Upload
dorothy-mathews
View
215
Download
1
Tags:
Embed Size (px)
Citation preview
The Future of Interboundary Collaboration:(at least, what marketing is selling…)
The Future of Interboundary Collaboration:(at least, what marketing is selling…)
Ken KlingensteinDirector, Internet2 Middleware and Security
Copyright Ken Klingenstein 2006. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.
TopicsTopics
• About predicting the future…• Related principles• Beyond the borders• IT• Libraries• Learning• Virtual organizations
• Missing pieces
It is risky to see the future…It is risky to see the future…
• "Everything that can be invented has been invented." • Charles H. Duell, Commissioner, U.S. Office of
Patents, 1899.
• “We won’t have more than 250 machines on the network”• Vint Cerf, an inventor of the Internet, 1970’s
• "640K ought to be enough for anybody." • Bill Gates, 1981
It is risky to see the future…It is risky to see the future…
• "I think there is a world market for maybe five computers." • Thomas Watson, chairman of IBM, 1943
• "We don't like their sound, and guitar music is on the way out." • Decca Recording Co. rejecting the Beatles,
1962.
Related principlesRelated principles
• When, where and how do internal boundaries reflect external boundaries?• Federations• Virtual organizations• But: • Internal boundaries often can count on some unique
identifier across them• Privacy issues, LOA, etc are more tractable• Risk management is an internal issue• Some things are easier, some things are harder
Related PrinciplesRelated Principles
• The institutions of a thousand years have more rigidity than the VO’s of a few months.• Roles• Relationships• Adoption of new technologies
Related principlesRelated principles
• It’s not about the technology • It’s about the policies• And its about the regulatory policies
• And it’s about the money• Reinforcing the wealthy• Or the disruption of that pattern
• And money and trust are very similar
Related principlesRelated principles
• User centric identity management• Integration across enterprise and personal
identities• Respecting separation of duties, privacy and
confidentiality issues, etc.• With a common interface and an accessible
paradigm• www.identityblog.com
Beyond the borders: ITBeyond the borders: IT
• What can or should be outsourced
• SSO and two factor authn
• Privacy spill minimization
• Privacy, security and audit
• Privilege management and roles
• Diagnostics
Outsourcing optionsOutsourcing options
• Identity management business processes
• Identity management software (MS, Oracle, etc.)
• Identity management services
• Integration of identity management with applications
• Integration of core business systems with identity management
• First/previous identity
Privilege management and rolesPrivilege management and roles
• The “static” part of authorization
• Role mining – eurikify.com
• Learn to love compliance…
• Visible gunk - Workflow and signed docs
• Its okay to put old wine in new bottles, if the new bottles are clear and reconfigurable
Beyond the borders: LibrariesBeyond the borders: Libraries
• Changes in licensing content• Closing of open shelves• Buying for smaller communities• Buyer’s club across realms
• Changes in finding content• The complexities of federated search
Dancing with DRMDancing with DRM
• Rights management• Integrating institutional and personal rights• Understandings and encoding rights
• Access control• A rich set of verbs: R,W,X, annotate, rank, extract fair-use
segment, etc.• A rich set of qualifiers: time, location, purpose, etc.
• Downstream controls• A technical patent mine field• Of greatest interest to MPAA, RIAA, etc.
Beyond the borders: LearningBeyond the borders: Learning
• Shared resources• Learning objects as fertile ground for access
management• A mix of role-based controls, rights
management, and binding of licenses to content
• Shared learning experiences and workflow
Beyond the borders: Virtual Organizations
Beyond the borders: Virtual Organizations
• Components• User• Enterprise• Virtual Organization• Virtual Organization Service Center
• Issues• How integrated should VOs be with the
campus?• Requires shared collective interests
Why enterprises are importantWhy enterprises are important
• Primary context for the VO user• Logical – application contexts, auth n/z• Physical – firewalls, diagnostics, external
connectivity• Policy - including access limits, audits, etc.
• VO’s often sell enterprise (e.g student) extensions• A large part of the users collaborations are based on
enterprise tools – vc, calendaring, web access, listprocs, wikis, webdavs, etc…
Virtual OrganizationsVirtual Organizations
•Geographically distributed, enterprise distributed community that shares real resources as an organization.•Examples include team science (NEESGrid, HEP, BIRN, NEON), digital content managers (library cataloguers, curators, etc), a state-based life-long learning consortia, a group of researchers coordinating a launch vehicle payload, etc.•On a continuum from interrealm groups (no real resource management, few defined roles) to real organizations (primary identity/authentication providers)•Want to leverage enterprise middleware and external trust fabrics, as well as support centers
VO RequirementsVO Requirements
• Domain-specific software• Code-sharing• Data-sharing• Distributed computing• Instrumentation management and data
acquiring
• Collaboration tools
• Integration and management
Virtual Organizations have…Virtual Organizations have…
• Real resources that they share and manage•May be computational resources•May be scientific instruments•May be bandwidth•May be shared data and content• Economic data•Museum materials•Cultural and artistic works
• A relatively small set of users who tend to travel in common circles
• Often the need to have some accounting and regulatory compliance
Virtual organizations vary…Virtual organizations vary…
• By lifetime of VO• Some are relatively short-term, perhaps 1-2 years• Some may persist for extended periods
• By size• By cluster – at any one time, 15-20 experiments (virtual
orgs) are active at Fermi Lab, CERN. A shuttle launch may need coordination among several vo’s that have equipment aboard.
• By type of domain-specific tools • A number are using Grids• A number subscribe to major scientific data streams • Some have no domain-specific tools
The Common RequirementsThe Common Requirements
• Communications support• Multiple options for real-time and asynchronous intra-VO
work• Integrated into the rest of one’s “presence”
• Collaboration support• Transparent web content access control• Workflow• Diagnostics
• Plumbing the control plane into the domain science systems and virtual organization software
• Plumbing the vo technologies into the local environment
Communication supportCommunication support
• Add this address book to my desktop video client as a vo setup
• Shared calendar access: Grant the following roles in my vo permission to read my calendar at a campus-equivalent level
• A “transparently manageable” mail list for the vo.• Provide and maintain an IM buddy list for the vo• Diagnostics
Collaboration supportCollaboration support
• A transparent and managed wiki
• A transparent and managed set of web access controls• Role based authorization• Workflow• A p2p trust fabric for vo use• Data models•Of the data•Of the meta-data – what are the privileges, rights. Etc
• Management of international issues in privacy, copyright, etc.
Operational IssuesOperational Issues
• Enterprise-level• Staffing time and expertise• Policy framework and negotiation• Business model and case
• VO-level• Users from schools with limited resources• Tool set• Disconnect between those who support and those
who use the services• Policy framework
Missing piecesMissing pieces
• Workflow
• DRM
• Federated PKI• For digital signatures• For CA’s associated with federation
members
WorkflowWorkflow
• Intra-realm use cases• Business process transactions• Related to privilege management
• Inter-realm use cases• Job scheduling in grids• VO processes• Learning experiences
• Is there a unified field theory of workflow?