1. 16 September 2015 The Silver Ring: Inter-institutional Middleware Collaboration Michael Berman Mark Crase April 9, 2003 Michael Berman Mark Crase April 9, 2003 Copyright A. Michael Berman and Mark Crase, 2003. This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the authors. To disseminate otherwise or to republish requires written permission from the authors.

2. 9 April 2003 2 Overview of Presentation Overview of CSU IT Drivers for CSU Middleware Where we’ve been so far Where we’re going

3. 9 April 2003 3 The California State University 23 Campuses 1 Research Institution (R2) 21 4-year Comprehensive Institutions California Maritime Academy 400,000 Students 60,000 Faculty and Staff

4. 9 April 2003 4 Integrated Technology Strategy In 1997, the CSU Presidents came together to ensure that each campus in the system would have the technology infrastructure required to support each institution’s academic and administrative programs. The result was the creation of the CSU Integrated Technology Strategy

5. 9 April 2003 5 Integrated Technology Strategy Outcomes-based strategy Built on Integrated Academic and Administrative Initiatives Supported by a Robust Infrastructure Access (Hardware, Software, Network) Training Support Services

6. Technology Prerequisites Outcomes Initiatives SupportTraining Access Network Hardware Software Initiatives / Projects Distributed Learn. & Teach. Multimedia Repository Library Resources Student Friendly Services Common. Mgt. Systems Streamline I/T Delivery Procurement Process Improvement One Card Access Infrastructure Initiative Centers for Inst. Tech. Develop. Optimal Personal Productivity Excellence in Learning and Teaching Quality of Student Experience Administrative Productivity and Quality Baseline Training & User Support Infrastructure   CSU ITS FRAMEWORK FULL BASELINE CURRENT

7. 9 April 2003 7 Institutional MW Leadership Information Technology Advisory Committee Campus CIO’s Chancellor’s Office Staff Middleware Steering Committee CIO’s, Campus Technical Staff, CO flywheels Directories Working Group Campus Technical Staff

8. 9 April 2003 8 Drivers for a Multi-campus Approach to Middleware Financial While a one-size-fits-all approach may not work for all components, some economies of scale can be achieved. Political Being a State-subsidized institution, proper stewardship of public resources is always important, but it is especially important when budgets are tight.

9. 9 April 2003 9 Drivers for a Multi-campus Approach to Middleware Coordination Success even at the campus level will depend on a well coordinated approach. A Systemic effort will help reinforce the importance of coordination and cooperation. Help communicate the value of middleware and the benefits of the effort. Consistent with CSU Integrated IT Strategy

10. SupportTraining Network Hardware Software Access Infrastructure InitiativeBaseline Training & User Support Infrastructure Middleware Service Outcomes Initiative Applications The position of Middleware in the CSU ITS Pyramid when viewed from the technology perspective.

11. 9 April 2003 11 Drivers for a Multi-campus Approach to Middleware Maximize Value of Technology Investments Infrastructure Terminal Resources Project Common Management Systems PHAROS Library Project Help balance requirements for Strategic and Tactical planning Coordination with external agencies (SEVIS, NIH, etc.) and partners (I2, EDUCAUSE, etc.)

12. 9 April 2003 12 Where to Start? A Directories Working Group Directories as the starting point for more comprehensive middleware effort Ad hoc effort to work collaboratively Volunteers/interested parties - 20-40 persons representing most campuses Smaller detailed architecture sub-group

13. 9 April 2003 13 Final Recommendations… …will depend on projected system wide uses. However… Central directory servers (redundant and diverse) Submit campus data to system wide directory registry service (like DoDHE CDS) Common view with extensions, unique ID, security Minimum central attributes option Expanded central attributes option

14. 9 April 2003 14 Future of Group Larger scale central directory performance testing Automation of campus-to-central data feeds Design central registry reconciliation processes Lessons learned: need to commit resources, not just volunteer System wide direction: to be determined by Steering Committee

15. 9 April 2003 15 From Experiment to Institutional Response First Step: Middleware concepts presented to the CSU Executive Council Executive Council is 23 Presidents + Chancellor All receive Middleware briefing in February 2002 Consensus: “We’re not sure what it is, but if this is what we need, let’s do it.”

