SIMPLIFYING THE CLOUD – the case for federation Dr. Terry Gray Assoc VP, Technology Strategy University of Washington Microsoft CIO Summit 25 Feb

HYPOTHESIS Federation & Interoperability are key to effective collaboration in complex environments

Agenda 1. Context 2. Why the Cloud? 3. Why not? 4. Why Federation? 5. Why SAML? 6. UW case study

CONTEXT: Research Universities Mission: discovery & innovation Means: extreme collaboration – - Globally, at scale Culture: decentralized; diffuse authority – – Collections of many independent businesses – – A microcosm of “the Internet” “Corporations turn ideas into money; Universities turn money into ideas.” --Craig Hogan

PROBLEM ← Too many accounts → Too little interoperability Business need: improve collaboration Barrier: complexity Trap: collaboration exacerbates complexity

COPING WITH COMPLEXITY In diverse collaborations: --homogeneity is not an option -accounts become an N*N problem Therefore, we need: -integration via interoperability -fewer things to think about -at least... the illusion of simplicity and coherence!

WHY THE CLOUD? It's where our people are going Allows easier (self-service) collaboration Leverages market agility, advances Allows better use of scarce IT resources → IT Goal: any time / place / device access & collaboration → Cloud computing supports this goal

CLOUD CONCERNS Institutional view Operational risk Financial risk Compliance risk User view Reliability Privacy, safety, security Simplicity, interoperability

INTEROPERABILITY example: the calendaring problem Outlook/ Exchange User IT Staff Google Calendar User

INTEROPERABILITY SCENARIO USERS: Mary: Outlook + BPOS-D Joe: TBird + Outlook Live Ann: Mac/Safari + Google TASKS: Schedule a meeting Create an access group Co-edit a document ISSUES: Discovering authoritative server Access or account provisioning Protocol compatibility (IMAP, CalDav) EXAMPLES: Zoho via Yahoo or Google credentials Digg via Facebook credentials EduRoam via InCommon (local creds)

INTEROPERABILITY ELEMENTS Data structures Transfer Protocols Discovery Protocols Identity & Access Management Metal

WHY FEDERATION? Supports interoperability Best defense against account/password proliferation Leverages institutional identity for reputation/branding Improved security: can reduce password attack surface* Convenience: helpful for both migration & steady state * cf. Thick Client Issues

CHOICES WS Federation / Trust Information Card OpenID OAuth Open Social SAML + Shibboleth + InCommon

FEDERATION ELEMENTS Protocol Spec: e.g. SAML Software: e.g. Shibboleth – + Geneva, others Trust Fabric: e.g. InCommon – + Nat'l Federations in 25 countries

WHY SAML? Security Assertion Markup Language Industry standard, with input from H-E Good support for user attributes (claims) Supports scalable multi-party trust fabrics Used in many sectors for many years Dominant in H-E sector; Big science; K12 Part of mature federation ecosystem – (SAML + Shibboleth + InCommon)

THICK CLIENT PROBLEM Many federation protocols designed only for web apps For web apps, service provider need not store passwords Supporting existing non-web apps means: Continuing to store passwords on cloud service, or... Exposing enterprise passwords on cloud service via proxy Convenience often trumps security

UW meets the Cloud

CLOUD UW 64K UW users 50% of students ALREADY forward their UW !

STRATEGIC PREMISES Cloud computing is a big deal UW should encourage it, modulo compliance obligations Compliance risk is reduced via partner contracts A single-vendor strategy will not work for UW Integrating faculty/staff with students is essential

THE PLAYING FIELD Outlook Live Google Apps BPOS-D Service Departmental Exchange/SP Servers Central Exchange/SP Servers Central IMAP & Web Servers Other cloud services The IT challenge: make collaboration work in this context! Other universities

LESSONS from a Dawg Free services are not free Moving targets, startup problems, service culture Cloud Conundrum: Integration adds value & cost Collaboration Barriers Multiple account madness Lack of interoperability Lack of group support Pushback Students: “Where's the beef” (vs. existing options) Faculty: privacy, security, data ownership/mining

NEXT STEPS Enhancing Cloud Services – Group management features – Improved calendar interoperability – SAML SSO for Outlook Live → via MS/UW Partnership Retiring On-Premise Services – Student services – Central Exchange/Sharepoint services → via move to Microsoft BPOS-D

UW – MICROSOFT PARTNERSHIP Initial Focus on SAML/Shib support for Assisting MS in tackling BPOS + Crucial to our multi-platform service strategy & migration Unlike with some companies, it's a true partnership...

SUMMARY → The cloud enables more collaboration → Therefore we need to enable the cloud And make it work better Federated cloud services essential Use is soaring despite concerns

Questions Special thanks to RL “Bob” Morgan, UW's Middleware Maven!