Management Primer on Middleware Louise Miller-Finn, Johns Hopkins University Renee Woodten Frost, Internet2 & University of Michigan

Management Primer on Middleware

Louise Miller-Finn, Johns Hopkins University

Renee Woodten Frost, Internet2 & University of Michigan

Base CAMP 24 June 2002 Primer on Middleware 2

Agenda• What is Middleware?

• Why is it Important? How is it Used?

• What are the Underlying Concepts and Architecture?

• What Resources are There to Help?


Middleware in Action

Mary is a grad student at Alpha U, taking courses both in a traditional classroom and online and interns at a biotech company nearby. Using her laptop, Mary needs to access her e-mail, courseware, calendar and library resources from all three locations; home, campus and work. She also uses a wireless PDA when on-campus to stay in touch with her lab mates.


Middleware in Action

The new Chair of the Dept. of Physiology has arrived on campus over the weekend. Dr. Agnew is very anxious to get access to campus IT resources such as e-mail, calendar, web services and the mainframe. He does not want to wait for the requisite 3-5 business days it takes to get the accounts setup. Since IT already knows of him, he can use a self-service interface to accomplish his goal.


What is Middleware?• specialized networked services that are shared by

applications and users• a set of core software components that permit scaling of

applications and networks• tools that take complexity out of application integration• a second layer of the IT infrastructure, sitting above the

network • a land where technology meets policy• the intersection of what networks designers and

applications developers each do not want to do


NMI Definition of Middleware

• Middleware is software that connects two or more otherwise separate applications across the Internet or local area networks. More specifically, the term refers to an evolving layer of services that resides between the network and more traditional applications for managing security, access and information exchange to:


NMI Definition of Middleware

• Let scientists, engineers and educators transparently use and share distributed resources, such as computers, data, networks and instruments.

• Develop effective collaboration and communications tools such as Grid technologies, desktop video and other advanced services to expedite research and education and

• Develop a working architecture and an approach that can be extended to the larger set of Internet and network users.


Map of Middleware Land


Core Middleware

Middleware makes “transparent use” happen, providing consistency, security, privacy and capability

• Identity - unique markers of who you (person, machine, service, group) are

• Authentication - how you prove or establish that you are that identity

• Directories - where an identity’s basic characteristics are kept

• Authorization - what an identity is permitted to do

• Public Key Infrastructure (PKI) - emerging tools for security services


How is it used?Email

– Common authentication and directories

Account management– Common authentication and provisioning mechanism

Next-generation portals – Common authentication and storage for profiles and

preferences.

Web access controls– Common authentication and directories

Calendaring– Common authentication and directories


How is it used?Digital Libraries

– Scalable, interoperable authentication and authorization.

Grids (Research for now)– Model for a distributed computing environment, addressing

diverse computational resources, distributed databases, network bandwidth,etc.;

– Globus provides security, location and allocation of resources, and scheduling.

Instructional Management Systems – Common authentication and directories.

Academic Collaboration– Restricted sharing of materials among institutions.


Organizational Drivers

• Federal government

• E-enterprise functions

• Service expectations

• Resource allocation pressures

• Collaboration


Benefits to the Institution• Economies for central IT - reduced account management,

better web site access controls, tighter network security...• Economies for distributed IT - reduced administration,

access to better information feeds, easier integration of departmental applications into campus-wide use...

• Improved services for students and faculty - access to scholarly information, control of personal data, reduced legal exposures...

• Participation in future research environments - Grids, videoconferencing, etc.

• Participation in new collaborative initiatives – Directory of Directories, Shibboleth, etc.


Costs to the Institution• Modest increases in capital equipment and staffing

requirements for central IT• Considerable time and effort to conduct campus

wide planning and vetting processes• One-time costs to retrofit some applications to

new central infrastructure• One-time costs to build feeds from legacy source

systems to central directory services• The political wounds from the reduction of

duchies in data and policies


Nature of the Work

• Technology

– Establish campus-wide services: name space,

authentication

– Build an enterprise directory service

– Populate the directory from source systems

– Enable applications to use the directory


Nature of the Work

• Policies and Politics– Clarify relationships between individuals and

institution– Determine who manages, who can update and

who can see common data – Structure information access and use rules

between departments and central administrative units

– Reconcile business rules and practices

Underlying Concepts & Architecture


Pause for some terminology

• Identity: set of attributes about you.• Authentication: process used to prove your

identity. Often a login process.• Authorization: process of determining if

policy permits an intended action to proceed.

• Customization: presentation of user interface (UI) tailored to user’s identity.


