http://www.inquisitr.com/wp-content/clouds1s-300x198.jpg

SIMPLIFYING THE CLOUD– the case for federation

Dr. Terry GrayAssoc VP, Technology StrategyUniversity of Washington

Microsoft CIO Summit25 Feb 2010

http://learnandgrowtv.files.wordpress.com/2009/05/kingdom-keys1.jpg

http://www.jewishworldreview.com/images/key_clouds.jpg

HYPOTHESIS

Federation & Interoperabilityare key

to effective collaborationin complex environments

http://blog.host1plus.com/wp-content/uploads/2009/08/Cloud-computing013-300x300.jpg

Agenda

1. Context

2. Why the Cloud?

3. Why not?

4. Why Federation?

5. Why SAML?

6. UW case study

CONTEXT: Research Universities

Mission: discovery & innovation

Means: extreme collaboration– - Globally, at scale

Culture: decentralized; diffuse authority

– – Collections of many independent businesses

– – A microcosm of “the Internet”

“Corporations turn ideas into money; Universities turn money into ideas.” --Craig Hogan

http://liu.english.ucsb.edu/wiki1/im

ages/4/4c/Collaboration.gif

http://gypsycharm.com/cloud_flying_keys_bg.gif

PROBLEM

http://www.constratega.com/Editor/images/Jigsaw-piece_full.png

← Too many accounts

→ Too little interoperability

Business need: improve collaborationBarrier: complexityTrap: collaboration exacerbates complexity

COPING WITH COMPLEXITY

In diverse collaborations:--homogeneity is not an option

-accounts become an N*N problem

Therefore, we need: -integration via interoperability

-fewer things to think about

-at least...

the illusion of simplicity and coherence!

WHY THE CLOUD?

It's where our people are going

Allows easier (self-service) collaboration

Leverages market agility, advances

Allows better use of scarce IT resources

→ IT Goal: any time / place / device access & collaboration→ Cloud computing supports this goal

CLOUD CONCERNS

Institutional view Operational risk Financial risk Compliance risk

User view Reliability Privacy, safety, security Simplicity, interoperability

http://www.loc.gov/exhibits/bobhope/images/vcvg20.jpg

INTEROPERABILITY example: the calendaring problem

Outlook/ExchangeUser IT

Staff

GoogleCalendarUser

INTEROPERABILITY SCENARIO

USERS: Mary: Outlook + BPOS-D

Joe: TBird + Outlook Live

Ann: Mac/Safari + Google

TASKS:Schedule a meeting

Create an access group

Co-edit a document

ISSUES:Discovering authoritative server

Access or account provisioning

Protocol compatibility (IMAP, CalDav)

EXAMPLES:Zoho via Yahoo or Google credentials

Digg via Facebook credentials

EduRoam via InCommon (local creds)

INTEROPERABILITY ELEMENTS

Data structures

Transfer Protocols

Discovery Protocols

Identity & Access Managementhttp://www.tcmpage.com/image/5elements_en.gif

Metal

WHY FEDERATION? Supports interoperability

Best defense against account/password proliferation

Leverages institutional identity for reputation/branding

Improved security: can reduce password attack surface*

Convenience: helpful for both migration & steady state

* cf. Thick Client Issues

CHOICES WS Federation / Trust Information Card OpenID OAuth Open Social SAML

+ Shibboleth + InCommon

http://farm1.static.flickr.com/237/446791372_ec19181a63.jpg?v=0

FEDERATION ELEMENTS

Protocol Spec: e.g. SAML

Software: e.g. Shibboleth– + Geneva, others

Trust Fabric: e.g. InCommon– + Nat'l Federations in 25

countries

http://www.vestaingredients.com/files/building_blocks.bmp

WHY SAML? Security Assertion Markup Language

Industry standard, with input from H-E Good support for user attributes (claims) Supports scalable multi-party trust fabrics Used in many sectors for many years Dominant in H-E sector; Big science; K12 Part of mature federation ecosystem

– (SAML + Shibboleth + InCommon)

THICK CLIENT PROBLEM

Many federation protocols designed only for web apps

For web apps, service provider need not store passwords

Supporting existing non-web apps means: Continuing to store passwords on cloud service, or ... Exposing enterprise passwords on cloud service via proxy

Convenience often trumps security

UW meets the Cloud

CLOUD APPS @ UW

64K UW users

50% of students ALREADY forward their UW email!50% of students ALREADY forward their UW email!

STRATEGIC PREMISES

Cloud computing is a big deal

UW should encourage it, modulo compliance obligations

Compliance risk is reduced via partner contracts

A single-vendor strategy will not work for UW

Integrating faculty/staff with students is essential

THE PLAYING FIELD

OutlookLive

GoogleApps

BPOS-DService

DepartmentalExchange/SP

Servers

CentralExchange/SP

Servers

CentralIMAP & Web

Servers

Other cloudservices

The IT challenge: make collaboration work in this context!

Otheruniversities

LESSONS from a Dawg

Free services are not freeMoving targets, startup problems, service cultureCloud Conundrum: Integration adds value & cost

Collaboration BarriersMultiple account madnessLack of interoperabilityLack of group support

PushbackStudents: “Where's the beef” (vs. existing

options)Faculty: privacy, security, data ownership/mining

NEXT STEPS

Enhancing Cloud Services– Group management features

– Improved calendar interoperability

– SAML SSO for Outlook Live

• → via MS/UW Partnership

Retiring On-Premise Services– Student email services

– Central Exchange/Sharepoint services

• → via move to Microsoft BPOS-D

http://www.census.gov/history/img/LessonPlanimage.jpg

UW – MICROSOFT PARTNERSHIP

Initial Focus on SAML/Shib support for Live@edu

Assisting MS in tackling BPOS + Live@edu integration

Crucial to our multi-platform service strategy & migration

Unlike with some companies, it's a true partnership...

SUMMARY

→ The cloud enables more collaboration→ Therefore we need to enable the cloud And make it work better

Federated cloud services essentialUse is soaring despite concerns

Questions

http://www.geo.me/images/cloud.jpg?1249871890

Special thanks to RL “Bob” Morgan,UW's Middleware Maven!