27 April 2009
Collaboration InfrastructureNiels van Dijk, Frank Pinxt, SURFnet
SURFnet, Pioneering Network for Higher Education and Research2
About the presenters
2 SURFnet, Pioneering Network for Higher Education and Research
Niels van Dijk, Technical Product Manager
Advanced Services
Frank Pinxt, Project Manager
Advanced Services
SURFnet, Pioneering Network for Higher Education and Research3
Agenda
3 SURFnet, Pioneering Network for Higher Education and Research
- SURFnet Organization- The CIFC project- The CIFC results
SURFnet, Pioneering Network for Higher Education and Research4
SURFnet
SURFnet, Pioneering Network for Higher Education and Research4
SURFnet, Pioneering Network for Higher Education and Research5
SURFnet in a nutshell
SURFnet, Pioneering Network for Higher Education and Research5
- Develops and operates a network for education and research
and develops innovative services such as security,
authentication and collaboration
- Unique example of public/private partnership
- More than 160 not-for-profit organizations have joined,
1 million users
- Financing
Innovation: 50%/50% by government/businesses
Operations: user fee
SURFnet, Pioneering Network for Higher Education and Research6
SURFnet6
- One of the fastest and
most advanced networks
in the world
- More than 8000 km of
dark-fibre pairs that reach
all the way into the
institutions
- Own photonic network
- Hybrid network services:
Internet connection and
lightpaths
SURFnet, Pioneering Network for Higher Education and Research6
Leading in lightpaths
28 april 20097
Thanks to SURF,Amsterdam has Europe’s main
Internet exchange
SURFnet, Pioneering Network for Higher Education and Research8
Security
SURF’s view:
Help users make secure use of network services
Initiative:
- Researches security breaches
- Coordinates introduction of solutions
- Provides information on security
SURFnet, Pioneering Network for Higher Education and Research8
SURFnet, Pioneering Network for Higher Education and Research9
Identity management
SURF’s view:
Help users gain secure and easy access to sources of information
Initiative:
- Access to information and services from various different providers
- Based on own organisation’saccount
SURFnet, Pioneering Network for Higher Education and Research9
SURFnet, Pioneering Network for Higher Education and Research10
Advanced services
SURF’s view:Encourage users to use advanced ICT services
Initiatives:- SURFgroepen:
online collaboration- SURFmedia:
simple and secure live and on-demand streaming to play, save and share media files
SURFnet, Pioneering Network for Higher Education and Research10
SURFnet, Pioneering Network for Higher Education and Research11
Cycle of innovative services
When services are offered by the market, SURF gradually withdraws them
TechnologyScouting
Userresearch
Feasibilitystudy
Servicedevelopment
Encouraging Use
& SupportProduction
Phasingout
Technologydevelopment
Customerrequirements
1 2 3 4 5 6
Plan forfeasibility
study
Business case& SD plan
Introduction of service
Large-scaleservice provision
Phasing outof service
Ceasing serviceFeedback
Based on innovation projects(GigaPort, SURFworks, SURFnet/Kennisnet)
Based on operations
SURFnet, Pioneering Network for Higher Education and Research11
SURFnet, Pioneering Network for Higher Education and Research12 SURFnet, Pioneering Network for Higher Education and Research12
The CIFC Project
Canadian Ice Fishing Championship
SURFnet, Pioneering Network for Higher Education and Research13
CIFC
- Acronym Definition- CIFC Canadian Independent Film Caucus- CIFC Center for Informed Food Choices- CIFC Cost, Insurance, Freight and Commissio- CIFC Canadian Investment Funds Course- CIFC Commander’s Information Fusion Cell- CIFC Christian Inter-Fellowship Council- CIFC Canadian Ice Fishing Championships- CIFC Chinese Internet for Christ- CIFC Cortes Island Forest Committee- CIFC C Is For Cookie (Sesame Street)- CIFC Central Illinois Fuel Company- CIFC Combined Intelligence Fusion Center
