1 / 32

APRU CIO Forum, 23 March 2007 Heather Boyles, heather@internet2

Internet2: building and using an advanced network environment for research, teaching and learning. APRU CIO Forum, 23 March 2007 Heather Boyles, heather@internet2.edu Keith Hazelton, hazelton@doit.wisc.edu Ann Doyle, adoyle@internet2.edu. Outline. Internet2 Overview

smears
Download Presentation

APRU CIO Forum, 23 March 2007 Heather Boyles, heather@internet2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet2: building and using an advanced network environment for research, teaching and learning APRU CIO Forum, 23 March 2007 Heather Boyles, heather@internet2.edu Keith Hazelton, hazelton@doit.wisc.edu Ann Doyle, adoyle@internet2.edu

  2. Outline • Internet2 Overview • Brief introduction: Overview of developments, services, activities of the Internet2 community • International R&E network connectivity overview - especially related to APRU institutions, Pacific Rim infrastructure and opportunities for collaboration • Identity Management for Inter-institutional collaboration • Campus identity management developments in the Internet2 community • Identity management federations and their relationship to networked collaboration • Federation developments in the APRU community and opportunities for international cooperation

  3. An Asset for the Community An Asset for the Community Universities Universities Researchers Researchers Regional Networks Regional Networks K-12 K-12 Industry Industry International International

  4. Internet2 Activities

  5. Internet2 Network • Hybrid optical and IP network • Dynamic and static wavelength services • Fiber, equipment dedicated to Internet2; Level 3 maintains network and service level • Platform supports production services and experimental projects

  6. Internet2 Network - Layer 1 Internet2 Network Optical Switching Node Level3 Regen Site Internet2 Redundant Drop/Add Site ESnet Drop/Add Site

  7. NREN organizations and networks serving APRU institutions

  8. Pacific Rim R&E Networking • Trends in global R&E networking • Increasing interconnectedness • Number of countries connected, including lesser-developed • Number of connections, bandwidth • Regionalization • TEIN2 network in Southeast Asia • CLARA in Latin America • Hybrid network capabilities • Beyond best-efforts shared IP • Dedicated circuits to support major global science collaborations

  9. Current AARNet3 Footprint

  10. Topology

  11. Internet2 Activities

  12. Internet2 Middleware Goals • Much as at the network layer, create a ubiquitous common, persistent & robust core middleware infrastructure for the R&E community • In support of inter-institutional & inter-realm collaborations, provide tools & services (e.g. registries, bridge PKI components, root directories) as required

  13. Inter-institutional Collaboration is the Driver • One institution hosting course-content for another • Students at one college taking an on-line course from another college • Libraries purchasing licenses for multiple vendors with specific access policies • Researchers making resources available to project members at other schools (e.g. grid resources) • Schools in state systems or articulation relationships that require mutual access to services

  14. What questions are common to these scenarios? • Are the people using these services who they claim to be? • Are they a member of our campus community? • Have they been given permission? • Is their privacy being protected?

  15. Identity Management (IdM) • “Hi! I’m Lisa.” (Identity) • “…and here’s my NetID / password to prove it.” (Authentication) • “I want to do some E-Reserves reading.” (Authorization : Allowing Lisa to use the services for which she’s authorized) • “And I want to change my grade in last semester’s Physics course.” (Authorization : Preventing her from doing things she’s not supposed to do)

  16. Federated Approach to support inter-institutional collaboration • Federated Identity & Access Management • Rely on the Identity Management infrastructure of institutions • To authenticate and pass authorization-related information to service providers or resource hosts • Via institution-to-provider agreements • Facilitated by common membership in a federation (like InCommon) • Shibboleth is a way to move the authNZ info between parties

  17. What is Shibboleth?(federating software system) • An initiative to develop an architecture and policy framework supporting the sharing – between domains -- of secured web resources and services • A framework built on a “Federated” model • A project delivering an open source implementation of the architecture and framework • Deliverables: open-source, standards-based, privacy-preserving federating software • Software for identity providers = campuses (origins) • Software for resource providers (targets) • Operational Federations (scalable trust)

  18. What are Federations? • An association of organizations that come together to exchange information as appropriate about their users and resources in order to enable collaborations and transactions. • Uses common policy, technology, and business practices to establish trust • Access services from (or provide services to) other institutions, corporate partners, government organizations • A contractual arrangement

  19. Identity Federations • Enroll locally • Authenticate locally • Assign attributes locally • Act federally

  20. Identity Federations • Simplified usability for all collaborations • Home organizations carefully manage the release of personal information • On-line resource providers focus on the protection and authorization of use of their on-line resources

  21. A federation of higher education, by higher education, for higher education (in US)

  22. InCommon Federation • Created to support US Higher Education and its research and business partners • Federation operator is an LLC operated by Internet2 • Builds on existing campus identity management and single sign-on systems • Makes use of open industry standards (SAML) and open source federating software (Shibboleth)

  23. Case Western Reserve University Clemson University Cornell University Dartmouth Duke University Florida State University Georgetown University Miami University New York University Ohio University Penn State Stanford University Stony Brook University SUNY Buffalo The Ohio State University The University of Chicago University of Alabama at Birmingham University of California, Irvine University of California, Los Angeles University of California, Merced University of California, Office of the President University of California, Riverside University of California, San Diego University of Maryland University of Maryland Baltimore County University of Maryland, Baltimore University of Rochester University of Southern California University of Virginia University of Washington University of Wisconsin - Madison Cdigix EBSCO Publishing Elsevier ScienceDirect Houston Academy of Medicine - Texas Medical Center Library Internet2 JSTOR Napster, LLC OCLC OhioLink - The Ohio Library & Information Network ProtectNetwork Symplicity Corporation Thomson Learning, Inc. Turnitin WebAssign InCommon Members 2/27/07

  24. InCommon Uses • Access control to content • Popular content – Napster, CDigix, etc • Scholarly content – Google, OCLC WorldCat • Downloads – Microsoft • Access to external services • Student travel, charitable giving, web learning and testing, plagiarism testing service, etc. • Allure for alumni services and other internal businesses • Student loans, student testing, graduate school admissions, etc. • Access to national services • The National Science Digital Library • The Teragrid pilot: building on Shibboleth and GridShib

  25. GridShib • “Integrating federated authorization infrastructure (Shibboleth) with Grid technology (the Globus Toolkit) to provide attribute-based authorization for distributed scientific communities” • http://gridshib.globus.org/

  26. GridShib - from Von Welch • Allow the Grid to scale by leveraging existing campus identity management (IdM) • Consider Shibboleth as the interface to campus IdM systems • Get out of identity management game • Making joining the Grid as easy as possible for users • No separate long-term credential for Grid access to manage • No new passwords, certificates, etc • Allow campuses attributes and VO attributes to be aggregated and used by the Grid for authorization • Allow for scalability in user base through attribute-based authorization - I.e. know groups of users instead of individual users

  27. Research and Education Federations around the world • Growing national federations • UK, France, Germany, Switzerland, Australia, Netherlands, Norway, Spain, Denmark, etc. • Many (most) operated by National Research and Education Network (NREN) organizations • Many are Shib-based; all speak Shib on the outside… • US Federations • InCommon (Internet2) • State-based • Texas, UCOP, Maryland, etc.

  28. Federation activities in APRU countries

  29. Ways to engage in national identity federation work • Internet2 working groups • TERENA (Europe) EMC2 working group • APAN middleware working group • TestShib • Open to non-US institutions • An opportunity to try out Shib implementation

  30. Thanks! • www.internet2.edu • heather@internet2.edu

More Related