Your SlideShare is downloading. ×
UWAP Tjenesteplattform
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

UWAP Tjenesteplattform

159
views

Published on

A service platform for higher education in norway. Presentation of UWAP prototype results.

A service platform for higher education in norway. Presentation of UWAP prototype results.

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
159
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Tjenesteplattformfor utdanningssektoren Andreas Åkre Solberg UNINETT, WebTechnology Research and Development Oslo, 11. Februar 2013
  • 2. Once upon a timeWeb Single Sign-On with Feide was sufficient to providea seamless user experience across services.
  • 3. Collaboration on Internet✤ A dynamic working groups spanning multiple organizations, work together using digital collaboration tools: ✤ A wiki ✤ Document sharing tool ✤ Meeting planner and calendar ✤ A Web meeting tool ✤ A web forum or mailinglist
  • 4. to provide a satisfying end-user experiencespanning multiple collaboration services today,SSO is not sufficient.
  • 5. Traditional approach App1 ✤ Does not scale ✤ Not dynamic User directory App2 ✤ (Often) only in one direction Batch provisioningof users and groups App3 ✤ But it works, for some use cases
  • 6. Modern services✤ Modern collaboration services share a bunch of common components: ✤ Users and authentication ✤ Groups and authorization ✤ Invitation (mapping users and groups) ✤ Activity stream ✤ Notifications (mail and mobile push notifications) ✤ Data access with third party REST API
  • 7. SP App App App API + OAuth Addtional services SAML Component XAuthentication Feide
  • 8. Spin-offs Innovasjon tjeneste utvikling / utrulling ? 2016 ? ? 2015 Webteknologi 2013-2016 2014 2013 Webteknologi 2012 2012 2011Innovasjonsprosjekter i UNINETT knyttet til "Webteknologi"
  • 9. SP App App App API + OAuth Addtional services SAML UWAP PrototypeAuthentication Feide
  • 10. ✤ ettersom man tilbyr mer og mer støtte-funksjonalitet (auth, gruppe ++) kan fort kompleksiteten bli uholdbar på tjenestesiden.✤ Enkelt for tjenesteleveandørene er svært viktig!✤ De bør forholde seg til biblioteker og ikke egne software komponenter som kjører på tjenestesiden.✤ Vi må lære av økosystemene til store aktører som har lykkes med ekstrem skalerbarhet; google, linkedin, facebook m.fl.✤ Selvbetjening er kritisk.
  • 11. New more Users complex modelThird party Service Third party Serviceapplications applications Content Content API Delegation API
  • 12. UWAP Eco-system Users Content UWAP App Providers Prototype Developers Schools Universites
  • 13. ✤ Tjenesteleverandører✤ Selvbetjening
  • 14. ✤ Enklere integrasjon enn Feide.✤ Innebygget støtte for mobil Apps✤ Basert på OAuth / OpenID Connect✤ Enkelt API med en rekke ekstra funksjonalitet
  • 15. Grupper
  • 16. Groups ✤ Dynamic large-scale groups from Feide attributes ✤ Organization, department App App App ✤ Affiliation: like «all students at NTNU» ✤ Ad-hoc groups ✤ Managed external groups Platform ✤ FS ✤ KIND, etc. Dynamic GroupsFeide Ad-hoc FS SurfConext +++ groups Self-service Managed external groups group mngmnt
  • 17. Ad-Hoc groups✤ Everyone can create new groups, and invite/add users✤ Important to easily find the correct persons you want to add. Search engine based upon real names.✤
  • 18. Group information model✤ List of members✤ Membership roles: ✤ Admin/Owner ✤ Regular member ✤ (Subscribers) Optionally a group can have subscribers.✤ Managed external group providers may defined extended role definitions✤ Applications may off course provide additional membership roles locally.✤ Work on international harmonization of this basic model.
  • 19. Invitations, people search✤ Protected with Feide✤ Generic js library✤ Very easy integration in all applications that needs to «add users».
  • 20. ActivityStreams
  • 21. Activity streams› One activity stream per group. ng eti› Generic information model me or ge› Acitivites posted to one or more groups Ag pa ew a ou s at wiki an gr if i p he rle led e!» a o t ho om tedPublic / Private du dt rT he elc rea de seNormal / Promoted sc «w as c ad ew u on re m n d Si A AnUser interfaces ng d f» eti an› WebApp frontend .pd me ed re nd rm tu› Mobile app frontend tor tec tte nfi ll a co ds hi› Widgets o u rc wi eas Cl «a› API dr at file An da re ha zs ma Ar
  • 22. Notifications✤ The most important activity updates✤ Email and mobile push notifications✤ Personal preferences
  • 23. Federated Widgets
  • 24. Federated Widgets✤ Embed content on remote site✤ Challenge: ✤ secure environment ✤ authentication
  • 25. Federated Widgets✤ Super simple integration!✤ Secure separation from container site✤ Auto-detecting existing Feide session✤ No server-side requirements...
  • 26. Federated Widget ✤ The group-context-aware «webmeeting button» using eting ect We bme onn be C ting Ado in mee Jo
