment of Directory: System: manage IDs for portal Universities: directory synchronization Campuses: automate phonebook production Individuals: end-user self-maintenance

12 University of Alaska System Enterprise Directories Project Methodology: per NMI: Enterprise Directory Implementation Roadmap Strategic core infrastructure in principle Application motivated deployment: white pages (online & printed) portal Stealth built & designed

13 University of Alaska System Enterprise Directories NMI Components Reference: Middleware architecture eduPerson, etc objects Enterprise Directory Implementation Roadmap Identifiers “Best Practices…” AuthN with browser cookies examples Federation & Shibboleth (longer-term)

14 California State University The Identity Management Collaborative: A CSU Identity & Access Management Pilot Project Cal Poly San Luis Obispo California State University Stanislaus The Office of the Chancellor

15 California State University The Identity Management Collaborative The Project Develop a middleware service-provider model whereby one campus supports another campus in designing, implementing and supporting an enterprise directory service. The Project Goals Provide robust Identity Management services by leveraging talent and other system resources Strengthen the operations at the provider campus Improve services at the client campus Provide test-bed to address issues related to the system-wide Identity & Access Management Project

16 California State University The Identity Management Collaborative Objectives: Office of the Chancellor Create an inter-campus service/support model Develop needs assessment tools to determine programmatic needs and resources required to meet them Develop service proposal templates Develop performance metrics Conduct performance assessments Document and disseminate lessons learned within the CSU and out to the greater education community

17 California State University The Identity Management Collaborative Drivers: Stanislaus Need for an Enterprise Directory and Authentication Services Integration of Single sign on for: Oracle Portal (for and Banner) Blackboard PeopleSoft HR 8.0 Lack of Campus Resources Due to Budget Cuts

18 California State University The Identity Management Collaborative Goals and Objectives: Stanislaus Authenticating all applications using the Enterprise Directory Applications considered are Help Desk, Imaging, One- Card, Active Directory in labs, Library Formalize procedures for adding applications Create a knowledge base for both the campus community and vendors re: authentication procedures Local hosting of the Directory in a couple of years Feasibility study to identify resources needed Identify migration strategies

19 California State University The Identity Management Collaborative Benefits: Stanislaus Collaboration Process Learning Process for our staff Sharing of best Practices Working Directory and Authentication Services with minimal effort Working knowledge of implementing an Enterprise Directory

20 California State University The Identity Management Collaborative Drivers: San Luis Obispo Value of collaboration Gain an outside perspective Enable knowledge transfer between teams Gain feedback regarding processes, software and tools Enable cross-campus collaboration not related to IdM (both campuses using Oracle Collaboration Suite) Service Improvement Opportunity to enhance infrastructure Opportunity to improve processes Opportunity to increase services & support Opportunity to achieve greater economies of scale

21 California State University The Identity Management Collaborative Goals and Objectives: San Luis Obispo Enhance Identity Management Infrastructure Upgrade software to newer versions Oracle Internet Directory 10g and CAS Implement LDAP replication Implement EduPerson/CalStateEduPerson directory schema Enhance documentation Technical and procedural Enhance cross-campus collaboration Facilitate sharing between campuses

22 California State University The Identity Management Collaborative Benefits: San Luis Obispo Improved campus buy-in regarding middleware CSU sanctioned initiative Other CSU’s moving forward Supports future interaction within CSU system Input from other middleware teams regarding Cal Poly’s implementation What would another team have done differently? Collaboration process What can we share? How can we share? What did we do right? What needs improvement? What did we miss?

