Operating Agreement Llc Add Member Wisconsin

Document Sample
Operating Agreement Llc Add Member Wisconsin Powered By Docstoc
Building Tools for Inter-institutional
        Resource Sharing
      Renee Woodten Frost
      Internet2 Middleware and Security
                         24 Jun 2004

   Middleware Background
   What is Shibboleth?
   What is its Current Status?
   Why Shibboleth?
   Who is Using Shibboleth?
   Federations
      • InQueue
      • InCommon

 For more information

                                  24 Jun 2004
          What is Middleware?

 Specialized networked services that are shared by
  applications and users
 A set of core software components that permit scaling of
  applications and networks
 Tools that take the complexity out of application
 A second layer of the IT infrastructure, sitting above the
 A land where technology meets policy
 The intersection of what networks designers and
  applications developers each do not want to do
                                                      24 Jun 2004
           Core Middleware Scope
 Identity and Identifiers – namespaces, identifier
  crosswalks, real world levels of assurance, etc.
 Authentication – campus technologies and policies,
  interrealm interoperability via PKI, Kerberos, etc.
 Directories – enterprise directory services architectures
  and tools, standard objectclasses, interrealm and registry
 Authorization – permissions and access controls,
  delegation, privacy management, etc.
 Integration Activities – open management tools, use of
  virtual, federated and hierarchical organizations, enabling
  common applications with core middleware             24 Jun 2004
A Map of Campus Middleware Land

                           24 Jun 2004
            MACE (Middleware Architecture
            Committee for Education)
 Purpose - to provide advice, create experiments, foster standards, etc.
  on key technical issues for core middleware within higher education
 Membership - Bob Morgan (UW) Chair, Tom Barton (Chicago), Scott
  Cantor (Ohio State), Steven Carmody (Brown), Michael Gettes (Duke),
  Keith Hazelton (Wisconsin), Paul Hill (MIT), Jim Jokl (Virginia), Mark
  Poepping (CMU), Bruce Vincent (Stanford), David Wasley (California),
  Von Welch (Grid)
 European members - Brian Gilmore (Edinburgh), Ton Verschuren
  (Netherlands), Diego Lopez (Spain)
 Creates working groups in major areas, including directories, interrealm
  access control, PKI, video, P2P, etc.
 Works via conference calls, emails, occasional serendipitous in-person

                                                                  24 Jun 2004
        Internet2 Middleware and
        the NSF Middleware Initiative (NMI)
 Internet2 Middleware a major theme for the last five years, drawing
  support from 206 university members, 75+ corporate members, and
  government grants and interactions
 Internet2 has an integrator role within NMI, the key NSF Program to
  develop and deploy common middleware infrastructures
 NMI has two major themes
   • Scientific computing and data environments (ala Grids)
   • Common campus and inter-institutional middleware infrastructure (ala
     Internet2/EDUCAUSE/SURA work)
 Issues periodic NMI releases of software, services, architectures,
  objectclasses and best practices – R5 most current release

                                                                            24 Jun 2004
             The Model:
             Enterprises and Federation
Given the strong collaborations within the academic
community, there is an urgent need to create inter-realm
tools, so
 Build consistent campus and enterprise middleware
infrastructure deployments, with outward facing
objectclasses, service points, etc. and then
 Federate those enterprise deployments, using the
outward facing campus infrastructure, with inter-realm attribute
transports, trust services, etc. and then
 Leverage that federation to enable a variety of applications
from network authentication to instant messaging, from video
to web services, and then, going forward
 Create tools and templates that support the management
and collaboration of virtual organizations by building on the
federated campus infrastructures.                            24 Jun 2004
            Middleware Axioms
 Work the core areas
 Focus on support for collaboration
 Use federated administration as the lever; have the enterprise
  broker most services (authentication, authorization, resource
  discovery, etc.) in inter-realm interactions
 Develop a consistent directory infrastructure within R&E
 Provide security while not degrading privacy.
 Foster inter-realm trust fabrics: federations and virtual
 Leverage campus expertise and build rough consensus
 Support for heterogeneity and open standards
 Influence the marketplace; develop where necessary          24 Jun 2004
          What is Shibboleth? (Biblical)
 A word which was made the criterion by which to
  distinguish the Ephraimites from the Gileadites. The
  Ephraimites, not being able to pronounce “sh”, called the
  word sibboleth. See --Judges xii.
 Hence, the criterion, test, or watchword of a party; a party
  cry or pet phrase.
                        Webster's Revised Unabridged Dictionary (1913)

