Transcript Slide 1

The Future of Federations and Networked Applications
NORDUnet conference 2008-04-10
Ingrid Melve, Uninett CTO
The future

Networked applications are here to stay
People need to communicate
 Applications need to communicate


Federations are here to stay


Organizations need to interconnect
Security mindset mutates with user
population
2
Where are networked
applications?

Shared apps





Self service
interfaces
Library services
Administrative
services
Reporting systems
National apps

Government portal

Local apps




e-learning
portals
wireless access
Local apps with
outside users


All of the above
Project workspace
3
4
Where do I log in on Tuesday?







Windows
Wireless network
 eduroam
 Uninett
Calendar at Uninett
Feide wiki
Uninett internal
portal
Liberty Alliance
Uninett mailing list










Wireless at home
Facebook
LinkedIn
SAS
Norwegian
Thon hotell company
account
iGoogle
Dopplr
Sourceforge
Hjertevekst (forum)
5
Federations in education





Authentication (login)
Establish trust
Policy for information flow
 Attributes, roles
 Privacy support
 Share across institutional
borders
Standardized integration
 Security solution
 Well-known integration
path
 Multi vendor support
Equal access to market for all
services
6
Next steps for federations


Interconnections
 Kalmar eIdentity Union (building in 2008)
 eduGAIN (testing 2007-2009)
Change standard to SAML2.0
 Upgrade underlaying software at each site




simpleSAMLphp, Shibboleth2.0, FAM (open)
Shrink-wrap software (vendor specific)
Integrate attributes from multiple sources
Learning from user centric identity
 OpenID: self-asserted ID across services


CardSpace: consistent credential user
interface


Use case: controlled blog commenting
Use case: user selects/reuse ID for specific
service
… then integrate the useful parts
7
Identity managed by organization

Norwegian king Olav II Digre
 Greed,
revenge, brutality
 Womanizer, dandy
 Leader of men, viking
 Invader of London

Church takes over IdM
Olav did wonders: Certified
process
 Olav is sanctified: Quality
control


St. Olav is honored today and is
8
Campus Identity
Management
9





Authoritative data sources
BAS (CIMS) is hub in information flow
All updates and changes flows through CIMS
CIMS is a necessary component
Local updates propagate to all systems
Major application changes in
the last decade

Applications talk to each other


Users expect web GUI




Point and click
Always on, always updated
Software-as-service
Users have their own laptop(s)


Web 2.0, SOA, networked apps
Always online, always disconnecting
The Google generation


Information is at your fingertips
Migrating from service to service
10
The Inside, The Outside and The Wilderness





Old university model:
professor + books + students
University provides education
 E-Learning
 E-Mail for communication
 Web portal
Content services
 Library services
 Subject specific databases
 Open information
University administration
 Self service interfaces
 Administrative systems
Clear interface to the world
11
The Inside, The Outside and The Wilderness

Outside service providers
 National services:



ASP/outsourced service
International services



libraries, databases, web portals
Google apps for education
Collaborative organizations
Clear interface to the University (inside)
12
The Inside, The Outside and The Wilderness







The great wide open Internet
 No clear (security) borders
 Anything can happen
Self-asserted Applications
Self-asserted Identity
Applications network,
mutate and evolve
Technology is entertainment
driven
Technology is not research
driven
Prediction:
 Plenty
 We will be surprised
 Control is mutating
 Content is king
13
The Inside, The Outside and The Wilderness
14
Trust is transitive

Your university can force you to trust
parties of their choosing



Applications frameworks lets an application
act on your behalf



During work hours
Feel free to protest
You choose(?) to delegate trust
Pragmatic security choices propagate
”Trust is transitive because I told you so”
15
University passive role

Outsource



E-learning
CPU/HPC
In house services




Bandwidth on
campus
License
agreements
Domain names
?
Print ?

Wilderness





Email
Storage
Calendar
Project support
Collaboration
support
16
University active role



Outsource
 Anything you may buy
better somewhere else
Advanced user support
 University purpose
 Quality, stability,
neutrality, privacy
Focus on supporting
 Learning process
 Research
 Efficient administration


In house services
 Bandwidth on
campus
 License
agreements
 Project support
 Collaboration
support
Wilderness
 Private lifes
 Testing concepts
 Students
17
Federations

Single Sign On (and happy users)


Transform Wilderness to Outside


Scales for parts of Wilderness
Integrate Outside with Inside


Because security domain is extended
Common integration
Operates for organizations


Inside and Outside
Networking Outside applications
18
Federation-enabled application
19
Anne,
the researcher




Scientific database
SPSS
Illustrations (birds)
50% of her work is
ICT trouble




Photoshop
Databases
Statistics
Learning
management

Publishing





Journals
Libraries
Reporting service
Flickr
Email



Co-workers
Research partners
Friends
20
Research

Journals and
publication



Publish or perish
Closed information
Tools







Databases
Laboratories
Project web page
Institute web
Library
Formal affiliation

50% of the
time of PhD
students spent
on sorting out
tools (mostly
ICT)
”If we knew
what we were
doing, it would
not be called
research” - Einstein
21
Scientific computing
22
http://imgs.xkcd.com/comics/large_hadron_collider.png
Researcher lessons


Research needs the Outside on the
Inside to do their job
Advanced user support is needed
Remember the 50% trouble
 Tailor solution to the actual needs


Researcher spend much time Inside,
some in collaboration with Outside,
little time in the Wilderness

Projects are important
23
Researcher future
- how to handle Outside Inside

Federations for integration of services




Collaboration tools


Research projects
Support wide variety of communication



Support tools: labs, databases
Integrate organizations
Make it easy to build virtual organizations
Researchers from different generations
Change will happen
Reflect on university needs


Stability, neutrality, privacy?
Attribute information to right person
24
Knut,
the student




Knut enters university
University takes away his tools,
and brand him as an outlaw
University gives him outdated
tools and lock his information
away from his tools
Is Knut working efficiently?
25








Heavy MSN usage
Facebook, MySpace
Google search
Flickr
GMail, Google Calendar
Yahoo portal
File sharing
NeoWeb64k
Social networking






Homo ludens
Learning
Testing
Communicate
Connect people
Migrate to next
application
26
Migrating user population: An example
27
Student lessons





It is not our network anymore
Students bring the Wilderness inside our
institutions (and inside our security domains)
Universities have stability, neutrality and
trustworthiness
Students come with a Internet past
 Know their tools
 Tailor solutions to the needs of universities
(and students)
Students mutate
 We cannot predict wishes
 We may predict their needs in learning and
research
28
Student future
- how to handle Wilderness

The Wilderness is here to stay
Admire the wild things
 Unpredictable network


Security sort of goes away



Safe Zones get break-in
Laptops and cell phones are body parts
Live with ephemeral services

Ignore, dissect and research
29
Who can you trust?
30
Trust university
and your federation!
Contact information


[email protected]
Thanks to
Users for mutating the Internet
 Norwegian higher education ICT
departments for arguing with me
about this
 Technology vendors for building
the solutions

31