16. 9 April 2003 16 “Citizen of the CSU” Scenarios Alice Chu is a junior biology major at Cal State Hayward, and a Citizen of the CSU. As a “traditional” student, most of Alice’s coursework is in classrooms at the Hayward campus, but last semester she was an intern at a biotechnology company in Anaheim. Using the 4Cnet, she was able to access all her usual Hayward resources, even though she was connected to her company’s intranet. Since she was in the area, she also registered to receive email about lectures in biology at Cal Poly Pomona and Cal State Fullerton, and attended one in-person and another via video streaming etc…

17. 9 April 2003 17 Result: Middleware Steering Committee Formed Convened by CSU CIO, David Ernst CIO’s from multiple campus, CSU auditor and CO “fly wheel” Charged to develop a strategy for Middleware in CSU Formed in May 2002 Report overdue in October 2002 (nearly done!)

18. 9 April 2003 18 Preliminary Activities System-wide workshop at I2MM, October, 2002 2-3 persons from each campus Intended to raise Mware awareness Solicit input from academic/administrative managers Build consensus for moving forward

19. 9 April 2003 19 Initial Feedback Need to emphasize “interoperability” Need to be “standards-based” Address security from the beginning Overly ambitious agenda Need to narrow the initial scope Need to identify the initial outcomes and deliverables Need to estimate required resources (staff and $$ for HW and SW)

20. 9 April 2003 20 Initial Feedback (cont.) Create mechanism for identifying and addressing policy issues Communication (in English) Central website for MW info Call it something other than “Middleware”? What “it” is and what it isn’t. Work with campus Telecom (and others) How does it relate to CMS (PeopleSoft)? Coordinate w/ ERP Libraries appreciate invite to participate. Interested in Shib.

21. 9 April 2003 21 High-level Planning Planning Team convened for two days in November, 2002 CO and Campus staff and faculty Functional (CIO’s, Library, HR/Finance) Technical and Risk Management representation I2 Facilitators

22. 9 April 2003 22 Highlights of Recommendations 3-year Plan organized into three phases: January 2003 – September 2003 October 2003 – June 2004 July 2004 – June 2005

23. 9 April 2003 23 Phase One: Jan 2003 – September 2003 Establish CSU Middleware Policy Board, reporting to President’s Technology Steering Committee Create initial IMI policies and review practices Establish CSU-wide LDAP definition < EduPerson Establish a single, state-wide LDAP directory service replicate external-facing portion of individual directories one-third of campuses providing data to this directory Pilot Shibboleth authorization

24. 9 April 2003 24 Phase One: Jan 2003 – September 2003 Register the CSU as a certificate authority Establish a model and whitepaper to define best practices for identity reconciliation. Prepare a “good practices” whitepaper on developing campus registry and directories –recipe for campus development –statewide workshop

25. 9 April 2003 25 Phase One: Jan 2003 – September 2003 Work with CalVIP to integrate of the directory structure into Video initiatives. Working group to evaluate business case for CSU-wide permanent identifier for individuals Get commitment from CMS Executive Committee to assure integration into CMS baseline (ERP Project)

26. 9 April 2003 26 Phase Two: October 2003 – June 2004 Complete external directories for all entities. Move Shibboleth from pilot into full production. Develop a plan to integrate campus-wide directories into CMS and CSU Mentor (On-line Admissions) Develop a plan to integrate campus-wide directories into Pharos (Library system). Pilot secure messaging/digital signature system, possibly based on PKI-Lite specification CSU-wide identifier - consider initial development of technology and procedures for implementation

27. 9 April 2003 27 Phase Three: July 2004 – June 2005 Complete Integration with CMS and CSU Mentor Complete integration with Pharos Extend secure messaging/digital signatures to all campuses Assignment of permanent identifiers in full operation. Pilot extension of Middleware infrastructure to Community College and K12 community

28. 9 April 2003 28 Initial Operational Model Local/campus Implementation Staffing, software and hardware as needed Participate in policy development Centralized Coordination Coordinate intercampus activities Coordinate policy development Define system-wide architecture Acquire centrally managed software & hardware Manage system-wide communication Provide documentation and project management support