                                                             24 Jun 2004
                What is Shibboleth?
 An initiative to develop an architecture and policy framework
  supporting the sharing – between domains -- of secured web
  resources and services

 A framework built on a “Federated” model

 A project delivering an open source implementation of the
  architecture and framework

 Deliverables:
    • Software for Origins (credential providers = campuses)
    • Software for Targets (service providers)
    • Operational Federations (scalable trust)

                                                               24 Jun 2004
               Shibboleth Goals
 Use federated administration as the lever; have the enterprise
  broker most services (authentication, authorization, resource
  discovery, etc.) in inter-realm interactions
 Provide security while not degrading privacy
    • Using Attribute-based Access Control
 Foster inter-realm trust fabrics: federations and virtual
 Leverage campus expertise and build rough consensus
 Influence the marketplace; develop where necessary
 Support heterogeneity and open standards

                                                         24 Jun 2004
          Attribute-based Authorization
 Identity-based approach
   • The identity of a prospective user is passed to the controlled
     resource and is used to determine (perhaps with requests for
     additional attributes about the user) whether to permit access.
   • This approach requires the user to trust the target to protect
 Attribute-based approach
   • Attributes are exchanged about a prospective user until the
     controlled resource has sufficient information to make a decision.
   • This approach does not degrade privacy.

                                                                24 Jun 2004
                    Typical Attributes in the
                    Higher Ed Community
Affiliation                “active member of community” member@washington.edu

EPPN                       Identity                    gettes@duke.edu

Entitlement                An agreed upon opaque URI   urn:mace:vendor:contract1234

OrgUnit                    Department                  Economics Department

EnrolledCourse             Opaque course identifier    urn:mace:osu.edu:Physics201

                                                                      24 Jun 2004
          Addressing Four Scenarios
 Member of campus community accessing licensed resource
   • Anonymity required
 Member of a course accessing remotely controlled resource
   • Anonymity required
 Member of a workgroup accessing controlled resources
   • Controlled by unique identifiers (e.g. name)
 Intra-university information access
   • Controlled by a variety of identifiers

Taken individually, each situation can be solved in a variety
of straightforward ways.
 Taken together, they present the challenge of meeting users‟
reasonable expectations for protection of personal privacy.
                                                     24 Jun 2004
          So… What is Shibboleth?

 A Web Single-Signon System (SSO)?

 An Access Control Mechanism for Attributes?

 A Standard Interface and Vocabulary for Attributes?

 A Standard for Adding Authentication and Authorization
  to Applications?

                                                   24 Jun 2004
Shibboleth Architecture
(still photo, no moving parts)

                             24 Jun 2004
         Development Milestones
 Project formation - Feb 2000 Stone Soup; process began late
  summer 2000 with bi-weekly calls to develop scenarios,
  requirements and architecture.
 Linkages to SAML established Dec 2000
 Architecture and protocol completion - Aug 2001
 Design - Oct 2001
 Coding began - Nov 2001
 Alpha-1 release – April 24, 2002
 OpenSAML release – July 15, 2002
 v1.0 April 2003; v1.1 July 2003; v1.2 May 2004, v1.3 summer
 v2.0 likely end of the major evolution
                                                     24 Jun 2004
           Shibboleth Status
 Campus Adoption accelerating and working with increasing
 number of information/service providers - over 50 universities
 using it for access to OCLC, JSTOR, Elsevier, WebAssign,
 Napster, etc.
 Common status is “moving into production”
 The hard part is not installing Shibboleth but running “plumbing”
 to it: directories, attributes, authentication
 Work underway on some of the essential management tools such
 as attribute release managers, target resource management, etc.
 Needs federations to scale; being adopted by, or catalyzing,
 national R&E federations in several countries

                                                          24 Jun 2004
        Shibboleth Status

 Likely to coexist well with Liberty Alliance and may work
  within the WS framework from Microsoft.