SURFnet, Pioneering Network for Higher Education and Research13
SURFnet, Pioneering Network for Higher Education and Research14
Overview
14 SURFnet, Pioneering Network for Higher Education and Research
SURFnet, Pioneering Network for Higher Education and Research15
GoalGoal
•• Create a coherent infrastructure of loosely coupled Create a coherent infrastructure of loosely coupled collaborative services, based on (emerging) Open collaborative services, based on (emerging) Open Standards and enabled by access federationsStandards and enabled by access federations
•• Investigate how to create such a infrastructure:Investigate how to create such a infrastructure:Gather functional requirementsGather functional requirementsDefine governing principalsDefine governing principalsPropose architecturePropose architectureInvestigate Open StandardsInvestigate Open Standards
SURFnet, Pioneering Network for Higher Education and Research15
SURFnet, Pioneering Network for Higher Education and Research1616
Results
Report Collaboration Infrastructure
Advise (go/no-go) Proof of Concept fase
Report federated group management across services
Report generic provisioning, deprovisioning and directories
Advise (go/no-go) Service development
SURFnet, Pioneering Network for Higher Education and Research
SURFnet, Pioneering Network for Higher Education and Research17
Organisation
17 SURFnet, Pioneering Network for Higher Education and Research
SURFnet, Pioneering Network for Higher Education and Research1818
Steering Committee
Steering Committee
Names Role
Floor Jas Business Executive
Roel Rexwinkel Senior User
Harold Teunissen Senior Supplier
Program / project support
Names Role
Manon Esmyer Program secretary / Projectbureau
Program management
Names Role
Erwin Bleumink Program mananager
SURFnet, Pioneering Network for Higher Education and Research
SURFnet, Pioneering Network for Higher Education and Research1919
Projectteam
Projectteam
Names Role
Frank Pinxt Projectmanager
Niels van Dijk Technical Product Manager (TPM)
Paul van Dijk Product Manager
Alexander Blanc Product Manager
Maarten Kremers Future TPM (together with Niels van Dijk)
Frank Hogenkamp Uitvoering workshopprogramma
Roland van Rijswijk / Hans Zandbelt Technical specialist middleware applications
Mark de Jong (Infotectuur) Architect / specialist education / sharepoint
Peter Clijsters (Everett) Architect / specialist middlewaretoepassingen
Okke Harsta (Gartner) Architect / senior consultant
SURFnet, Pioneering Network for Higher Education and Research
SURFnet, Pioneering Network for Higher Education and Research2020
Advisory Board
Advisory Board
Names Organisation
Frank Benneker UvA
Nico Juist INHOLLAND
Gera Pronk SURFfoundation SURFshare
John Doove SURFfoundation
Michael van Wetering Kennisnet
Ken Klingenstein Internet2
Frederique van Til JISC
Peter Wittenburg CLARIN
Erwin Bleumink SURFnet
Henk Eertink Telematica Instituut
David Groep NIKHEF
Arjen Barnhard INHOLLAND
Hans Schaffers Dialogic / Helsinki School of Economics
Maarten Korz Rabobank
SURFnet, Pioneering Network for Higher Education and Research
SURFnet, Pioneering Network for Higher Education and Research21
Planning
21 SURFnet, Pioneering Network for Higher Education and Research
Januari: Initiation
Februari: Scoping
March .. May: Research + Preparation Reports
June: Project closure
27 April 2009
Preliminary results
SURFnet, Pioneering Network for Higher Education and Research23
TopicsSURFgroepenSURFgroepen & & SURFfederatieSURFfederatie•• SURFfederatieSURFfederatie•• A bit on A bit on SURFgroepenSURFgroepenWhy CICF?Why CICF?
