Presentation is loading. Please wait.

Presentation is loading. Please wait.

Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 1 Georgia State University Sharing Resources – Sharing.

Published byDustin Bradford Modified over 9 years ago

Similar presentations

Presentation on theme: "Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 1 Georgia State University Sharing Resources – Sharing."— Presentation transcript:

1 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 1 Georgia State University Sharing Resources – Sharing Results Art Vandenberg Director, Advanced Campus Services avandenberg@gsu.edu

2 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 2 The Campus Georgia State University Atlanta, Georgia Downtown at Five Points (Zero Milepost!) Public, Doctoral/Research Extensive University One of 34 Institutions in University System of Georgia 28,163 students (Fall 2003 enrollment) - 2nd largest One of 4 research universities in University System Internet2, SCT Banner, Peoplesoft, WebCT, Novell…

3 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 3 Five Points Collaboration and Roadmaps Enterprise Directory Implementation NMI Testbed Grid Semantic Facilitator TM SM Outreach

4 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 4 Collaboration and Roadmaps Internet2 Middleware –http://middleware.internet2.edu/http://middleware.internet2.edu/ Middleware working groups, Internet2 Member Meetings Establishing liaisons and partnerships Enterprise Directory Implementation Roadmap –http://www.nmi-edit.org/roadmap/directories.htmlhttp://www.nmi-edit.org/roadmap/directories.html LDAP Recipe eduPerson schema Metadirectory Practices for Enterprise Directories in Higher Education NMI Components

5 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 5 Campus Success Factors Top level sponsorship – CIO Steering Group – CIO + IT Directors Working groups – data stewards, technical Stepwise approach, let it evolve Take advantage of opportunity – Follow the road –Student email was a prime driver in 2001 –New Rec Center was showcase opportunity: provisioning automated PantherCard privilege –WebCT, Campus Directory, Library feeds, email groups, check advice via email…

6 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 6 Caution – Sharing the Road Lean into curves Scouts versus settlers – different mindsets Should haves: –Insisted on unified namespace (rather than student // employee) –Said “NO” to use of SSN as identifier for new Student System –Consensus isn’t always “best” – just “mediocre” –Been more forceful in education (make ‘em read materials!) Scout’s hindsight: we should have had a road map!

7 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 7 Enterprise Directory Implementation Enterprise “directory architecture” Synchronizes data from different sources Provisions data to other consumers A view of “authoritative source” data Supports identity resolution Supports authentication & authorization –(directly, indirectly…) NMI Components (Renee Frost) Metadirectory Practices… Enterprise Directory Implementation Roadmap (and R.L.“Bob” Morgan)

8 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 8 Metadirectory

9 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 9 Person Registry Staff data Student data PERSON REGISTRY Name, ID, Address, Phone… Title, Department, College, Dept, Major, Course, Term WebCT class rolls Campus directory Student Rec Center access Feeds (scripts) Oracle RDBMS IBM Directory Integrator – business logic, automatic synchronization Consumers Student email Novell (LDAP) Netmail Email groups (student, Employees) PantherCard Assigned email sent back to SCT Banner Lists, ad hoc rpts

10 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 10 Ongoing results… Campus Directory – online January 18, 2003 Self-service Profile Manager – Summer 2003 –Select CampusId, set password, set Email routing –Email communication (not postal) for payroll/check advices Email groups (student, employee) –working groups engaged (College reps, technical, policy…) LDAP Authentication (in process) Account provisioning (Novell Netware, Groupwise, MS AD) Password synchronization Day One (pre-day one) enabling of electronic services

11 Campus Directory NMI Components LDAP Recipe; eduPerson schema; Metadirectory Practices… (provisioning, identifiers); Roadmap Policy Issues affiliations calculated per values allowed for eduPersonAffiliation Person Registry data: CampusID, email eduPersonPrincipalName Human resource data: Name, dept, Phone, PO Box

12 Profile Manager (self-service) NMI Components LDAP Recipe; eduPerson schema; WebISO model; Roadmap rollout, education… Web single sign-on Key Concepts: Identity management, Unique identifier for everyone at Georgia State

13 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 13 Directory Success Factors Clear value – visible, helpful, obvious Email –Official communication with self-service to manage targets –Email groups: students, faculty/staff ( FASTER Turn Around! ) LDAP authentication – positioned as enterprise solution Record added to registry at “first touch” - then pulled by SCT, Peoplesoft…!? Self-service options have a sound model Maintaining momentum is key