23 California State University The Identity Management Collaborative Project Structure: Stanislaus Role: Client Identify service requirements Gain campus buy-in for a remote LDAP directory Identify applications to be supported Identify pilot group for training Communicate the advantages of a secure identity management system on Campus Documentation: Policy statements and agreements Creation of knowledge base of Frequently Asked Questions

24 California State University The Identity Management Collaborative Project Structure: San Luis Obispo Role: Service Provider Provide a Service Proposal Define Security and Reliability Metrics Transmission of directory information Storage of directory information Build and populate an enterprise LDAP-compliant directory Enable authentication services Provide remote support for enterprise directory and authentication services

25 California State University The Identity Management Collaborative Challenges and Lessons Learned: Challenges Campus and Staff buy-in Concept of remote directory services Security and reliable access Staff resources Resources for the project – Conflicts with local projects Synchronizing activities at two campuses is not trivial External forces are also at play Receiving help from a provider campus does not negate the need to do significant preparation at client campus

26 California State University The Identity Management Collaborative How NMI Helped: LDAP Recipe eduPerson Object Classification  calstateEduPerson Local Domain Object Class Survey Directory Implementation Roadmap All the meetings and conferences where we get to meet people and talk about this stuff

27 The University of Texas System Federated Version of Benefits Enrollment Application

28 The University of Texas System Federated Benefits Enrollment Application Background: The UT System Administration Office of Employee Group Insurance (EGI) manages the insurance benefits of all employees and retirees of the 16 UT System institutions. Every year, EGI allows all employees and retirees to participate in the benefits open enrollment via the benefits annual enrollment application. During the year, employees can use the benefits annual enrollment application to view their current coverage.

29 The University of Texas System Federated Benefits Enrollment Application Business Problem: Use of Social Security Numbers (SSN) as credentials. The use of social security numbers as identifiers will be prohibited by UT System policy by Proposed Solution: Leverage UT System Federation A federated version of the benefits annual enrollment application that allows employees and retirees to access the application using their home institution- provided identity credentials.

30 The University of Texas System Federated Benefits Enrollment Application Project Goals: Create a federated version of UTTouch - benefits annual enrollment mainframe application. Pilot year-round availability of the federated version of UTTouch with new hires and active employees at four institutions – UT System Administration, UT Dallas, UT Tyler, and UT Permian Basin – by Fall 2005 Release the federated version to production for new hires and active employees at all institutions by July 2006.

31 The University of Texas System Federated Benefits Enrollment Application NMI Components at Work: Shibboleth and Specifications eduPerson Object Classification NMI Outreach and sponsored events Federations

32 The University of Texas System Federated Benefits Enrollment Application Project Objectives: Allow employees to access UTTouch using their home institution-provided identity credentials Each institution identity provider shall assert via Shibboleth the appropriate attributes to UTTouch to authorize access to the application. Modify scripting environment to integrate with mainframe. Provide new and current employees year-round access to UTTouch to make their initial insurance selections or view their current coverage.

33 The University of Texas System Federated Benefits Enrollment Application Project Structure: Technical: Configure and implement Shibboleth SP server (UT Austin) Modify web agent Base install of UTTouch application in SP server Configure environment variables with clients Implement application changes for receiving user data via Shibboleth target/http assertion headers and accessing them in Natural Define application indexes to access ADABAS database Modify login verification modules Create proper authorizations for new Shibboleth SP server

34 The University of Texas System Federated Benefits Enrollment Application Project Structure: Policy: Short Term Issues surrounding the population, release, transmittal, and use of SSN data (since SSNs could be communicated in the background over the encrypted connection for the assertion from the Shibboleth Attribute Authority) Long Term Levels of Assurance Investigate ways to modify the application to not require SSN but use an institution’s local identifier

35 The University of Texas System Federated Benefits Enrollment Application Challenges: Retirees  Most institutions do not maintain data about their retirees much less do they maintain identity credentials for them.  Will require business process considerations Staff Resources  Conflicts with local institution projects

36 The University of Texas System Federated Benefits Enrollment Application Benefits: First large-scale, system-wide deployment of a federated application using Shibboleth …and the working knowledge from implementing it Significant stride in the elimination of the use of Social Security Numbers as credentials Increased awareness and buy-in from institutions regarding middleware What else can we share? And How?