 Growing development interest in several countries -
  providing resource manager tools, digital rights
  management, listprocs, etc.

 UK‟s JISC awards just announced for Core Middleware:
  Technology Development Programme – 8 of 15 involve Shib

 Used by several federations today – NSDL, InQueue,
  SWITCH and several more soon (UK, Australia, Finland,

                                                         24 Jun 2004
            Shibboleth -- Next Steps
 Full Implementation of Trust Fabric
    • Supporting multi-federation origins and targets
 Support for Dynamic Content (Library-style Implementation
  in addition to web server plugins)
 Sysadmin GUIs for managing origin and target policy
 Integration with Grids, Virtual Organizations
 Integration with Saml V2.0, Liberty Alliance, WS-Fed
 NSF grant to Shibboleth-enable open source collaboration
 LionShare - Federated P2P

                                                        24 Jun 2004
    Why Shibboleth?
    Improved Access Control

 Use of attributes allows fine-grained access control
    • Med School Faculty get access to additional resources
    • Specific group of students have access to restricted resources

 Simplifies management of access to extended
    • Librarians, based on their role, are given a higher-than-usual
      level of access to an online database to which a college might
    • Librarians and publishers can enforce complicated license
      agreements that may restrict access to special collections to
      small groups of faculty researchers
                                                           24 Jun 2004
        Why Shibboleth?
        Federated Administration
 Flexibly partitions responsibility, policy, technology, and trust

 Leverages existing middleware infrastructure at origin -
  authentication, directory
    • Users registered only at their “home” or “origin” institution
    • Target does NOT need to create new userids

 Authorization information sent instead of authentication
    • When possible, use groups instead of people on ACLs
    • Identity information still available for auditing and for applications that
      require it

                                                                      24 Jun 2004
        Why Shibboleth?

 Higher Ed has privacy obligations
   • In US, “FERPA” requires permission for release of most
     personal identification information; encourages least
     privilege in information access
   • HIPAA requires privacy in medical records handling

 General interest and concern for privacy is growing

 Shibboleth has active (vs. passive) privacy provisions
  “built in”

                                                      24 Jun 2004
           Benefits to Campuses

 Much easier Inter-Domain Integration
    • With other campuses
    • With off-campus service provider systems
 Integration with other campus systems, intra-domain
    • Learning Management Systems
    • Med School……
 Ability to manage access control at a fine-grained level
 Allows personalization, without releasing identity
 Implement Shibboleth once…
    • And then just manage attributes that are released to new targets

                                                                         24 Jun 2004
          Benefits to Targets/Service Providers
 Unified authentication mechanism from the vendor perspective
     • Much more scalable
     • Much less integration work required to bring a new customer online.
 Ability to implement fine-grained access control (e.g. access by role),
  allowing customer sites to effectively control access by attributes and
  thus control usage costs, by not granting access unnecessarily
 Once Shibboleth integration work completed on vendor‟s systems
      • Incremental cost of adding new customers is relatively minimal
      • In contrast to the current situation -- requiring custom work for
        each new customer
 Ability to offer personalization
 Enables attribute-based Service Level Model
 If universities have Shibboleth implemented already, easy
  implementation for them

                                                                         24 Jun 2004
            What are Federations?
 Associations of enterprises that come together to exchange
  information about their users and resources in order to enable
  collaborations and transactions
 Enroll and authenticate and attribute locally, act federally.
 Uses federating software (e.g. Liberty Alliance, Shibboleth, WS-*)
  common attributes (e.g. eduPerson), and a security and privacy set
  of understandings
 Enterprises (and users) retain control over what attributes are
  released to a resource; the resources retain control (though they
  may delegate) over the authorization decision.
 Several federations now in construction or deployment