14 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 14 Caution Flags – Road Work Working with campus priorities Speed of progress may be relative Detours or short cuts? Advance scouts may not appreciate the regular “commute” Know when to let go Be prepared to explain & evangelize… again Oh – and Documentation… that’s important

15 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 15 Speaking of AuthN/AuthZ… Given a good enterprise directory basis… Other things can fall into place…

16 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 16 Web Authentication/Authorization Privacy Preserving Security Access to digital library resources (vendor databases) Current solution –IP-based access – spoofable, limiting –Proxy server – slightly better –Group accounts – obvious drawbacks some database passwords posted on public web! –Additional management of accounts & passwords management hassles, synchronization complexity extra account for user lag time setting up a new person (faculty, student, or employee)

17 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 17 Shibboleth Georgia State’s Pullen Library Provides secure access (not proxied) Leverages local enterprise authentication Access is based on role attributes (finer grained) Enables access from anywhere on web Reduces logins Stronger authentication (not just IP) Addresses user privacy NMI Components: Shibboleth; Trust Federation; Privacy preservation

18 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 18 Architecture components Sun Solaris for Shibboleth Origin Apache, Tomcat, J2SE Origin site (enterprise) requirements –Handle Server single signon (SSO) or web initial signon (WebISO) –Attribute Authority repository (mySQL or LDAP) Target site requirements –SHIRE –SHAR –WAYF –Resource Manager eduPerson schema LDAP Recipe Cf. PubCookie Trust Federation OpenSAML

19 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 19 Shibboleth Flow Handle Service SHIRE (Shibboleth Handle Indexical Reference Establisher Authentication System Attribute Authority WAYF (Where are you from?) Web resource (http://www.site) 1. http://www.site 2. 3. 4. 5. 6. 9. 8. 7. 10. SHAR (Shibboleth Attribute Requester) https://www.site

20 Access Web Resource – EBSCO Georgia State Library Shibboleth Pilot info page (c/o Laura Burtle) www.library.gsu.edu/shib/ 1. EBSCO test URL

21 Redirect via WAYF InQueue Federation (for pilot testing) 2. Pick your Shib origin (these are Inqueue sites recognized by target WAYF)

22 Shibboleth Origin – Local Login 3. Use local authentication (CampusID/pw)

23 Successful Authentication 4. Authenticated user is being directed to web site… (with Authorization checking behind the scenes)

24 Use EBSCO Web Resources Accessing EBSCO research Databases. 5. Do your thing. 4 steps: 1. Pick url 2. Pick origin 3. Login 4. Verification Use resource

25 Access Web Resource – JSTOR 1. Now Select Browse JSTOR (continuing current browser session)

26 Access, no Re-login (Shib saves session) Direct access to next Shibboleth site – (no WAFY, no login) 2. Do your thing. 1 (NOT 4) steps: 1. Pick url [2. NA] [3. NA] [4. NA] Use resource

27 JSTOR site knows it’s GSU “Your access to JSTOR is provided by Georgia State University” (identity not passed, but attributes may be)

28 OCLC / authorization attributes OCLC needs no further authentication, but does require specific attributes eduPersonAffiliation = member@gsu.edu eduPersonEntitlement= urn:mace:oclc:org… (eduPerson schema)

29 OCLC web resources Appropriate attributes permit access... OCLC recognizes Georgia State member (and contract)

30 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 30 Shibboleth Success Factors Addresses an important aspect of security – privacy Leverages enterprise directory foundation Georgia State Library continues it history of leadership Interest from GALILEO – Georgia’s state wide library Federation model resonates with shared libraries concepts Ideas can be their own reward: –ACIT Rock Eagle Conference October 2003 –Bolet, Bustos, Vandenberg sketch out Shibboleth EZProxy hybrid solution… –EZProxy is indeed adopting such a model. Cool!

31 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 31 Caution – Neighborhood Speed Bumps It’s not a one-click install Management of privileges (attribute release policies) is complicated endeavor, requiring finely detailed work Concepts can be hard to sell Being an early adopter can be lonely It’s a new paradigm – “How’s it going to pay off?” (Speed bumps usually do end… right?)