29. 9 April 2003 29 Initial Resource Projections Campus Resources:.5 to 2 FTE depending on local implementation requirements Staff resources typically already in place Central Resources: Middleware Architect Directory Architect Project Manager Documentation Specialist Communications Specialist Program Assistant

30. 9 April 2003 30 3-year Budget Projection Salaries & Benefits (Six Positions): FY 03/04 $563,640 FY 04/05$586,186 FY 05/06$609,633 Operating Expenses: FY 03/04$971,272 FY 04/05$147,272 FY 05/06$147,272

31. 9 April 2003 31 Barriers to Participation? What kind of campus representation is required? How do we incent participation? Executive Briefing to CABO, CIO, ExCom to get political support $$ People Getting mindshare

32. 9 April 2003 32 Next Steps: Campus How do you develop a vision? How do you develop a process to achieve the vision? Who are your stakeholders? What are the strengths you can leverage and limitations you need to address?

33. 9 April 2003 33 Next Steps: System How do you develop a shared vision? How do you develop a process to achieve the vision? Who are your stakeholders? What are the strengths you can leverage and limitations you need to address?

34. 9 April 2003 34 Thanks! Michael Berman amberman@csupomona.edu amberman@csupomona.edu Mark Crase mcrase@calstate.edu mcrase@calstate.edu Michael Gettes mrgettes@duke.edu mrgettes@duke.edu Ann West awest@educause.edu awest@educause.edu Please fill out the evaluation!

35. 9 April 2003 35

36. 9 April 2003 36 Development Principles Collaborative effort among all CSU campuses Maintain appearance of unified directory architecture Adopt a system wide unique identifier Common view (eduPerson, etc.) Standard software (LDAP now, others later) Security at least as good as source data/applications/business processes

37. 9 April 2003 37 Initial Assumptions Federated directory approach Common view incorporating eduPerson LDAP architecture Unique ID (unique vs. Linking) Internet2 involvement

38. 9 April 2003 38 Detailed Architecture Proposal Distributed directory model (campus directories, LDAP v3 referrals to all others) Domain component naming Adoption of eduPerson 1.0 (now 1.5) Extension to calstateEduPerson (affiliation, major, SecurityFlag, VOIP address) Provision for campusEduPerson attributes Global unique ID based on “uniqueness” algorithm Secure directory servers (SSL)

39. 9 April 2003 39 Test Bed Implementation Five campuses (SLO, Hayward, Northridge, Pomona, Fresno) Mixed directory software (iPlanet, OpenLDAP, Oracle) Various levels of compliance with system wide schema (mandatory-optional attributes) Various population subsets (student, staff, real/sample) Various client access methods (specialized search engines, Microsoft ‘address book’, Netscape ‘address book’, LDAP command line clients)

40. 9 April 2003 40 Some Results So Far Response times are long (local server capacity, client referrals) Client handling of referrals varies (some do – some don’t) Coordination of referral trees at multiple sites is difficult

41. 9 April 2003 41 Topics for Today CSU Middleware: Technical and Organizational Dimensions A. Michael Berman, Cal Poly Pomona Mark Crase, CSU Office of the Chancellor A. Michael Berman, Cal Poly Pomona Mark Crase, CSU Office of the Chancellor

42. 9 April 2003 42 Next Steps A number of our colleagues could not attend. If we were to convene another mtg., what would we want to cover? Items to add? –Better defined scope –Costs –Quick wins –Competing initiatives –Outcomes from the beginning –More HR, Registrars folks involved –CSU Case studies –CCC and UC Items to drop?

43. 9 April 2003 43 Some Discussion Topics Feedback Keystone Activities Second Tier Activities Barriers to Participation Next Steps

44. 9 April 2003 44 Keystone Activities Begin with Directories Identify a directory lead for each campus and CO Directory Day(s) preceded by some survey of current practices. Provide “best practices” for campus-based efforts Identify activities/participants in “central directory” pilot Other?

45. 9 April 2003 45 Second Tier Activities After Directories are on their way… Simple authentication? If so, which apps? –Local (Libraries/Shib) –System-wide (CMS) Other?