Collaboration InfrastructureCollaboration Infrastructure•• Workshop results:Workshop results:
Functional requirementsFunctional requirements•• Architecture proposalArchitecture proposal
ComponentsComponentsFlowFlow
Federated Federated CollaboratoriesCollaboratories•• Service spanning group managementService spanning group management
(C) 2007-2008 SURFnet B.V.24
Federation Models
- 1-1
- Business US: SAML 1.x
- de-facto
- NxN
- Shared trust, pt2pt
- Education US/Europa
- Shibboleth
- 2xN
- Central gateway (CFC)
- New(?) paradigma
protocol translatie
- SURFfederatie
SURFnet = CFC, IDP, SP
IDP SP
IDP SP
IDP SP
IDP SP
IDP SP
IDP SP
IDP SPCFC
(C) 2007-2008 SURFnet B.V.25
SPIDP
CORE Functional View1 december 2007
SURFfederatie ServiceSURFfederatie Service
A-SelectA-SelectA-Select CrossA-Select Cross
A-Select CrossA-Select Cross
ShibbolethShibboleth
PingFederatePingFederateSAML 2.0SAML 2.0
WS-Fed / ADFSWS-Fed / ADFS
SAML 2.0SAML 2.0
WS-Fed / ADFSWS-Fed / ADFS
SURFnet, Pioneering Network for Higher Education and Research26
SURFgroepen april 2009
FunctionalityFunctionalitySupplies: doc. sharing, wiki, blogs, web conf., IMSupplies: doc. sharing, wiki, blogs, web conf., IMSSO + Group credentials SSO + Group credentials Guest accounts, invitation basedGuest accounts, invitation based““VO as a serviceVO as a service””
StatisticsStatistics60.000 registered users60.000 registered usersInstitution vs. Guest usage : 60% over 40% 15.000 active users on a monthly basis700 new users/week12.000 teamsites, 30-40% in active use
SURFnet, Pioneering Network for Higher Education and Research27
Why CICF?
Current Setup: Current Setup: SharepointSharepoint + Adobe Connect+ Adobe Connect
Need to differentiate in:Need to differentiate in:•• FunctionalityFunctionality•• Source: SURFnet, Institutions, Third party (SAAS?)Source: SURFnet, Institutions, Third party (SAAS?)•• ““QualityQuality””: Core & Beta (labs) : Core & Beta (labs) •• Price?Price?
SURFnet, Pioneering Network for Higher Education and Research28
SURFgroepen weak spots
•• No Open StandardsNo Open Standards
•• No integration into campus infrastructureNo integration into campus infrastructure
•• Custom code for integrationCustom code for integration
•• No good No good deprovisioningdeprovisioning
•• Content Content lockinlockin
•• NO federated access :(NO federated access :(
SURFnet, Pioneering Network for Higher Education and Research29
Functional requirements
•• Results of First WorkshopResults of First Workshop
•• Must have:Must have:Groups & selfGroups & self--service service groupmanagementgroupmanagementGuest accessGuest accessPresence Presence CalendaringCalendaringNotificationsNotificationsDocument sharing & versioningDocument sharing & versioning(User) Adaptable Workflow(User) Adaptable WorkflowSearch people & (distributed) content repositoriesSearch people & (distributed) content repositoriesMashupMashup capabilitiescapabilities
SURFnet, Pioneering Network for Higher Education and Research30
Architecture - ComponentsConsumers
Services
CIFCSecurity Supporting services
Identity proxy
Group proxy
Mashup engine
Services directory
Transformation
Service proxy
Consumer proxy
Transformer
User Consent
Trust
Confidentiality
Non‐repudiation
Authenticity
SURFnet, Pioneering Network for Higher Education and Research31
CIFCSupporting services
Identity proxy
Group proxy
Mashup engine
Services directory
Transformation
Service proxy
Consumer proxy
Transformer
Security
User Consent
Trust
Confidentiality
Non‐repudiation
Authenticity
On every level in the infrastructure the security aspects have to be taken into account and recorded
SecuritySecurity
SURFnet, Pioneering Network for Higher Education and Research32
CIFCSecurity Supporting services
Identity proxy
Group proxy
Mashup engine
Services directory
Transformation
Service proxy
Consumer proxy
Transformer
User Consent
Trust
Confidentiality
Non‐repudiation
Authenticity
•Protocol conversion depending on Consumer capabilities•Transport oriented
Service proxy
SURFnet, Pioneering Network for Higher Education and Research33
CIFCSecurity Supporting services
Identity proxy
Group proxy
Mashup engine
Services directory
Transformation