  • 27. Feed WidgetShows an aggregated feed of activities for the current selected group across all collaboration tools. Share widget Can be easily integrated anywhere. Will share a link to the current web page to the activity stream for the current user in a selected group context.
  • 28. Feed WidgetShows an aggregated feed of activities for the current selected group across all collaboration tools. Share widget Can be easily integrated anywhere. Will share a link to the current web page to the activity stream for the current user in a selected group context.
  • 29. Feed WidgetShows an aggregated feed of activities for the current selected group across all collaboration tools. RedMine With Activity Stream Connector enabled.
  • 30. WebApp Hosting (PaaS)
  • 31. ✤ Web as a platform✤ Usage increasing✤ True multi-platform: desktop, mobile (android+ios+)✤ REST API friendly✤ Client side logic✤ Makes it hassle-free to provide cloudbased hosting environment✤ Easier service roll-out in education: no installations..
  • 32. creating a new application...
  • 33. How does it work✤ Each app gets their own domain: myapp.eduapps.org✤ App engine provides a javascript API to access all functionality✤ The javascript engine communicates with app server using REST api.✤ Let’s test it...
  • 34. 89 lines of code (mostly UI)
  • 35. App Store
  • 36. App StoreAuthorization data New PotentialsConnecting edu institutions to content providers with new more efficient and fair payment models
  • 37. Content Providers
  • 38. Open Data✤ Universites increasing interest to share their data using APIs.✤ Win-win situation. Both students and commercial providers may provide value-added service by making use of the data.✤ Privacy very important!✤ Complex to provide authentication model for delegated access to personal data.
  • 39. Service Providers Frontend✤ REST API with delegated access control.✤ Feide authentication API✤ Trust model Business✤ Scalable management of third Information Logic party client access control.
  • 40. SOA Gatekeeper✤ Manage 3rd party clients✤ Control your open APIs✤ User control, scopes, consent etc.
  • 41. Providing a Service
  • 42. ✤ Ikke enda planlagt. Spin-offs✤ Stor interesse i UH for å Innovasjon tjeneste utvikling / utrulling få opp tjenester. Spesielt ? rundt grupper. ? 2016 ?✤ Koordineres med: 2015 It.1 First iteration Webteknologi Service Pilot 2013-2016 2014 ✤ Feide 2013 ✤ Nansen 2012 Webteknologi 2012 2011✤ IKTsenteret tidlig med... Innovasjonsprosjekter i UNINETT knyttet til "Webteknologi"
  • 43. Innpakking sammen med Feide SP App App App API + OAuth Addtional services SAML Feide Connect! Authentication Feide
  • 44. Feide Connect! added-value✤ Simpler integration with modern web applications (OAuth-based)✤ Support for authentication on mobile✤ Easier integration with PaaS (Nansen)✤ Support emerging standards: OpenID Connect!✤ Groups✤ People search✤ Easier cross-federation integration!✤ Built-in discovery✤ Guest users✤ Lower bar of entry for service providers: students etc. Self-service Support no-contract consumers!✤ Extensible: allows us to add new services!✤
  • 45. Will not solve...✤ Local Single Sign-On on Windows Domain with Keberos✤ Higher level authentication (2-factor). LoA.✤ Accepting more loosely connected user through Feide (UiO)
  • 46. Services to add later on✤ Activity streams✤ Calendar sharing✤ REST API engine✤ Activity streams✤ Notifications✤ SOA Gatekeeper✤ App hosting ✤ Storage, message queue, cache, release management etc.✤ Federated widgets✤ OAuth REST Engine (simplify using protected REST APIs)✤ ...
  • 47. NANSEN
  • 48. ✤ https://www.uninett.no/skytjenester-rapport-med-anbefalinger✤ Stor interesse i UH sektoren om samarbeid rundt ✤ innkjøp av kommersielle skytjenester ✤ oppbygning av egen skyinfrastruktur i sektoren for å organisere morgendagens tjenester for sektoren. Erstatter dagens IKT drift. Med samarbeid.
  • 49. UNINETTs Nova plattform✤ Arbeid i 2013-2014.✤ Bygger opp skyinfrastruktur internt for å kunne hoste våre egne tjenester✤ Kompetanseoppbygning og forarbeid som kan være nyttig for sektoren i relisering av NANSENs sektor-spesifikke sky.
  • 50. WebApp PaaS Fil Lagring UWAP Core In-memory Høytilgjengelighet Feide NoSQL store OSVirtualisering
  • 51. ✤ UNINETT FAS ✤ Administrative Apps for selvbetjening✤ eCampus✤ Samarbeidsverktøy: Agora, RedMine, webmøter etc.
  • 52. App AppAll platform UI built as indepedent apps People search Groups and authorization Calendar sharing REST API Engine Activity stream Service Platform Notifications Authentication Feide
  • 53. IKTsenteret
  • 54. ✤ Felles samarbeid om Feide.✤ Svært sammenfallende behov rundt støtte mot tjeneser til utdanningssektoren.✤ Trolig kosteffektivt å jobbe med en felles løsning når behovene er overlappende.✤
  • 55. Mulige oppgaver✤ Samarbeid rundt informasjonsmodell for grupper✤ Pilot-integrasjon mot f.eks. fylkeskommune gruppe-provider✤ Pilot-integrasjon mot BAS for person-søk✤ Pilot tjenesteleverandører✤ Interessante use-case: DVM,
  • 56. last slide

×