UWAP Tjenesteplattform

420 views
303 views

Published on

A service platform for higher education in norway. Presentation of UWAP prototype results.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
420
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

UWAP Tjenesteplattform

  1. 1. Tjenesteplattformfor utdanningssektoren Andreas Åkre Solberg UNINETT, WebTechnology Research and Development Oslo, 11. Februar 2013
  2. 2. Once upon a timeWeb Single Sign-On with Feide was sufficient to providea seamless user experience across services.
  3. 3. Collaboration on Internet✤ A dynamic working groups spanning multiple organizations, work together using digital collaboration tools: ✤ A wiki ✤ Document sharing tool ✤ Meeting planner and calendar ✤ A Web meeting tool ✤ A web forum or mailinglist
  4. 4. to provide a satisfying end-user experiencespanning multiple collaboration services today,SSO is not sufficient.
  5. 5. Traditional approach App1 ✤ Does not scale ✤ Not dynamic User directory App2 ✤ (Often) only in one direction Batch provisioningof users and groups App3 ✤ But it works, for some use cases
  6. 6. Modern services✤ Modern collaboration services share a bunch of common components: ✤ Users and authentication ✤ Groups and authorization ✤ Invitation (mapping users and groups) ✤ Activity stream ✤ Notifications (mail and mobile push notifications) ✤ Data access with third party REST API
  7. 7. SP App App App API + OAuth Addtional services SAML Component XAuthentication Feide
  8. 8. Spin-offs Innovasjon tjeneste utvikling / utrulling ? 2016 ? ? 2015 Webteknologi 2013-2016 2014 2013 Webteknologi 2012 2012 2011Innovasjonsprosjekter i UNINETT knyttet til "Webteknologi"
  9. 9. SP App App App API + OAuth Addtional services SAML UWAP PrototypeAuthentication Feide
  10. 10. ✤ ettersom man tilbyr mer og mer støtte-funksjonalitet (auth, gruppe ++) kan fort kompleksiteten bli uholdbar på tjenestesiden.✤ Enkelt for tjenesteleveandørene er svært viktig!✤ De bør forholde seg til biblioteker og ikke egne software komponenter som kjører på tjenestesiden.✤ Vi må lære av økosystemene til store aktører som har lykkes med ekstrem skalerbarhet; google, linkedin, facebook m.fl.✤ Selvbetjening er kritisk.
  11. 11. New more Users complex modelThird party Service Third party Serviceapplications applications Content Content API Delegation API
  12. 12. UWAP Eco-system Users Content UWAP App Providers Prototype Developers Schools Universites
  13. 13. ✤ Tjenesteleverandører✤ Selvbetjening
  14. 14. ✤ Enklere integrasjon enn Feide.✤ Innebygget støtte for mobil Apps✤ Basert på OAuth / OpenID Connect✤ Enkelt API med en rekke ekstra funksjonalitet
  15. 15. Grupper
  16. 16. Groups ✤ Dynamic large-scale groups from Feide attributes ✤ Organization, department App App App ✤ Affiliation: like «all students at NTNU» ✤ Ad-hoc groups ✤ Managed external groups Platform ✤ FS ✤ KIND, etc. Dynamic GroupsFeide Ad-hoc FS SurfConext +++ groups Self-service Managed external groups group mngmnt
  17. 17. Ad-Hoc groups✤ Everyone can create new groups, and invite/add users✤ Important to easily find the correct persons you want to add. Search engine based upon real names.✤
  18. 18. Group information model✤ List of members✤ Membership roles: ✤ Admin/Owner ✤ Regular member ✤ (Subscribers) Optionally a group can have subscribers.✤ Managed external group providers may defined extended role definitions✤ Applications may off course provide additional membership roles locally.✤ Work on international harmonization of this basic model.
  19. 19. Invitations, people search✤ Protected with Feide✤ Generic js library✤ Very easy integration in all applications that needs to «add users».
  20. 20. ActivityStreams
  21. 21. Activity streams› One activity stream per group. ng eti› Generic information model me or ge› Acitivites posted to one or more groups Ag pa ew a ou s at wiki an gr if i p he rle led e!» a o t ho om tedPublic / Private du dt rT he elc rea de seNormal / Promoted sc «w as c ad ew u on re m n d Si A AnUser interfaces ng d f» eti an› WebApp frontend .pd me ed re nd rm tu› Mobile app frontend tor tec tte nfi ll a co ds hi› Widgets o u rc wi eas Cl «a› API dr at file An da re ha zs ma Ar
  22. 22. Notifications✤ The most important activity updates✤ Email and mobile push notifications✤ Personal preferences
  23. 23. Federated Widgets
  24. 24. Federated Widgets✤ Embed content on remote site✤ Challenge: ✤ secure environment ✤ authentication
  25. 25. Federated Widgets✤ Super simple integration!✤ Secure separation from container site✤ Auto-detecting existing Feide session✤ No server-side requirements...
  26. 26. Federated Widget ✤ The group-context-aware «webmeeting button» using eting ect We bme onn be C ting Ado in mee Jo
  27. 27. Feed WidgetShows an aggregated feed of activities for the current selected group across all collaboration tools. Share widget Can be easily integrated anywhere. Will share a link to the current web page to the activity stream for the current user in a selected group context.