                                                              24 Jun 2004
           Unified Field Theory of Trust
 Bridged, global hierarchies of identification-oriented, often
  government-based trust – laws, identity tokens, etc.
   • Passports, drivers licenses
   • Future is typically PKI oriented
 Federated enterprise-based; leverages one‟s security
  domain; often role-based
   • Enterprise does authentication and attributes
   • Federations of enterprises exchange assertions (identity & attributes)
 Peer-to-peer trust; ad hoc, small locus personal trust
   • A large part of our non-networked lives
   • New technology approaches to bring this into the electronic world.
   • Distinguishing P2P apps arch from P2P trust
 Virtual organizations cross-stitch across one of the above
                                                                 24 Jun 2004
            Federated Administration
Given the strong collaborations within the academic community,
 there is an urgent need to create inter-realm tools, so . .
 Build consistent campus middleware infrastructure
  deployments, with outward facing objectclasses, service points,
  etc. and then
 Federate (multilateral) those enterprise deployments with inter-
  realm attribute transports, trust services, etc. and then
 Leverage that federation to enable a variety of applications from
  network authentication to instant messaging, from video to web
  services, from p2p to virtual organizations, etc. while we
 Be cautious about the limits of federations and look for
  alternative fabrics where appropriate.
                                                             24 Jun 2004
       Federated Administration

              VO   VO

Apps CM             O
          T             CM Apps
                    T                                  Other
 Campus 1                                              feds
                    Campus 2

   T           T        T

                            Federation   24 Jun 2004
         Shibboleth-based Federations
 InQueue
 InCommon
 Club Shib
 Swiss Education and Research Network (SWITCH)
 National Science Digital Library (NSDL)
 State networks
 Medical networks
 Financial aid networks
 Life-long learning communities
                                              24 Jun 2004
                   The Research and Education
                   Federation Space

                    (a starting                             Other
   Other            point)                                  clusters
   potential                             Other national

     InCommon                          NSD        Indiana
                         The Shib
                         h Club

   State of Penn
   Fin Aid Assoc
                                     Slippery slope
                                     - Med Centers, etc
                                                                       24 Jun 2004
 The “holding pond”
 Is a persistent federation with “passing-through”
 Operational today. Can apply for membership via
  http://shibboleth.internet2.edu/ InQueue Federation
 Requires eduPerson attributes
 Operated by Internet2; open to almost anyone using
  Shibboleth in an R&E setting or not…
 Fees and service profile to be established shortly: cost-
  recovery basis
                                                      24 Jun 2004
               InQueue Origins
                                             National Research Council of Canada
Rutgers University
                                             Columbia University
University of Wisconsin
                                             University of Virginia
New York University
                                             University of California, San Diego
Georgia State University
                                             Brown University
University of Washington
                                             University of Minnesota
University of California Shibboleth Pilot
                                             Penn State University
University at Buffalo
                                             Cal Poly Pomona
Dartmouth College
                                             London School of Economics
Michigan State University
                                             University of North Carolina at Chapel Hill
                                             University of Colorado at Boulder
                                             UT Arlington
The Ohio State University
                                             University of Michigan
                                             University of Rochester
Carnegie Mellon University                                                  24 Jun 2004
                                             University of Southern California
          Major Targets
 Campuses that are also origins, wanting to share
  campus-based content
 Content providers – EBSCO, OCLC, JSTOR, Elsevier,
  Napster, etc
 Learning Management Systems – WebCT, Blackboard,
  WebAssign, OKI, etc
 Outsourced Service Providers – purchasing systems,
  dormitory management companies, locksmiths, etc.

