031216 Status - AA Middleware Sweden Trends and drivers � More and more of our systems are critical for our business � We get more and more small enterprise wide system TF-EMC2, 3-4 november 2004 � ”Every”student and ”every” personnel is a user in ”every” system � travel expenses, meeting room reservation, calendar, personal Torbjörn Wiberg portal � eBusiness is an every day reality in the private life for CIO, UmU students, and they expect it to be the same at the university – high degree of eReadyness � bank, movie tickets, airline tickets – � apply for courses, sign up for tests, support for work in groups, look at results from tests, look at course schedules etc 031216 T Wiberg, UmU 2 031216 T Wiberg, UmU 1 Relevant Campus IT-strategies Relevant Campus IT Strategies � Centralise to increase efficiency and quality � Internal Information shall spread through � ROI for central user administration after externalising authN, personal portals authZ at UmU shows that we will decrease our cost with 80%/year � uPortal (from 1”€ to 0”2€) � http://www.umu.se/it/personal/tvw/pub/ soon � calendar, webbmail, collaboration tools, file storage � provide services between universities � planning tools � Certificate Service Provider � Operation of Student Administration � services � Implement the Information society on UmU � Electronic identities shall be introduced and used � paper, processes, work flow etc � ONE electronic identity � Cooperate in an organised manner with peers � for resource objects and persons � Use, contribute to and develop Open Source software 031216 T Wiberg, UmU 3 031216 T Wiberg, UmU 4 How do I work with these strategies? For ex Sunet has a contract with UmU � ... to promote the introduction of a � Introduce electronic identities that can be harmonised Infraservice-infrastructure in used in various systems (ONE eID) Swedish higher education institutions (från � Make sure they harmonise/interoperate 040401) � ... within Sverige, Norden, Europa, Nordamerika � preferrably harmonising with Norden, Europe � Cooperate around Infraservice software, and USA as well harmonisaation, deployment and adaption of � there are some scenarios we are striving for applications � Our contract with Sunet will be increased from 2005 031216 T Wiberg, UmU 5 031216 T Wiberg, UmU 6 T Wiberg UmU 1
031216 Prerequicites for successful Scenarios to Support cooperation � It shall be possible for � I mean that, in order to succede, you shall only engage in projects where � an employee from UmU visiting Oslo University to be given access to local resources (network, library ...) after being authenticated � the partners shall be prepared to contribute with money at home. � you shall not expect to get the money back � a student from Oslo University taking a course at UmU to, after � the resulting software shall be freely available within our registering on the course, automatically be given access to library community data bases and be authorised to work in Ping-Pong, our LMS � I have run two projects according to this model � the members of a cooperative project (between UmU and several � SwUPKI – a PKI club, open for swedish higher education (the other universities) to be authorised to work in our project support operation of the PMA and the PolicyCA is paid for as a member software fee) � a newly appointed Prefekt to automatically be authorised to use our business systems in any way our delegation decision implies � SPOCP – development of a policy based authorisation server 031216 T Wiberg, UmU 7 031216 T Wiberg, UmU 8 Model for work with the Sunet Model for work with the Sunet contract contract ... � Work in projects to realise scenarios � Offer other higher ed institutions to be partners in the projects or early adopters � Set up a strategic alliance, between universities that commit to cooperate long term according to � with deplooyment support from the project this model. Commitments: � Arrange conferences where experts, developers and deployers take part � Be part of the Steering Committee for the task � Contribute financialy to the projects � Create sustainable structures for maintainance of developed systems and adapters � Provide development and maintenance personnel for the projects � Develop architecture and principal solutions using � a group of experts 031216 T Wiberg, UmU 9 031216 T Wiberg, UmU 10 Right now – what happens Roles -> triplets � Web site - rudimentary � User types: � anonymous, browsers, report (controllers) users, self-service � http://www.umu.se/it/projupp/infratj/ users, scrutinizers, decision makers, update users � Directory Day at Stockholms universitet 25 nov � Organisational scope � One strategic and one technical track � System, area http://www.umu.se/it/projupp/infratj/konf � Finance, � Working group to suggest undisputable set of � Our idea is to map positions and roles to these triplets roles – finished this Tuesday – to be used for � Admission officer ”simple” authorisation between universities � ->(update, UmU, NyA) � ->(update, UmU, LANT) � Result – triplets for internal and external use � ... � A lot of work left to do 031216 T Wiberg, UmU 11 031216 T Wiberg, UmU 12 T Wiberg UmU 2
031216 Externalisation of Infraservice Components of a Supporting Functionality Infrastructure � I prefer the application perspective on Infraservices � Issuing of electronic identities – only for servers – x00/yr (before a network perspective): � PKI – SwUPKI has been up since 2001 – 8 members � The idea of Infraservices (Middleware) is to identify � Enterprise Directory – strong harmonisation efforts – 3 univ common functionality in applications and to explore the possibilities opened through an externalisation of these � Mechanisms of authentication – A few – CAS seems to be the common choice functions � Federated network authentication service – cwaa – 6? � Directory Services universities � Authentication Service � Shibboleth – Stockholm universitet´s library – we need to � Authorisation Service do some work to integrate it with the other services � Discovery Services � Authorisation Service – SPOCP – 3 universities are n the � Agents/Proxies process of deploying it � ... 031216 T Wiberg, UmU 13 031216 T Wiberg, UmU 14 Current Swedish Infraservice Harmonisation Arenas Harmonisation Situation � Unitcf – the swedish universities’ CIO/CTO network � Cooperating servers in distributed systems often have server certificates � Codex – swedish code exchange cooperation network from SwUPKI � Swedish government – Electronic Identities � Directory harmonisation has been done � Gnomis – nordic middleware coordination network in Codex and Gnomis � Terena – network of national research networks � There are many different � Eunis – network of campus IT ... Authentication Services � Internet2 – US project � Net-logon – Protocol and service has just been implemented in Codex - cwaa � NMI – NSF Middleware Initiative � Authorisation – SPOCP is being deployed � For each problem we are preparing to solve we have to � Identity Certificates –a new national decide what arenas we shall strive to harmonise with procurement just done 031216 T Wiberg, UmU 15 031216 T Wiberg, UmU 16 SwUPKI – The Swedish PKI for Higher Education Harmonisation of Directories One common CP, separate CPSs � Work on Harmonisation of directories has � It is a club – www.swupki.su.se � been done in Codex � started in february 2001 � 7 members dec 2003 � The instruction is to strive for harmony on � cwaa - Codex Netlogon protocol - requires server certificates Stockholm University is Policy Management Authority � the Scandinavian arena � Accepts new members � Carries out inspections � norEduPerson – done � May decide to cross certify with other Umeå University is Policy CA � � norEduOrg – done � Issues certificates to the member CAs Preparations are made to organise issuance of identity and or � � norEduCourse – not done. secondary certificates � probably two hierarchies – one with identity certificates 031216 T Wiberg, UmU 17 031216 T Wiberg, UmU 18 T Wiberg UmU 3
Recommend
More recommend