Service proxy
Consumer proxy
Transformer
User Consent
Trust
Confidentiality
Non‐repudiation
Authenticity
•Enrichment of (meta)databased on context (group/consumer/service)•Content adaption/mapping
Transformer
SURFnet, Pioneering Network for Higher Education and Research34
CIFCSecurity Supporting services
Identity proxy
Group proxy
Mashup engine
Services directory
Transformation
Service proxy
Consumer proxy
Transformer
User Consent
Trust
Confidentiality
Non‐repudiation
Authenticity
•Protocol conversion depending on Service capabilities•Transport oriented
Consumer Proxy
SURFnet, Pioneering Network for Higher Education and Research35
CIFCSecurity Supporting services
Identity proxy
Group proxy
Mashup engine
Services directory
Transformation
Service proxy
Consumer proxy
Transformer
User Consent
Trust
Confidentiality
Non‐repudiation
Authenticity
•Identity determination•Mapping alternate identity•Access claim services
Identity Proxy
SURFnet, Pioneering Network for Higher Education and Research36
CIFCSecurity Supporting services
Identity proxy
Group proxy
Mashup engine
Services directory
Transformation
Service proxy
Transformer
User Consent
Trust
Confidentiality
Non‐repudiation
Authenticity
Consumer proxy
•Registration of Group Membership•Conversion of Groups•Aggregation of membership
Group proxy
SURFnet, Pioneering Network for Higher Education and Research37
CIFCSecurity Supporting services
Identity proxy
Group proxy
Mashup engine
Services directory
Transformation
Service proxy
Consumer proxy
Transformer
User Consent
Trust
Confidentiality
Non‐repudiation
Authenticity
•Server based Mashup before protocol conversion•Multi protocol services enabled
Mashup & Workflow
SURFnet, Pioneering Network for Higher Education and Research38
CIFCSecurity Supporting services
Identity proxy
Group proxy
Mashup engine
Services directory
Transformation
Service proxy
Consumer proxy
Transformer
User Consent
Trust
Confidentiality
Non‐repudiation
Authenticity
•Registration and publishing of available services•Security aware services discovery
Services Directory
SURFnet, Pioneering Network for Higher Education and Research39
Architecture - Flow
CIFC
Unsupported Consumer
Adapter
Service proxy
Consumer proxy
Consumer proxy
Supported Alternate Service
UnsupportedLegacy Service
SupportedStandardService
Adapter
SupportedConsumer
Services directory
Transformer
UnsupportedLegacy Service
Adapter
Workflow / Mashup mng
Identity management
Group management
Workflow / Mashup
Identity proxy
Group proxy
SURFnet, Pioneering Network for Higher Education and Research40
Example - Tasks
Browser
Portlet(WebSphere)
Browser
Task list(Notes)
Task list(Exchange)
Webpart(SharePoint)
Browser
Widget(SakaiPortal)
Task list(Sakaitool)
SURFnet, Pioneering Network for Higher Education and Research41
Example -- Tasks
Portlet(WebSphere)
Browser
Webpart(SharePoint)
Widget(SakaiPortal)
Service proxy
Consumer proxy
Service proxy
Consumer proxy
Task list(Notes)
Task list(Exchange)
Task list(Sakaitool)
Adapter
SURFnet, Pioneering Network for Higher Education and Research42
Federated Collaboratories
Creates Creates ‘‘supportsupport’’ servicesservices
•• Federative group relationsFederative group relationsRequires group Requires group ‘‘proxyproxy’’Requires group managerRequires group manager
•• Centralized provisioning / deCentralized provisioning / de--provisioningprovisioning
•• Centralized DirectoryCentralized Directory
SURFnet, Pioneering Network for Higher Education and Research43
Group management
RequirementsRequirements•• Self service provisioningSelf service provisioning•• Usable by many services (multi platform)Usable by many services (multi platform)•• Federated access to the group management toolFederated access to the group management tool
ProjectProject•• Investigate 10 potential candidatesInvestigate 10 potential candidates•• Grouper was found to be the most flexible productGrouper was found to be the most flexible product
PoCPoC•• Setup GrouperSetup Grouper•• Create self service Create self service GuiGui•• DemoDemo
SURFnet, Pioneering Network for Higher Education and Research44
Questions?
44 SURFnet, Pioneering Network for Higher Education and Research
Questions?