Transcript Slide 1
The Future of Federations and Networked Applications
NORDUnet conference 2008-04-10
Ingrid Melve, Uninett CTO
The future
Networked applications are here to stay
People need to communicate
Applications need to communicate
Federations are here to stay
Organizations need to interconnect
Security mindset mutates with user
population
2
Where are networked
applications?
Shared apps
Self service
interfaces
Library services
Administrative
services
Reporting systems
National apps
Government portal
Local apps
e-learning
portals
wireless access
Local apps with
outside users
All of the above
Project workspace
3
4
Where do I log in on Tuesday?
Windows
Wireless network
eduroam
Uninett
Calendar at Uninett
Feide wiki
Uninett internal
portal
Liberty Alliance
Uninett mailing list
Wireless at home
Facebook
LinkedIn
SAS
Norwegian
Thon hotell company
account
iGoogle
Dopplr
Sourceforge
Hjertevekst (forum)
5
Federations in education
Authentication (login)
Establish trust
Policy for information flow
Attributes, roles
Privacy support
Share across institutional
borders
Standardized integration
Security solution
Well-known integration
path
Multi vendor support
Equal access to market for all
services
6
Next steps for federations
Interconnections
Kalmar eIdentity Union (building in 2008)
eduGAIN (testing 2007-2009)
Change standard to SAML2.0
Upgrade underlaying software at each site
simpleSAMLphp, Shibboleth2.0, FAM (open)
Shrink-wrap software (vendor specific)
Integrate attributes from multiple sources
Learning from user centric identity
OpenID: self-asserted ID across services
CardSpace: consistent credential user
interface
Use case: controlled blog commenting
Use case: user selects/reuse ID for specific
service
… then integrate the useful parts
7
Identity managed by organization
Norwegian king Olav II Digre
Greed,
revenge, brutality
Womanizer, dandy
Leader of men, viking
Invader of London
Church takes over IdM
Olav did wonders: Certified
process
Olav is sanctified: Quality
control
St. Olav is honored today and is
8
Campus Identity
Management
9
Authoritative data sources
BAS (CIMS) is hub in information flow
All updates and changes flows through CIMS
CIMS is a necessary component
Local updates propagate to all systems
Major application changes in
the last decade
Applications talk to each other
Users expect web GUI
Point and click
Always on, always updated
Software-as-service
Users have their own laptop(s)
Web 2.0, SOA, networked apps
Always online, always disconnecting
The Google generation
Information is at your fingertips
Migrating from service to service
10
The Inside, The Outside and The Wilderness
Old university model:
professor + books + students
University provides education
E-Learning
E-Mail for communication
Web portal
Content services
Library services
Subject specific databases
Open information
University administration
Self service interfaces
Administrative systems
Clear interface to the world
11
The Inside, The Outside and The Wilderness
Outside service providers
National services:
ASP/outsourced service
International services
libraries, databases, web portals
Google apps for education
Collaborative organizations
Clear interface to the University (inside)
12
The Inside, The Outside and The Wilderness
The great wide open Internet
No clear (security) borders
Anything can happen
Self-asserted Applications
Self-asserted Identity
Applications network,
mutate and evolve
Technology is entertainment
driven
Technology is not research
driven
Prediction:
Plenty
We will be surprised
Control is mutating
Content is king
13
The Inside, The Outside and The Wilderness
14
Trust is transitive
Your university can force you to trust
parties of their choosing
Applications frameworks lets an application
act on your behalf
During work hours
Feel free to protest
You choose(?) to delegate trust
Pragmatic security choices propagate
”Trust is transitive because I told you so”
15
University passive role
Outsource
E-learning
CPU/HPC
In house services
Bandwidth on
campus
License
agreements
Domain names
?
Print ?
Wilderness
Email
Storage
Calendar
Project support
Collaboration
support
16
University active role
Outsource
Anything you may buy
better somewhere else
Advanced user support
University purpose
Quality, stability,
neutrality, privacy
Focus on supporting
Learning process
Research
Efficient administration
In house services
Bandwidth on
campus
License
agreements
Project support
Collaboration
support
Wilderness
Private lifes
Testing concepts
Students
17
Federations
Single Sign On (and happy users)
Transform Wilderness to Outside
Scales for parts of Wilderness
Integrate Outside with Inside
Because security domain is extended
Common integration
Operates for organizations
Inside and Outside
Networking Outside applications
18
Federation-enabled application
19
Anne,
the researcher
Scientific database
SPSS
Illustrations (birds)
50% of her work is
ICT trouble
Photoshop
Databases
Statistics
Learning
management
Publishing
Journals
Libraries
Reporting service
Flickr
Email
Co-workers
Research partners
Friends
20
Research
Journals and
publication
Publish or perish
Closed information
Tools
Databases
Laboratories
Project web page
Institute web
Library
Formal affiliation
50% of the
time of PhD
students spent
on sorting out
tools (mostly
ICT)
”If we knew
what we were
doing, it would
not be called
research” - Einstein
21
Scientific computing
22
http://imgs.xkcd.com/comics/large_hadron_collider.png
Researcher lessons
Research needs the Outside on the
Inside to do their job
Advanced user support is needed
Remember the 50% trouble
Tailor solution to the actual needs
Researcher spend much time Inside,
some in collaboration with Outside,
little time in the Wilderness
Projects are important
23
Researcher future
- how to handle Outside Inside
Federations for integration of services
Collaboration tools
Research projects
Support wide variety of communication
Support tools: labs, databases
Integrate organizations
Make it easy to build virtual organizations
Researchers from different generations
Change will happen
Reflect on university needs
Stability, neutrality, privacy?
Attribute information to right person
24
Knut,
the student
Knut enters university
University takes away his tools,
and brand him as an outlaw
University gives him outdated
tools and lock his information
away from his tools
Is Knut working efficiently?
25
Heavy MSN usage
Facebook, MySpace
Google search
Flickr
GMail, Google Calendar
Yahoo portal
File sharing
NeoWeb64k
Social networking
Homo ludens
Learning
Testing
Communicate
Connect people
Migrate to next
application
26
Migrating user population: An example
27
Student lessons
It is not our network anymore
Students bring the Wilderness inside our
institutions (and inside our security domains)
Universities have stability, neutrality and
trustworthiness
Students come with a Internet past
Know their tools
Tailor solutions to the needs of universities
(and students)
Students mutate
We cannot predict wishes
We may predict their needs in learning and
research
28
Student future
- how to handle Wilderness
The Wilderness is here to stay
Admire the wild things
Unpredictable network
Security sort of goes away
Safe Zones get break-in
Laptops and cell phones are body parts
Live with ephemeral services
Ignore, dissect and research
29
Who can you trust?
30
Trust university
and your federation!
Contact information
[email protected]
Thanks to
Users for mutating the Internet
Norwegian higher education ICT
departments for arguing with me
about this
Technology vendors for building
the solutions
31