A Map of Middleware LandA Map of Middleware Land

The Future of Interboundary Collaboration:(at least, what marketing is selling…)

The Future of Interboundary Collaboration:(at least, what marketing is selling…)

Ken KlingensteinDirector, Internet2 Middleware and Security

Copyright Ken Klingenstein 2006. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

TopicsTopics

• About predicting the future…• Related principles• Beyond the borders• IT• Libraries• Learning• Virtual organizations

• Missing pieces

It is risky to see the future…It is risky to see the future…

• "Everything that can be invented has been invented." • Charles H. Duell, Commissioner, U.S. Office of

Patents, 1899.

• “We won’t have more than 250 machines on the network”• Vint Cerf, an inventor of the Internet, 1970’s

• "640K ought to be enough for anybody." • Bill Gates, 1981

It is risky to see the future…It is risky to see the future…

• "I think there is a world market for maybe five computers." • Thomas Watson, chairman of IBM, 1943

• "We don't like their sound, and guitar music is on the way out." • Decca Recording Co. rejecting the Beatles,

1962.

Related principlesRelated principles

• When, where and how do internal boundaries reflect external boundaries?• Federations• Virtual organizations• But: • Internal boundaries often can count on some unique

identifier across them• Privacy issues, LOA, etc are more tractable• Risk management is an internal issue• Some things are easier, some things are harder

Related PrinciplesRelated Principles

• The institutions of a thousand years have more rigidity than the VO’s of a few months.• Roles• Relationships• Adoption of new technologies

Related principlesRelated principles

• It’s not about the technology • It’s about the policies• And its about the regulatory policies

• And it’s about the money• Reinforcing the wealthy• Or the disruption of that pattern

• And money and trust are very similar

Related principlesRelated principles

• User centric identity management• Integration across enterprise and personal

identities• Respecting separation of duties, privacy and

confidentiality issues, etc.• With a common interface and an accessible

paradigm• www.identityblog.com

Beyond the borders: ITBeyond the borders: IT

• What can or should be outsourced

• SSO and two factor authn

• Privacy spill minimization

• Privacy, security and audit

• Privilege management and roles

• Diagnostics

Outsourcing optionsOutsourcing options

• Identity management business processes

• Identity management software (MS, Oracle, etc.)

• Identity management services

• Integration of identity management with applications

• Integration of core business systems with identity management

• First/previous identity

Privilege management and rolesPrivilege management and roles

• The “static” part of authorization

• Role mining – eurikify.com

• Learn to love compliance…

• Visible gunk - Workflow and signed docs

• Its okay to put old wine in new bottles, if the new bottles are clear and reconfigurable

Beyond the borders: LibrariesBeyond the borders: Libraries

• Changes in licensing content• Closing of open shelves• Buying for smaller communities• Buyer’s club across realms

• Changes in finding content• The complexities of federated search

Dancing with DRMDancing with DRM

• Rights management• Integrating institutional and personal rights• Understandings and encoding rights

• Access control• A rich set of verbs: R,W,X, annotate, rank, extract fair-use

segment, etc.• A rich set of qualifiers: time, location, purpose, etc.

• Downstream controls• A technical patent mine field• Of greatest interest to MPAA, RIAA, etc.

Beyond the borders: LearningBeyond the borders: Learning

• Shared resources• Learning objects as fertile ground for access

management• A mix of role-based controls, rights

management, and binding of licenses to content

• Shared learning experiences and workflow

Beyond the borders: Virtual Organizations

Beyond the borders: Virtual Organizations

• Components• User• Enterprise• Virtual Organization• Virtual Organization Service Center

• Issues• How integrated should VOs be with the

campus?• Requires shared collective interests

Why enterprises are importantWhy enterprises are important

• Primary context for the VO user• Logical – application contexts, auth n/z• Physical – firewalls, diagnostics, external

connectivity• Policy - including access limits, audits, etc.

• VO’s often sell enterprise (e.g student) extensions• A large part of the users collaborations are based on

enterprise tools – vc, calendaring, web access, listprocs, wikis, webdavs, etc…

Virtual OrganizationsVirtual Organizations

•Geographically distributed, enterprise distributed community that shares real resources as an organization.•Examples include team science (NEESGrid, HEP, BIRN, NEON), digital content managers (library cataloguers, curators, etc), a state-based life-long learning consortia, a group of researchers coordinating a launch vehicle payload, etc.•On a continuum from interrealm groups (no real resource management, few defined roles) to real organizations (primary identity/authentication providers)•Want to leverage enterprise middleware and external trust fabrics, as well as support centers

VO RequirementsVO Requirements

• Domain-specific software• Code-sharing• Data-sharing• Distributed computing• Instrumentation management and data

acquiring

• Collaboration tools

• Integration and management

Virtual Organizations have…Virtual Organizations have…

• Real resources that they share and manage•May be computational resources•May be scientific instruments•May be bandwidth•May be shared data and content• Economic data•Museum materials•Cultural and artistic works

• A relatively small set of users who tend to travel in common circles

• Often the need to have some accounting and regulatory compliance

Virtual organizations vary…Virtual organizations vary…

• By lifetime of VO• Some are relatively short-term, perhaps 1-2 years• Some may persist for extended periods

• By size• By cluster – at any one time, 15-20 experiments (virtual

orgs) are active at Fermi Lab, CERN. A shuttle launch may need coordination among several vo’s that have equipment aboard.

• By type of domain-specific tools • A number are using Grids• A number subscribe to major scientific data streams • Some have no domain-specific tools

The Common RequirementsThe Common Requirements

• Communications support• Multiple options for real-time and asynchronous intra-VO

work• Integrated into the rest of one’s “presence”

• Collaboration support• Transparent web content access control• Workflow• Diagnostics

• Plumbing the control plane into the domain science systems and virtual organization software

• Plumbing the vo technologies into the local environment

Communication supportCommunication support

• Add this address book to my desktop video client as a vo setup

• Shared calendar access: Grant the following roles in my vo permission to read my calendar at a campus-equivalent level

• A “transparently manageable” mail list for the vo.• Provide and maintain an IM buddy list for the vo• Diagnostics

Collaboration supportCollaboration support

• A transparent and managed wiki

• A transparent and managed set of web access controls• Role based authorization• Workflow• A p2p trust fabric for vo use• Data models•Of the data•Of the meta-data – what are the privileges, rights. Etc

• Management of international issues in privacy, copyright, etc.

Operational IssuesOperational Issues

• Enterprise-level• Staffing time and expertise• Policy framework and negotiation• Business model and case

• VO-level• Users from schools with limited resources• Tool set• Disconnect between those who support and those

who use the services• Policy framework

Missing piecesMissing pieces

• Workflow

• DRM

• Federated PKI• For digital signatures• For CA’s associated with federation

members

WorkflowWorkflow

• Intra-realm use cases• Business process transactions• Related to privilege management

• Inter-realm use cases• Job scheduling in grids• VO processes• Learning experiences

• Is there a unified field theory of workflow?

Federated PKIFederated PKI