Internet2 middleware projects
Middleware, or “glue,” is a layer of software between the network and the applications. This software provides services such as identification, authentication, authorization, directories, and security. The Internet2 Middleware Initiative (I2MI) promotes standardization and interoperability and is working toward the deployment of core middleware services at Internet2 universities.
I have been involved in deploying and supporting the Shibboleth inter-realm authentication system for The University of Kansas and have been a resource for the Great Plains Network (GPN), my main focus for the past year has been in role based access control (RBAC) using Grouper and Signet.
I have been particularly interested in how to get base group data from an identity management system (IdMS) into Grouper, and how to provision external systems with information from Grouper and Signet, with a special focus on feeding the data back to the IdMS so that its normal provisioning mechanisms can be used.
A common API used by both Grouper and Signet is the Subject API, which provides an abstraction for a local implementation of entities (subjects) that may be members of groups in Grouper or recipients of permissions in Signet.
I worked on the Subject API to produce better performance and also to move it towards a 1.0 release, with better flexibility for extension and better testing.
In January of 2007 the first release of the Signet-Grouper LDAP Provisioning Connector (Ldappc) was released. This provides a reasonable way to provision data from Signet and Grouper into an LDAP directory, from which it could be used by clients needing access control.
My main issues with this software were that it was insufficiently flexible and that its performance is not good for large groups. I developed an alternative, which is able to provision LDAP and also relational databases, using flexible, extensible downstream provisioning connectors.
Since leaving KU, I worked for a year for Internet2 developing the next version of Ldappc, with some success.