Post on 26-Dec-2015
Management Primer on Middleware
Louise Miller-Finn, Johns Hopkins University
Renee Woodten Frost, Internet2 & University of Michigan
Base CAMP 24 June 2002 Primer on Middleware 2
Agenda• What is Middleware?
• Why is it Important? How is it Used?
• What are the Underlying Concepts and Architecture?
• What Resources are There to Help?
Base CAMP 24 June 2002 Primer on Middleware 3
Middleware in Action
Mary is a grad student at Alpha U, taking courses both in a traditional classroom and online and interns at a biotech company nearby. Using her laptop, Mary needs to access her e-mail, courseware, calendar and library resources from all three locations; home, campus and work. She also uses a wireless PDA when on-campus to stay in touch with her lab mates.
Base CAMP 24 June 2002 Primer on Middleware 4
Middleware in Action
The new Chair of the Dept. of Physiology has arrived on campus over the weekend. Dr. Agnew is very anxious to get access to campus IT resources such as e-mail, calendar, web services and the mainframe. He does not want to wait for the requisite 3-5 business days it takes to get the accounts setup. Since IT already knows of him, he can use a self-service interface to accomplish his goal.
Base CAMP 24 June 2002 Primer on Middleware 5
What is Middleware?• specialized networked services that are shared by
applications and users• a set of core software components that permit scaling of
applications and networks• tools that take complexity out of application integration• a second layer of the IT infrastructure, sitting above the
network • a land where technology meets policy• the intersection of what networks designers and
applications developers each do not want to do
Base CAMP 24 June 2002 Primer on Middleware 6
NMI Definition of Middleware
• Middleware is software that connects two or more otherwise separate applications across the Internet or local area networks. More specifically, the term refers to an evolving layer of services that resides between the network and more traditional applications for managing security, access and information exchange to:
Base CAMP 24 June 2002 Primer on Middleware 7
NMI Definition of Middleware
• Let scientists, engineers and educators transparently use and share distributed resources, such as computers, data, networks and instruments.
• Develop effective collaboration and communications tools such as Grid technologies, desktop video and other advanced services to expedite research and education and
• Develop a working architecture and an approach that can be extended to the larger set of Internet and network users.
Base CAMP 24 June 2002 Primer on Middleware 9
Core Middleware
Middleware makes “transparent use” happen, providing consistency, security, privacy and capability
• Identity - unique markers of who you (person, machine, service, group) are
• Authentication - how you prove or establish that you are that identity
• Directories - where an identity’s basic characteristics are kept
• Authorization - what an identity is permitted to do
• Public Key Infrastructure (PKI) - emerging tools for security services
Base CAMP 24 June 2002 Primer on Middleware 10
How is it used?Email
– Common authentication and directories
Account management– Common authentication and provisioning mechanism
Next-generation portals – Common authentication and storage for profiles and
preferences.
Web access controls– Common authentication and directories
Calendaring– Common authentication and directories
Base CAMP 24 June 2002 Primer on Middleware 11
How is it used?Digital Libraries
– Scalable, interoperable authentication and authorization.
Grids (Research for now)– Model for a distributed computing environment, addressing
diverse computational resources, distributed databases, network bandwidth,etc.;
– Globus provides security, location and allocation of resources, and scheduling.
Instructional Management Systems – Common authentication and directories.
Academic Collaboration– Restricted sharing of materials among institutions.
Base CAMP 24 June 2002 Primer on Middleware 12
Organizational Drivers
• Federal government
• E-enterprise functions
• Service expectations
• Resource allocation pressures
• Collaboration
Base CAMP 24 June 2002 Primer on Middleware 13
Benefits to the Institution• Economies for central IT - reduced account management,
better web site access controls, tighter network security...• Economies for distributed IT - reduced administration,
access to better information feeds, easier integration of departmental applications into campus-wide use...
• Improved services for students and faculty - access to scholarly information, control of personal data, reduced legal exposures...
• Participation in future research environments - Grids, videoconferencing, etc.
• Participation in new collaborative initiatives – Directory of Directories, Shibboleth, etc.
Base CAMP 24 June 2002 Primer on Middleware 14
Costs to the Institution• Modest increases in capital equipment and staffing
requirements for central IT• Considerable time and effort to conduct campus
wide planning and vetting processes• One-time costs to retrofit some applications to
new central infrastructure• One-time costs to build feeds from legacy source
systems to central directory services• The political wounds from the reduction of
duchies in data and policies
Base CAMP 24 June 2002 Primer on Middleware 15
Nature of the Work
• Technology
– Establish campus-wide services: name space,
authentication
– Build an enterprise directory service
– Populate the directory from source systems
– Enable applications to use the directory
Base CAMP 24 June 2002 Primer on Middleware 16
Nature of the Work
• Policies and Politics– Clarify relationships between individuals and
institution– Determine who manages, who can update and
who can see common data – Structure information access and use rules
between departments and central administrative units
– Reconcile business rules and practices
Base CAMP 24 June 2002 Primer on Middleware 18
Pause for some terminology
• Identity: set of attributes about you.• Authentication: process used to prove your
identity. Often a login process.• Authorization: process of determining if
policy permits an intended action to proceed.
• Customization: presentation of user interface (UI) tailored to user’s identity.
