27 April Collaboration Infrastructure Niels van Dijk, Frank Pinxt, SURFnet

Transcription

1 27 April 2009 Collaboration Infrastructure Niels van Dijk, Frank Pinxt, SURFnet

2 About the presenters Niels van Dijk, Technical Product Manager Advanced Services Frank Pinxt, Project Manager Advanced Services 2

3 Agenda - SURFnet Organization - The CIFC project - The CIFC results 3

4 SURFnet 4

5 SURFnet in a nutshell - Develops and operates a network for education and research and develops innovative services such as security, authentication and collaboration - Unique example of public/private partnership - More than 160 not-for-profit organizations have joined, 1 million users - Financing Innovation: 50%/50% by government/businesses Operations: user fee 5

6 SURFnet6 - One of the fastest and most advanced networks in the world - More than 8000 km of dark-fibre pairs that reach all the way into the institutions - Own photonic network - Hybrid network services: Internet connection and lightpaths 6

7 Leading in lightpaths Thanks to SURF, Amsterdam has Europe s main Internet exchange 28 april

8 Security SURF s view: Help users make secure use of network services Initiative: - Researches security breaches - Coordinates introduction of solutions - Provides information on security 8

9 Identity management SURF s view: Help users gain secure and easy access to sources of information Initiative: - Access to information and services from various different providers - Based on own organisation s account 9

10 Advanced services SURF s view: Encourage users to use advanced ICT services Initiatives: - SURFgroepen: online collaboration - SURFmedia: simple and secure live and on-demand streaming to play, save and share media files 10

11 Cycle of innovative services When services are offered by the market, SURF gradually withdraws them Based on innovation projects (GigaPort, SURFworks, SURFnet/Kennisnet) Based on operations Technology development Customer requirements Technology Scouting User research Encouraging Feasibility Service Phasing Use 4 Production 5 6 study development out & Support Feedback Plan for feasibility study Business case & SD plan Introduction of service Large-scale service provision Phasing out of service Ceasing service 11

12 The CIFC Project Canadian Ice FishingChampionship 12

13 CIFC - Acronym Definition - CIFC Canadian Independent Film Caucus - CIFC Center for Informed Food Choices - CIFC Cost, Insurance, Freight and Commissio - CIFC Canadian Investment Funds Course - CIFC Commander s Information Fusion Cell - CIFC Christian Inter-Fellowship Council - CIFC Canadian Ice Fishing Championships - CIFC Chinese Internet for Christ - CIFC Cortes Island Forest Committee - CIFC C Is For Cookie (Sesame Street) - CIFC Central Illinois Fuel Company - CIFC Combined Intelligence Fusion Center 13

14 Overview 14

15 Goal Create a coherent infrastructure of loosely coupled collaborative services, based on (emerging) Open Standards and enabled by access federations Investigate how to create such a infrastructure: Gather functional requirements Define governing principals Propose architecture Investigate Open Standards 15

16 Results Report Collaboration Infrastructure Advise (go/no-go) Proof of Concept fase Report federated group management across services Report generic provisioning, deprovisioning and directories Advise (go/no-go) Service development 16

17 Organisation 17

18 Steering Committee Program management Names Erwin Bleumink Role Program mananager Program / project support Names Manon Esmyer Role Program secretary / Projectbureau Steering Committee Names Floor Jas Roel Rexwinkel Harold Teunissen Role Business Executive Senior User Senior Supplier 18

19 Projectteam Projectteam Names Frank Pinxt Niels van Dijk Paul van Dijk Alexander Blanc Maarten Kremers Frank Hogenkamp Roland van Rijswijk / Hans Zandbelt Role Projectmanager Technical Product Manager (TPM) Product Manager Product Manager Future TPM (together with Niels van Dijk) Uitvoering workshopprogramma Technical specialist middleware applications Mark de Jong (Infotectuur) Architect / specialist education / sharepoint Peter Clijsters (Everett) Okke Harsta (Gartner) Architect / specialist middlewaretoepassingen Architect / senior consultant 19

20 Advisory Board Advisory Board Names Frank Benneker Nico Juist Gera Pronk John Doove Michael van Wetering Ken Klingenstein Frederique van Til Peter Wittenburg Erwin Bleumink Henk Eertink David Groep Arjen Barnhard Hans Schaffers Maarten Korz Organisation UvA INHOLLAND SURFfoundation SURFshare SURFfoundation Kennisnet Internet2 JISC CLARIN SURFnet Telematica Instituut NIKHEF INHOLLAND Dialogic / Helsinki School of Economics Rabobank 20

21 Planning Januari: Februari: March.. May: June: Initiation Scoping Research + Preparation Reports Project closure 21

22 27 April 2009 Preliminary results

23 Topics SURFgroepen & SURFfederatie SURFfederatie A bit on SURFgroepen Why CICF? Collaboration Infrastructure Workshop results: Functional requirements Architecture proposal Components Flow 23 Federated Collaboratories Service spanning group management

24 Federation Models Business US: SAML 1.x IDP SP - de-facto - NxN - Shared trust, pt2pt - Education US/Europa IDP IDP SP SP - Shibboleth IDP SP - 2xN - Central gateway (CFC) - New(?) paradigma IDP SP protocol translatie IDP SP - SURFfederatie SURFnet = CFC, IDP, SP IDP CFC SP 24 (C) SURFnet B.V.