What IT needs to know

Identity – “you”. Characteristics that pertain to the service at hand. Examples:

– Library resource: current member of the set of licensees

– Video for course: enrolled in the course– Email or calendar: University username– Videoconference: current network address


What IT needs to do

Each service must determine what it should present to you & what you are entitled to do. Possible ways it might undertake that:

– Ask you to login and look up info in its own database. (authentication & authorization)

– Ask you to login and look up info in a common or central database.

– Trust some other source to assert needed info (the other source might make you login).


Service architectures

StovepipeStovepipe (or silosilo): Service performs its own authentication and consults its own database for authorization and customization attributes.

service

authN attrs

service

authN attrs


Comparative service architectures

Stovepipes are run by separate departments/divisions.

– Environment is more challenging to users, who may need to contact each office to arrange for service.

– No automated life cycle management of accounts.

– Per-service identifiers and security practices make it more difficult to achieve a given level of security across the enterprise.


Service architectures

IntegratedIntegrated: Service refers authentication to and obtains attributes for authorization and customization from enterprise infrastructure services.

service1authentication

service

attributeservice

Service N

An Organization



Enterprise authentication & attribute services are run by a central office.

– All attributes known by the organization about a member can be integrated and made available to services.

– Automated life cycle account management is possible across the enterprise.

– Common identifiers across integrated services makes an easier and more secure user environment.


Four service architectures

FederatedFederated: Service refers authentication to and obtains attributes for authorization and customization from possibly external infrastructure services.

service

authenticationservice

attributeservice

Organization 1 Organization 2


Four service architectures

GridGrid: Service refers authentication to and obtains attributes for authorization and customization from common grid services.


service

attributeservice

Service N

A Virtual Organization



• Federated authentication & attribute services rely on each participating organization’s enterprise authentication & attribute services.

• Integration of Grid services with enterprise services is a medium term goal of the NSF Middleware Initiative.


The Objective

Prepare campuses to implement core Prepare campuses to implement core middleware for an integrated architecture.middleware for an integrated architecture.


service

attributeservice

Service N

An Organization


Core middleware for an integrated architecture

Vignettes Revisited


Provisioning vignetteProvisioning vignette: The new Chair of the Dept. of Physiology has arrived on campus over the weekend. Dr. Agnew is very anxious to get access to campus IT resources such as e-mail, calendar, web services and the mainframe. He does not want to wait for the requisite 3-5 business days it takes to get the accounts setup. Since IT already knows of him, he can use a self-service interface to accomplish his goal. <to model>

HRS Metadirectory

Acct Init Service

authN

attrs


Student vignetteStudent vignette: Mary is a grad student at Alpha U, taking courses both in a traditional classroom and online and interns at a biotech company nearby. Using her laptop, Mary needs to access her e-mail, courseware, calendar and library resources from all three locations; home, campus and work. She also uses a wireless PDA when on-campus to stay in touch with her lab mates. <to model>

Mailbox

CalendarWireless Gateway

NAS Server

Lib Proxy

CMSauthN

attrs


Vignette analysis

• Set of vignettes portray: – Seamlessness of transitions between services.– Independence of location of service or user.– Suites of services designed to support activities

of different constituencies.– Absence of need to make prior arrangement for

resources required to enable services.


Middleware Resources


What resources are there to help?• Expert, diverse leadership and collaborators

–MACE and the working groups–NSF catalytic grants –Early Adopters–Higher Education Partners – campuses, EDUCAUSE, CREN, CNI,

SURA, GRIDS, NACUBO,AACRAO, NACUA, etc–Government Partners - NSF, NIH, NIST, fPKI TWG, etc–Corporate Partners – IBM, SUN, Metamerge, Radvision, etc–International communities


What resources are there to help?• Websites

http://middleware.internet2.edu

http://www.nsf-middleware.org

http://www.nmi-edit.org

http://www.grids-center.org

• Middleware information and discussion [email protected]

[email protected]

NMI lists (see websites)


What resources are there to help?

• Workshops– Pre-conference Seminars

– Summer CAMPs

(Campus Architectural Middleware Planning)

• Base – June 24-26, 2002

• Advanced – July 31 – August 2, 2002


What resources are there to help?

• Introductory Documents

– Sample Middleware Business Case and corresponding

Writer’s Guide

– Identifiers, Authentication, and Directories: Best

Practices for Higher Education

– Identifier Mapping Template and Campus Examples


What resources are there to help?• NSF Middleware Initiative Release 1

ComponentsSoftwareDirectory Object ClassesConventions and Practices

Recommended PracticesWhite Papers

PoliciesServicesWorks in progress: White Papers

• Working Groups and Projects


Contacts

• Renee Woodten Frost

Internet2 & University of Michigan

[email protected]

• Louise Miller-Finn

Johns Hopkins University

[email protected]