Base CAMP 24 June 2002 Primer on Middleware 19
What IT needs to know
Identity – “you”. Characteristics that pertain to the service at hand. Examples:
– Library resource: current member of the set of licensees
– Video for course: enrolled in the course– Email or calendar: University username– Videoconference: current network address
Base CAMP 24 June 2002 Primer on Middleware 20
What IT needs to do
Each service must determine what it should present to you & what you are entitled to do. Possible ways it might undertake that:
– Ask you to login and look up info in its own database. (authentication & authorization)
– Ask you to login and look up info in a common or central database.
– Trust some other source to assert needed info (the other source might make you login).
Base CAMP 24 June 2002 Primer on Middleware 21
Service architectures
StovepipeStovepipe (or silosilo): Service performs its own authentication and consults its own database for authorization and customization attributes.
service
authN attrs
service
authN attrs
Base CAMP 24 June 2002 Primer on Middleware 22
Comparative service architectures
Stovepipes are run by separate departments/divisions.
– Environment is more challenging to users, who may need to contact each office to arrange for service.
– No automated life cycle management of accounts.
– Per-service identifiers and security practices make it more difficult to achieve a given level of security across the enterprise.
Base CAMP 24 June 2002 Primer on Middleware 23
Service architectures
IntegratedIntegrated: Service refers authentication to and obtains attributes for authorization and customization from enterprise infrastructure services.
service1authentication
service
attributeservice
Service N
An Organization
Base CAMP 24 June 2002 Primer on Middleware 24
Comparative service architectures
Enterprise authentication & attribute services are run by a central office.
– All attributes known by the organization about a member can be integrated and made available to services.
– Automated life cycle account management is possible across the enterprise.
– Common identifiers across integrated services makes an easier and more secure user environment.
Base CAMP 24 June 2002 Primer on Middleware 25
Four service architectures
FederatedFederated: Service refers authentication to and obtains attributes for authorization and customization from possibly external infrastructure services.
service
authenticationservice
attributeservice
Organization 1 Organization 2
Base CAMP 24 June 2002 Primer on Middleware 26
Four service architectures
GridGrid: Service refers authentication to and obtains attributes for authorization and customization from common grid services.
service1authentication
service
attributeservice
Service N
A Virtual Organization
Base CAMP 24 June 2002 Primer on Middleware 27
Comparative service architectures
• Federated authentication & attribute services rely on each participating organization’s enterprise authentication & attribute services.
• Integration of Grid services with enterprise services is a medium term goal of the NSF Middleware Initiative.
Base CAMP 24 June 2002 Primer on Middleware 28
The Objective
Prepare campuses to implement core Prepare campuses to implement core middleware for an integrated architecture.middleware for an integrated architecture.
service1authentication
service
attributeservice
Service N
An Organization
Base CAMP 24 June 2002 Primer on Middleware 31
Provisioning vignetteProvisioning vignette: The new Chair of the Dept. of Physiology has arrived on campus over the weekend. Dr. Agnew is very anxious to get access to campus IT resources such as e-mail, calendar, web services and the mainframe. He does not want to wait for the requisite 3-5 business days it takes to get the accounts setup. Since IT already knows of him, he can use a self-service interface to accomplish his goal. <to model>
HRS Metadirectory
Acct Init Service
authN
attrs
Base CAMP 24 June 2002 Primer on Middleware 32
Student vignetteStudent vignette: Mary is a grad student at Alpha U, taking courses both in a traditional classroom and online and interns at a biotech company nearby. Using her laptop, Mary needs to access her e-mail, courseware, calendar and library resources from all three locations; home, campus and work. She also uses a wireless PDA when on-campus to stay in touch with her lab mates. <to model>
Mailbox
CalendarWireless Gateway
NAS Server
Lib Proxy
CMSauthN
attrs
Base CAMP 24 June 2002 Primer on Middleware 33
Vignette analysis
• Set of vignettes portray: – Seamlessness of transitions between services.– Independence of location of service or user.– Suites of services designed to support activities
of different constituencies.– Absence of need to make prior arrangement for
resources required to enable services.
Base CAMP 24 June 2002 Primer on Middleware 35
What resources are there to help?• Expert, diverse leadership and collaborators
–MACE and the working groups–NSF catalytic grants –Early Adopters–Higher Education Partners – campuses, EDUCAUSE, CREN, CNI,
SURA, GRIDS, NACUBO,AACRAO, NACUA, etc–Government Partners - NSF, NIH, NIST, fPKI TWG, etc–Corporate Partners – IBM, SUN, Metamerge, Radvision, etc–International communities
Base CAMP 24 June 2002 Primer on Middleware 36
What resources are there to help?• Websites
http://middleware.internet2.edu
http://www.nsf-middleware.org
http://www.nmi-edit.org
http://www.grids-center.org
• Middleware information and discussion listsmw-announce@internet2.edu
mw-discuss@internet2.edu
NMI lists (see websites)
Base CAMP 24 June 2002 Primer on Middleware 37
What resources are there to help?
• Workshops– Pre-conference Seminars
– Summer CAMPs
(Campus Architectural Middleware Planning)
• Base – June 24-26, 2002
• Advanced – July 31 – August 2, 2002
Base CAMP 24 June 2002 Primer on Middleware 38
What resources are there to help?
• Introductory Documents
– Sample Middleware Business Case and corresponding
Writer’s Guide
– Identifiers, Authentication, and Directories: Best
Practices for Higher Education
– Identifier Mapping Template and Campus Examples
Base CAMP 24 June 2002 Primer on Middleware 39
What resources are there to help?• NSF Middleware Initiative Release 1
ComponentsSoftwareDirectory Object ClassesConventions and Practices
Recommended PracticesWhite Papers
PoliciesServicesWorks in progress: White Papers
• Working Groups and Projects