Tim Poe - MCNC, Co-Project Manager, NC Trust Pilot

1
Tim Poe - MCNC, Co-Project Manager, NC Trust
Pilot tpoe_at_mcnc.org Steve Thorpe (Remote) MCNC
Co-Project Manager, NC Trust Pilot thorpe_at_mcnc.o
rg
2
NC DPI
UNC-GA is a Friend of NCTrust
Introduction

• The NCTrust Federation is a pilot project to
  model a K-20 federation for the state of North
  Carolina, and will include participants from
• Public and Private 4-year Universities
• North Carolina State University (member)
• Duke University (member)
• University of North Carolina Chapel Hill
  (member)
• 2-yr Community Colleges
• Wake Tech Community College (member)
• Central Piedmont Community College (pending)
• K-12 school districts (LEAs)
• Rockingham County Schools (member)
• Davie County Schools (member)
• The NC Department of Public Instruction (DPI)
• NC Live (member)
• MCNC (Sponsor and member)

3
Background
Connecting North Carolinas Future Today

• MCNC was initially funded by the North Carolina
  State Government in 1980 as a catalyst for
  technology-based economic development.  MCNC is
  an independent, non-profit organization that
  employs advanced networking technologies and
  systems to continuously improve learning and
  collaboration throughout North Carolina's K20
  education community. 
• The State of North Carolina has provided for high
  speed bandwidth connections to all
• K-20 state educational institutions
• Medical schools
• 40 private Universities and Colleges
• and The State Government Network
• via the North Carolina Research and Education
  Network (NCREN).
• Note In early April MCNC announced that all 115
  K-12 Local Education Agencies (LEAs) throughout
  the state are now connected to NCREN. This marks
  the completion of The NC School Connectivity
  Initiative.

4
FIM Charter

• The Federated Identity Management Task Force
  (FIM-TF) first met in November, 2007 as a spinoff
  of the MCNC Collaborative Services Working Group
  (CSWG), and charged with
• Identifying a way to make use of the NCREN
  network bandwidth now being provided to K-20
  schools (Use Cases)
• Providing resources and services to the K-20
  community in a more efficient way (than requiring
  a local credential at each resource)
• Exploring how the state could provide federated
  access to these resources
• Establishing a pilot project to identify what
  challenges would be encountered in a K-20
  federation for the state
• Including K-12 in the mix is a unique aspect of
  this pilot
• Make recommendations for expanding the pilot
  based on the findings of the FIM-TF.

5
Collaborations and Shared Experiences

• The University of North Carolina System was in
  the midst of implementing its own federation
  during the early FIM-TF meetings
• Member Universities were required to have their
  IdP up by Aug 1, 2008
• The project manager for this initiative was also
  a member of the FIM-TF and provided valuable
  input based on the UNC Identity Federations
  progress
• There were other members on the FIM-TF that were
  also from UNC System universities
• This made it easier to participate in the NCTrust
  Federation as the IdP and the backend
  infrastructure were already established.
• Video Conference QA sessions were held with
• John Krienke of InCommon (March 18, 2008)
• The University of Texas Federation (June 19,
  2008)
• David Walker of UC Trust (July 8, 2008)

6
Decisions

• We decided to base our federation on the UC Trust
  model and build on top of ...
• Why?
• The administrative effort, including the Legal
  Framework / documentation / policies /
  procedures for asserting our various
  participant responsibilities. This is a HUGE
  effort, and by joining InCommon we were able
  to piggy back on their work.
• Internet2/InCommon administer the Certificate
  Authority (CA) upon which the InCommon Trust
  Federation is built (meaning we didnt have to
  create our own, sign CSRs, etc.).
• InCommon also provided some technical support,
  as did the community of people responding to
  questions posed to the Internet2 Shib-Users
  list.
• Additionally, they had a running SP we could
  authenticate against (Internet2 Collaboration
  Wiki site)

7
Decisions (cont)

• MCNC obtained funding for the project to pay for
  the InCommon membership fee and first year fees
  for the pilot participants.
• We decided to create an informal agreement a
  Memorandum of Understanding (MOU) to be signed
  by all participants to instill a feeling of
  commitment to the pilot. (Aug, 2008)
• We decided to limit the number of SPs (2-3) to
  simple use cases for the pilot and focus on
  creating the federation and helping participants
  through the membership process
• SPs chosen were VCL (at NC State), NCLive (also
  located at NC State but a separate state
  entity) and the MCNC Confluence site.