                                                     24 Jun 2004
          InCommon Federation
 A permanent federation for the R&E US sector
 Federation operations – Internet2
 Federating software – Shibboleth 1.1 and above
 Federation data schema - eduPerson200210 or later and
  eduOrg200210 or later
 Became operational April 5, with several early entrants to
  help shape the policy issues.
 Precursor federation, InQueue, has been in operation for
  about six months and will feed into InCommon
 http://www.incommonfederation.org

                                                     24 Jun 2004
             InCommon Management
 Operational services by Internet2
    • Member services
    • Backroom (Certificate Authority, WAYF service, etc.)
 Governance
    • Executive Committee: Carrie Regenstein. Chair (Wisconsin), Jerry Campbell
      (USC), Lev Gonick (CWRU), Clair Goldsmith (Texas System), Mark Luker
      (EDUCAUSE), Tracy Mitrano (Cornell), Susan Perry (Mellon), Mike Teets (OCLC),
      David Yakimischak (JSTOR)
    • Two Executive Committee working groups
         – Policy: Tracy Mitrano, Chair
         – Communications, Membership, Pricing and Packaging: Susan Perry, Chair
    • Technical Advisory Group: Scott Cantor (OSU), Steven Carmody (Brown), Bob
      Morgan (Washington), Renee Shuey (PSU)
    • Project manager: Renee Frost (Internet2)
 Initially an LLC and likely to take 501(c)3 status

                                                                     24 Jun 2004
           Trust in InCommon - Initial
 Members trust the federated operations to perform its
  activities well
   • The operator (Internet2) posts its procedures, attempts to execute
     them faithfully, and makes no warranties
   • Enterprises read the procedures and decide if they want to become
 Origins and targets trust each other bilaterally in out-of-
  band or no-band arrangements
   • Origins trust targets dispose of attributes properly
   • Targets trust origins to provide attributes accurately
   • Risks and liabilities managed by end enterprises, in separate ways

                                                               24 Jun 2004
           InCommon Trust - Ongoing
 Use trust  Build trust cycle

 Clearly need consensus levels of I/A
 Multiple levels of I/A for different needs
   • Two factor for high-risk
   • Distinctive requirements (campus in Bejing or France, distance ed,
 Standardized data definitions unclear
 Audits unclear
 International issues

                                                               24 Jun 2004
             Balancing the Operator‟s
             Trust Load
 InCommon Certificate Authority (CA)
   •   Identity proofing the enterprise
   •   Issuing the enterprise signing keys (primary and spare)
   •   Signing the metadata
   •   Could be outsourced
 InCommon Federation
   • Aggregating the metadata
   • Supporting campuses in posting their policies
   • Less easy to outsource

                                                                 24 Jun 2004
             InCommon Operations Docs
 InCommon_Federation_Disaster_Recovery_Procedures_ver_0.1
   • An outline of the procedures to be used if there is a disaster with the InCommon
 Internet2_InCommon_Federation_Infrastructure_Technical_Referen
   • Document describing the federation infrastructure.
 Internet2_InCommon_secure_physical_storage_ver_0.2
   • List of the physical objects and logs that will be securely stored.
 Internet2_InCommon_Technical_Operations_steps_ver_0.35
   • This document lists the steps taken from the point of submitting CSR, Metadata,
     and CRL to issuing a signed cert, generation of signed metadata, and publishing
     the CRL.
 Internet2_InCommon_Technical_Operation_Hours_ver_0.12
   • Documentation of the proposed hours of operations.

                                                                           24 Jun 2004
               InCommon CA Operations Docs
 CA_Disaster_Recovery_Procedure_ver_0.14
    • An outline of the procedures to be used if there is a disaster with the CA.
 cspguide
    • Manual of the CA software planning to use.
 InCommon_CA_Audit_Log_ver_0.31
    • Proposed details for logging related to the CA.
 Internet2_InCommon_CA_Disaster_Recovery_from_root_key_compro
    • An outline of the procedures to be used if there is a root key compromise with the CA.
 Internet2_InCommon_CA_PKI-Lite_CPS_ver_0.61
    • Draft of the PKI-Lite CPS.
 Internet2_InCommon_CA_PKI-Lite_CP_ver_0.21
    • Draft of the PKI-Lite CP.
 Internet2_InCommon_Certificate_Authority_for_the_InCommon_Federa
    • Document describing the CA.