32 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 32 NMI Testbed GRID: vision & action GSU UAH UAB UMICH UVA USC TACC Tulane GMU SC DUKE xxxxxxxxxxxxxxxxxxxxxxxxx UARK MPICH-G2 OGCE portals gridFTP BridgeCA Globus Toolkit Condor-G KX.509 Shibboleth

33 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 33 NMI Testbed GRID: vision & action Vision – build a model of future grid – Address interoperation challenges – Heterogeneous sites, Resources – Applications run transparently – Data, computing, visualization anywhere – Redundant, fault tolerant, availability – Policy is one of cooperative computing NMI Testbed Grid – Start it, embrace it NMI Components: Globus Bundles R1, R2, R3, R4, R5…

34 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 34 Catalog of Grid Applications: data Information is a resource – researchers, grids, applications? – existing and potential http://art12.gsu.edu:8080/grid_cat/index5.jsp NSF Research Experience for Undergraduates: Nicole Geiger, Physics Anish Shindore, CIS

35 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 35 Sharing computing, applications, portals, BridgeCA – People

36 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 36 Grid applications: value proposition Computation time for Multiple Genome Alignment - Testing varied environments (uni-cluster, Globus with uni-cluster, MPICH-G2 multi-cluster) - Using 9 processors in each case NB: interesting improvement using MPICH-G2 across multiple clusters (Hypothesis: avoids bus contention of uni-cluster environment…?) Multiple Genome Alignment Grids improve algorithm Multiple clusters have added benefit Number of elements per processor Nova Ahmed, CS (Georgia State); Pravin Joshi (UAB); Beowulf cluster UAB; Jim Cotillier (USC) Shelley Henderson (USC);

37 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 37 Georgia State: http://acsgridhead.gsu.eduhttp://acsgridhead.gsu.edu Victor’s Laptop ACS Grid node Austin, TX Atlanta, GA Alan Tang, MBA Victor Bolet, Analyst Programmer John-Paul Robinson (UAB)

38 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 38 Grid Expectations Collaborating partners Extending work of NMI National Science Foundation Grant No. ANI-0123937 Sharing pooled resources, expertise Great potential for research and education Includes student experience and contribution Grids are about COOPERATIVE COMPUTING

39 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 39 Caution – Grid lock Funding is tight Competition too… Grids are about COOPERATIVE COMPUTING

40 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 40 Semantic Facilitator TM SM NSF-ITR Grant 0312636 Originated from LDAP work Monitoring, clustering & visualization of metadata can facilitate information integration Being applied to bioinformatics Intellectual challenge Great collaboration team http://art12.gsu.edu/SOM_INTERFACE/index.html

41 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 41 Automated information integration Eduperson attributes localDomain eduperson… Adoption rates Emergence of standards Database of schemas Interactive

42 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 42 Semantic Facilitator TM SM Success Factors Working prototype, publications, funding, collaboration, hard problem What’s not to like?!

43 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 43 Outreach Internet2 Member meetings, working groups Educause, CUMREC Globus World SURA workshops, conference call NMI Integration Testbed Results seminars University System of Georgia Annual Computing Conf WITS02 Conference, HICSS36 Grid and Cooperative Computing 2004 IEEE SMC, IKE04 Students, faculty, staff…

44 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 44 Success factors – Communication Collaboration Proposal development, planning, execution Enthusiasm Volunteering, cooperative approaches

45 Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 45 Contact Art Vandenberg avandenberg@gsu.edu

Download ppt "Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 1 Georgia State University Sharing Resources – Sharing."

Similar presentations

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.

Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.
Emory University Case Study I2 Day Camp November 5, 2010 John Ellis & Elliot Kendall.

Emory University Case Study I2 Day Camp November 5, 2010 John Ellis & Elliot Kendall.
SURA NMI Utility Grid: Sharing Resources, Sharing Results SURA Cyberinfrastructure Workshop: Grid Application Planning & Implementation January 5-7, 2005.

SURA NMI Utility Grid: Sharing Resources, Sharing Results SURA Cyberinfrastructure Workshop: Grid Application Planning & Implementation January 5-7, 2005.
Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,

Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park

June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
The Business of Identity Management Barry R. Ribbeck Director Systems Architecture & Infrastructure Rice University

The Business of Identity Management Barry R. Ribbeck Director Systems Architecture & Infrastructure Rice University
Case Study: Establishing Momentum for Implementing Directory & Public Key Infrastructure Art Vandenberg Director, Advanced Campus Services Information.

Case Study: Establishing Momentum for Implementing Directory & Public Key Infrastructure Art Vandenberg Director, Advanced Campus Services Information.
Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.

Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Georgia State University Case.

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Georgia State University Case.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
Digital Identity Management Strategy, Policies and Architecture Kent Percival 2005 06 23 A presentation to the Information Services Committee.

Digital Identity Management Strategy, Policies and Architecture Kent Percival A presentation to the Information Services Committee.
Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.

Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.
Mairéad Martin The University of Tennessee September 13, 2015 Federated Digital Rights Management.

Mairéad Martin The University of Tennessee September 13, 2015 Federated Digital Rights Management.

Similar presentations

Ads by Google