8
Challenges

• Getting organizations motivated to complete the
  paperwork
• Getting the legal counsel for each institution to
  accept the agreements
• The technology was a challenge for smaller
  universities, some community colleges and the
  K-12 institutions
• Even with the FIM-TF hosted Shib-Fests in October
  and February, there were some participants who
  had trouble keeping up with the group.
• The volume of information spanning multiple areas
  (Linux, Vi, XML, Tomcat, Networking, etc.) was
  overwhelming to some participants.
• Some attendees worked primarily in a Windows
  environment, and much of the content was foreign
  to them.

9
Challenges (cont)

• The Economic situation has been a challenge (cost
  and perception)
• What Attribute Release Policy (ARP) to use (how
  does K-12 effect this)
• Building NCTrust on InCommon was not
  straightforward
• There were no white papers or cookbook
  directions
• We didnt understand what we needed to do
  initially
• We wanted to be able to isolate our subset of
  members from all of InCommon
• Create NCTrust-metadata.xml, a subset of the
  InCommon metadata
• Were planning to further automate the procedure
  that incorporates updates from InCommon into the
  NCTrust metadata so our community can easily
  identify other NCTrust members

10
Current Status (Where We Are)

• We have a small number of IdPs up and running
  (Duke, MCNC, NC State, UNC-CH)
• Rockingham County Schools and Davie County
  Schools became members of InCommon our first
  K-12s !
• Also have Wake Tech Community College and the NC
  Department of Public Instruction
• The NCTrust WAYF is up and running
• VCL is testing against the NCTrust WAYF and is
  running as a SP in NCTrust
• NCLive has now joined InCommon and is almost
  ready to integrate the NCTrust WAYF
• MCNC is Shibbolizing its confluence and drupal
  sites this month
• NCLive is shibbolizing their SP

11
(Some) Lessons Learned

• Using InCommon as the trust infrastructure
  transferred the up front burden of establishing
  a federation (goodness), to the back end burden
  of getting through the application process (not
  so goodness)
• (But overall, well worth it!)
• When we started we didnt have enough knowledge
  of the resources needed both in time and
  technical expertise, to plan as effectively as we
  would have liked
• We thankfully collaborated with people who made
  up for that lack of knowledge
• You never have as much time as you think you do
  (the length of the pilot was cut in half just as
  we were getting started)

12
Next Steps

• Focus on getting additional K-12 participants
  into InCommon
• Get additional Community College participation
• Capture K-12 needs and potential SPs
• Find a way to capture the experience for pilot
  users/students (feedback)
• Begin capturing recommendations for next phase(s)

13
Unexpected Benefits

• The Robertson Scholars Program Duke University
  and UNC-CH
• K-12 Projects or Needs now have a Roadmap for
  implementation
• UNC-CH has found the NCTrust Pilot (and InCommon
  membership) to be very beneficial in establishing
  connections with NIH (Medical School and Research
  at the University)
• Although not entirely unexpected there was
  definitely an added benefit from becoming a
  member of InCommon, particularly as new SPs are
  added

14
Proposed Projects

• GoogleApps for Education (K-12 need)
• Microsoft Live_at_edu (K-12)
• LOR (Learning Object Repository)
• iTunes U Authentication
• FIZZ (Private U-Tube for K-12 use The Friday
  Institute, NC State
• Explore options for expanding NCTrust
• Explore the idea of regional IdPs (or
  statewide) for K-12 population

15
Future Challenges and Questions

• K-12 Specific Issues
• Funding May be written into Race to the Top
  application.
• Parent access, and how? (accounts, ID-Proofing)
• Continued lack of technology expertise (good
  solutions needed)
• Logistical difficulties getting the InCommon
  Agreement filled out and signed
• More Service Providers with K-12 targeted
  applications and resources

16
Future Challenges and Questions (cont)

• How do we scale the K-20 pilot into a state-wide
  federation? The current model will not scale
  well.
• Should we reconsider a state-run federation and
  if so, how will it be funded and governed?
• The InCommon Future Task Force may propose
  changes that will better accommodate our needs
  well need to monitor this closely
• How will the migration of Federal SPs into
  InCommon impact the need or interest to join
  InCommon?
• Will developments in inter-federating make it
  easier to provide expanded opportunities for our
  communities
• Would a separate Federation better serve the K-12
  community with a focus on K-12 Applications,
  ARP, etc.

17
Thank you to all our participants and partners!
NC DPI
UNC-GA is a Friend of NCTrust
Questions?