                                                                                     24 Jun 2004
              InCommon Key Signing Process
 2. Hardware descriptions
        a. Hardware will be laptop and spare laptop with no network capabilities, thumb
  drive, CDRW drive, media for necessary software
  3. Software descriptions
        a. OS, OpenSSL, CSP, Java tools for meta data
  4. Log into computer
  5. Generation of the CA Private Root key and self-signing
  6. Generation of the Metadata signing key
  7. Generate CSR for Internet2 origin
  8. Signing of new metadata sites and trusts files
  9. Backup copies of all private keys and other operational backup data are generated.
  10. Verify CD's and MD5 checksum
  11. Write down passphrase and put in envelopes and sign envelopes
  12. Securely store CA hardware and contents of local safe in safe
  13. Log that these actions occurred on the log in safe and then close and lock the safe
  14. Put thumb drive into secure db and copy data onto secure db
  15. Take private key password archive and other contents to Private Key Password
  safe deposit box and record in log that this was done.
  16. Take operational data archive to Operation Data safe deposit box and record in
  log that this was done.

                                                                           24 Jun 2004
    InCommon Operations Process Steps
 InCommon Process Technical Reviewers
   •   Scott Cantor, OSU
   •   Jim Jokl, University of Virginia
   •   RL Bob Morgan, University of Washington
   •   Jeff Schiller, MIT
 Key Signing Party
   • March 30, 2004 in Ann Arbor
   • Videotaped
   • Witnessed

                                                 24 Jun 2004
           InCommon Startup
 Membership: open to .edu-qualified sites and business
 Policy, Practices, Pricing, Packaging to be developed by
  Exec Comm working groups and phase one participants
 Privacy requirements to be developed:
    • May be = destroy received attributes immediately upon use
 Security requirements to be developed:
    • May be = enterprises post local I/A and basic business rules for
      assignment of eduPersonAffiliation values
    • Likely to progress towards standardized levels of authentication
    • Logout issues

                                                                24 Jun 2004
          Phase One Rollout
 11 organizations
 Requests to add more – 4 institutions, 2 service providers
 Feedback on process and documents
 Federation Operating Rules drafted
 Participant Agreement drafted/under review
 Participant Operational Practice Statement
  developed/being vetted by phase one participants
 Pricing and Packaging model drafted/proposals being

                                                     24 Jun 2004
           The Potential for InCommon
 The federation as a networked trust facilitator
 Needs to scale in two fundamental ways
   • Policy underpinnings need to move to normative levels among the
     members; “post and read” is a starting place…
   • Inter-federation issues need to be engineered; we are trying to align
     structurally with emerging federal recommendations
 Needs to link with PKI and with federal and international
 If it does scale and grow, it could become a most
  significant component of cyberinfrastructure…

                                                                 24 Jun 2004

 Design Team: David Wasley (U of C); RL „Bob‟ Morgan (Washington);
   Keith Hazelton (Wisconsin - Madison); Marlena Erdos (IBM/Tivoli);
          Steven Carmody (Brown); Scott Cantor (Ohio State)

  Important Contributions from: Ken Klingenstein (Internet2); Michael
          Gettes (Duke), Scott Fullerton (Wisconsin - Madison)

 Coding: Derek Atkins (MIT), Parviz Dousti (CMU), Scott Cantor (OSU),
                Walter Hoehn (Columbia/U of Memphis)

                                                                24 Jun 2004
     For More Information

 NSF Middleware Initiative-sponsored workshop:
“CAMP Shibboleth”
   • June 28-30 in Broomfield, Colorado
   • Features a Shib Install Fest
 Websites

Renee Woodten Frost                 rwfrost@internet2.edu

                                                        24 Jun 2004

Description: Operating Agreement Llc Add Member Wisconsin document sample