37 The Great Plains Network (GPN) Region-Wide Collaboration Environment The Great Plains Network (GPN) Region-Wide Collaboration Environment

38 The Great Plains Network Region-Wide Collaboration Environment Background: 7 States in region (AR, KS, MO, ND, NE, OK, SD) GPN connected all states to Internet2/Abilene network as a gigapop. 3 states now connected and 4 are collaborating partners GPN has a history of network infrastructure collaboration - Midnet (1987) then GPN (1997) Can this history be turned into a collaborative research and education environment using middleware?

39 The Great Plains Network Region-Wide Collaboration Environment Project Basis: Participation of 11 of 23 campuses in GPN consortium in the creation of a region-wide collaboration environment Initial thrust: To develop a plan and deploy Shibboleth at each institution to provide a means for inter-institutional authentication Determine issues with integrating Shibboleth at each home institution

40 The Great Plains Network Region-Wide Collaboration Environment Project Goals (Year 1): Strategic planning on a regional basis to deploy Shibboleth authentication for collaborative activities Campus middleware assessment on campuses to determine impediments to moving forward Build a middleware testbed on two campuses to demonstrate interoperability for limited applications Attend and conduct workshops focused on middleware deployment (e.g., Shibboleth)

41 The Great Plains Network Region-Wide Collaboration Environment NMI Components at Work: Shibboleth and Specifications NSF/NMI and NSF/NMI-Edit middleware software tools eduPerson Object Classification NMI Outreach and sponsored events Shibboleth Federations

42 The Great Plains Network Region-Wide Collaboration Environment Project Components: Shibboleth installation and training occurred through install-fests Campus directory integration Support for federation Initial deployment with Internet2 InQueue Considering shifting GPN members to InCommon Resource providers redirect access requests to the user’s home institution for authentication MACE entitlements (urn:mace:greatplains.net) Using eduPersonEntitlement for fine-grained authorization Four entitlement-based resources at two institutions defined

43 The Great Plains Network Region-Wide Collaboration Environment Challenges: Dealing with policy issues among multiple institutions Defining entitlements for coarse-grained and fine- grained authorizations Developing a strategy for authorizing and managing entitlements with standardized tools (e.g., Signet and Grouper) in a federation Moving a testbed environment toward a production level environment with a broader scope to support regional research and education activities

44 The Great Plains Network Region-Wide Collaboration Environment Lessons Learned: A multi-institutional collaboration environment can be created using NMI middleware software tools Collaboration among individuals is essential Middleware projects will be limited by the level of support by the institutions in the region It is essential to remain aware of current events and changes within the broader NMI community Using NMI middleware: We are light years ahead of our talking last year!

45 In Summary.... NMI-EDIT is at work… Helping campuses build their identity management infrastructure Solving research, academic, and administrative problems Enabling new functionality by building a national infrastructure

46 For More on NMI… NSF Middleware Initiative NMI-EDIT Authentication CAMP – Feb. 8-10

47 Thank you!! Q / A

48 The University of Alaska System Contact Information: The University of Alaska System David Bantz, Chief Information Architect

49 California State University Contact Information: Stanislaus Roland Johnson, Manager AITS Maithreyi Manoharan, Assoc.VP for IT San Luis Obispo Dan Malone, Middleware Architect Theresa May, Information Management Coordinator Office of the Chancellor Mark Crase, Sr. Dir., Tech Infrastructure Srvcs

50 The University of Texas System Contact Information: The University of Texas System Administration Paul Caskey, Technology Architect Miguel Soldi, IT Policy and QA Coordinator

51 The Great Plains Network Region-Wide Collaboration Environment Contact Information: The Great Plains Network (GPN) Amy Apon, GPN ETR Project PI, University of Arkansas, Gordon Springer, GPN ETR Project Co-PI, University of Missouri, Columbia, Greg Monaco, GPN ETR Project Co-PI, Great Plains Network, Visit the GPN ETR Website:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.