25 CORE Functional View 1 december 2007 IDP SURFfederatie Service SP A-Select Cross A-Select A-Select Cross Shibboleth SAML 2.0 PingFederate SAML 2.0 WS-Fed / ADFS WS-Fed / ADFS 25 (C) SURFnet B.V.

26 SURFgroepen april 2009 Functionality Supplies: doc. sharing, wiki, blogs, web conf., IM SSO + Group credentials Guest accounts, invitation based VO as a service Statistics registered users Institution vs. Guest usage : 60% over 40% active users on a monthly basis 700 new users/week teamsites, 30-40% in active use 26

27 Why CICF? Current Setup: Sharepoint + Adobe Connect Need to differentiate in: Functionality Source: SURFnet, Institutions, Third party (SAAS?) Quality :: Core & Beta (labs) Price? 27

28 SURFgroepen weak spots No Open Standards No integration into campus infrastructure Custom code for integration No good deprovisioning Content lockin NO federated access :( 28

29 Functional requirements Results of First Workshop Must have: Groups & self-service service groupmanagement Guest access Presence Calendaring Notifications Document sharing & versioning (User) Adaptable Workflow Search people & (distributed) content repositories Mashup capabilities 29

30 Architecture - Components Consumers Security User Consent Trust Confidentiality Non repudiation CIFC Transformation Service proxy Transformer Consumer proxy Supporting services Identity proxy Group proxy Mashup engine Authenticity Services directory Services 30

31 Security Security User Consent Trust Confidentiality CIFC Transformation Supporting services On every level in the Service infrastructure proxy the security Identity proxy aspects have to be taken into account and recorded Transformer Group proxy Non repudiation Consumer proxy Mashup engine Authenticity Services directory 31

32 Service proxy Security User Consent CIFC Transformation Service proxy Protocol conversion depending on Consumer capabilities Supporting services Transport oriented Identity proxy Trust Confidentiality Non repudiation Transformer Consumer proxy Group proxy Mashup engine Authenticity Services directory 32

33 Transformer CIFC Security Transformation Supporting services User Consent Trust Confidentiality Non repudiation Service proxy Transformer Consumer proxy Enrichment Identity of (meta)data proxy based on context (group/consumer/service) Group proxy Content adaption/mapping Mashup engine Authenticity Services directory 33

34 Consumer Proxy CIFC Security Transformation Supporting services User Consent Service proxy Identity proxy Trust Confidentiality Non repudiation Authenticity Transformer Consumer proxy Group proxy Protocol conversion depending Mashup on Service engine capabilities Transport oriented Services directory 34

35 Identity Proxy CIFC Security User Consent Trust Confidentiality Non repudiation Transformation Identity determination Service proxy Mapping alternate identity Access claim services Transformer Consumer proxy Supporting services Identity proxy Group proxy Mashup engine Authenticity Services directory 35

36 Group proxy CIFC Security Transformation Supporting services User Consent Trust Confidentiality Non repudiation Service proxy Registration of Group MembershipTransformer Conversion of Groups Aggregation of membership Consumer proxy Identity proxy Group proxy Mashup engine Authenticity Services directory 36

37 Mashup & Workflow Security CIFC Transformation Supporting services User Consent Service proxy Identity proxy Trust Confidentiality Non repudiation Authenticity Server based Transformer Mashup before protocol conversion Multi protocol services Consumer proxy enabled Group proxy Mashup engine Services directory 37

38 Services Directory Security CIFC Transformation Supporting services User Consent Service proxy Identity proxy Trust Confidentiality Non repudiation Authenticity Transformer Registration and publishing of available Consumer services proxy Security aware services discovery Group proxy Mashup engine Services directory 38

39 Supported Consumer Unsupported Consumer Adapter Architecture -Flow CIFC Service proxy Services directory Identity management Group management Identity proxy Group proxy Transformer Workflow / Mashup Workflow / Mashup mng Consumer proxy Consumer proxy Adapter Adapter Supported Standard Service Supported Alternate Service Unsupported Legacy Service Unsupported Legacy Service 39

40 Example - Tasks Browser Browser Browser Webpart (SharePoint) Portlet (WebSphere) Widget (SakaiPortal) Task list (Exchange) Task list (Notes) Task list (Sakaitool) 40

41 Example - Tasks Browser Webpart (SharePoint) Portlet (WebSphere) Widget (SakaiPortal) Service proxy Service proxy Consumer proxy Consumer proxy Adapter Task list (Exchange) Task list (Notes) Task list (Sakaitool) 41

42 Federated Collaboratories Creates support services Federative group relations Requires group proxy Requires group manager Centralized provisioning / de-provisioning Centralized Directory 42

43 Group management Requirements Self service provisioning Usable by many services (multi platform) Federated access to the group management tool Project Investigate 10 potential candidates Grouper was found to be the most flexible product PoC Setup Grouper Create self service Gui Demo 43

44 Questions? 44