  28. 28. Feed WidgetShows an aggregated feed of activities for the current selected group across all collaboration tools. Share widget Can be easily integrated anywhere. Will share a link to the current web page to the activity stream for the current user in a selected group context.
  29. 29. Feed WidgetShows an aggregated feed of activities for the current selected group across all collaboration tools. RedMine With Activity Stream Connector enabled.
  30. 30. WebApp Hosting (PaaS)
  31. 31. ✤ Web as a platform✤ Usage increasing✤ True multi-platform: desktop, mobile (android+ios+)✤ REST API friendly✤ Client side logic✤ Makes it hassle-free to provide cloudbased hosting environment✤ Easier service roll-out in education: no installations..
  32. 32. creating a new application...
  33. 33. How does it work✤ Each app gets their own domain: myapp.eduapps.org✤ App engine provides a javascript API to access all functionality✤ The javascript engine communicates with app server using REST api.✤ Let’s test it...
  34. 34. 89 lines of code (mostly UI)
  35. 35. App Store
  36. 36. App StoreAuthorization data New PotentialsConnecting edu institutions to content providers with new more efficient and fair payment models
  37. 37. Content Providers
  38. 38. Open Data✤ Universites increasing interest to share their data using APIs.✤ Win-win situation. Both students and commercial providers may provide value-added service by making use of the data.✤ Privacy very important!✤ Complex to provide authentication model for delegated access to personal data.
  39. 39. Service Providers Frontend✤ REST API with delegated access control.✤ Feide authentication API✤ Trust model Business✤ Scalable management of third Information Logic party client access control.
  40. 40. SOA Gatekeeper✤ Manage 3rd party clients✤ Control your open APIs✤ User control, scopes, consent etc.
  41. 41. Providing a Service
  42. 42. ✤ Ikke enda planlagt. Spin-offs✤ Stor interesse i UH for å Innovasjon tjeneste utvikling / utrulling få opp tjenester. Spesielt ? rundt grupper. ? 2016 ?✤ Koordineres med: 2015 It.1 First iteration Webteknologi Service Pilot 2013-2016 2014 ✤ Feide 2013 ✤ Nansen 2012 Webteknologi 2012 2011✤ IKTsenteret tidlig med... Innovasjonsprosjekter i UNINETT knyttet til "Webteknologi"
  43. 43. Innpakking sammen med Feide SP App App App API + OAuth Addtional services SAML Feide Connect! Authentication Feide
  44. 44. Feide Connect! added-value✤ Simpler integration with modern web applications (OAuth-based)✤ Support for authentication on mobile✤ Easier integration with PaaS (Nansen)✤ Support emerging standards: OpenID Connect!✤ Groups✤ People search✤ Easier cross-federation integration!✤ Built-in discovery✤ Guest users✤ Lower bar of entry for service providers: students etc. Self-service Support no-contract consumers!✤ Extensible: allows us to add new services!✤
  45. 45. Will not solve...✤ Local Single Sign-On on Windows Domain with Keberos✤ Higher level authentication (2-factor). LoA.✤ Accepting more loosely connected user through Feide (UiO)
  46. 46. Services to add later on✤ Activity streams✤ Calendar sharing✤ REST API engine✤ Activity streams✤ Notifications✤ SOA Gatekeeper✤ App hosting ✤ Storage, message queue, cache, release management etc.✤ Federated widgets✤ OAuth REST Engine (simplify using protected REST APIs)✤ ...
  47. 47. NANSEN
  48. 48. ✤ https://www.uninett.no/skytjenester-rapport-med-anbefalinger✤ Stor interesse i UH sektoren om samarbeid rundt ✤ innkjøp av kommersielle skytjenester ✤ oppbygning av egen skyinfrastruktur i sektoren for å organisere morgendagens tjenester for sektoren. Erstatter dagens IKT drift. Med samarbeid.
  49. 49. UNINETTs Nova plattform✤ Arbeid i 2013-2014.✤ Bygger opp skyinfrastruktur internt for å kunne hoste våre egne tjenester✤ Kompetanseoppbygning og forarbeid som kan være nyttig for sektoren i relisering av NANSENs sektor-spesifikke sky.
  50. 50. WebApp PaaS Fil Lagring UWAP Core In-memory Høytilgjengelighet Feide NoSQL store OSVirtualisering
  51. 51. ✤ UNINETT FAS ✤ Administrative Apps for selvbetjening✤ eCampus✤ Samarbeidsverktøy: Agora, RedMine, webmøter etc.
  52. 52. App AppAll platform UI built as indepedent apps People search Groups and authorization Calendar sharing REST API Engine Activity stream Service Platform Notifications Authentication Feide
  53. 53. IKTsenteret
  54. 54. ✤ Felles samarbeid om Feide.✤ Svært sammenfallende behov rundt støtte mot tjeneser til utdanningssektoren.✤ Trolig kosteffektivt å jobbe med en felles løsning når behovene er overlappende.✤
  55. 55. Mulige oppgaver✤ Samarbeid rundt informasjonsmodell for grupper✤ Pilot-integrasjon mot f.eks. fylkeskommune gruppe-provider✤ Pilot-integrasjon mot BAS for person-søk✤ Pilot tjenesteleverandører✤ Interessante use-case: DVM,
  56. 56. last slide

×