Campus Directory / PKI Presentation

Published: April 5th, 2001

Category: Memos

Ronald H. Schoenau, Director

The Director of Information Technology, Network Services, and IAIMS are jointly sponsoring a one day visit to UF on Friday April 13th, by Dr. Ken Klinginstein to discuss the importance of “middleware” and strategies for its deployment. We invite the UF community to participate in this visit.

Dr. Klingenstein is leading the middleware initiative for the Internet2 Project (on loan from the University of Colorado at Boulder) and is the foremost national authority on implementing identification, authentication, authorization, and Public Key Infrastructure (PKI) programs in higher education.

Middleware is a layer of software between the network and the applications. This software provides services such as identification, authentication, authorization, directories, and security. In today’s Internet, applications usually have to provide these services themselves, which leads to competing and incompatible standards. By promoting standardization and interoperability, middleware will make advanced network applications much easier to use. The Internet2 Middleware Initiative (I2-MI) is working toward the deployment of core middleware services at Internet2 universities. This layer of software is important to the future of collaborative and inter-institutional computing at UF. For more information about the Middleware project at Internet2 visit the I2-MI website at:

There are a number of trends and developments that are driving the increasing need to access colleagues and data at other institutions and hence are driving the importance of implementing middleware solutions. These include:

  • The increasing need to collaborate with colleagues at other institutions;
  • Continued progress in many fields is increasingly inter- disciplinary;
  • Web-based content delivery vehicles allow faculty to integrate course content from a wide variety of sources
  • Distance learning is opening up teaching and learning options for both students and faculty; the digital library concept provides access to a wide variety of content providers (commercial and non-commercial); and
  • Electronic publishing and distribution is becoming a reality.A number of national entities have taken an interest in addressing the topic of middleware in some cohesive fashion including Internet2, EDUCAUSE, the Consortium for Networked Information (CNI), and the Corporation for Research and Educational Networking (CREN).

    UF’s GatorLink infrastructure provides single logon ID and password authentication for a number of services, and campus wide directory services including support of the Lightweight Directory Access Protocol (LDAP). These services will be enhanced to interoperate with core middleware services at Internet2 universities and support projects located at UF like FCLA’s replacement system LMS, the Lucent Partnership in Global Learning <>, Project GriPhyN (Grid Physics Network) <> and the emerging worldwide computation and data science GRID.

    The schedule for Dr. Klingenstein’s visit at UF is as follows: Room C1-3 Communicore 9:00 am – 3:30 pm 9-10 am Middleware 101: This session will describe the critical role that middleware is playing in the next stage of networking and then provide an overview of the technical and process issues associated with building a enterprise-wide core middleware infrastructure (identifiers, authentication, directories, and authorization). Technical topics will include authentication options, directory basics, authorization approaches, and the elements of a PKI. Process issues will include cost/benefit analyses, identifier mapping, campus-wide authentication services, best practices, and directory development initiatives. Materials are drawn from Early Harvest and Early Adopters.

    Intended audience is campus and government leadership. There will be a brief Q&A after this section since some attendees will leave the session at this time.

    Half hour break

    10:30 am Noon
    Current Activities in Middleware: This session will cover the major areas of activity. In directories, the new standard object class Eduperson, the blueprints in the LDAP recipe and the first pieces of a directory of directories for higher education will be discussed. We will cover the Shibboleth project that is beginning an infrastructure in inter-institutional authentication and authorization. Current work in PKI, both technical and policy, will be presented. Other areas for discussion will include medical middleware and enabling applications with middleware.

    Intended audience is technical leaders and architects.

    Noon-1:00 pm Lunch break

    1:00-2:15 pm Middleware 201.
    This session will look at the deeper technical issues in constructing and maintaining campus authentication and directory services. Authentication issues include integration of Kerberos between Unix and Windows 2000 implementations, the pros and cons of authentication using a directory, and scoping enterprise-wide authentication services. Using context from the LDAP Recipe for Configuring and Operating Directories, both design and implementation strategies for directories and directory applications will be presented. This will include detailed discussions about naming, performance, access controls, schema design and management, and application design. There will be a close examination of issues associated with integration of enterprise and LAN middleware, as well as legacy system interactions. Reviewing the LADP Recipe prior to the workshop is recommended.

    Audience is technical staff

    2:15-2:30 pm Break

    2:30-3:30 pm
    Business Planning for Middleware: Deploying middleware present difficult challenges, and unique opportunities, for campus business operations. The challenges include determining ownership of institutional information, reconciling policies on use of such information, funding middleware development activities, categorizing the roles and relationships of individuals with the university, and keeping the process moving. Opportunities include distributed cost savings, reduced legal exposures, agility in the deployment of new services, and participation in national and international collaborations. This session will look at these issues and identify best practices that universities are using.

    Audience is project leaders. (includes final Q&A for staff involved in implementing directories and PKI)

    No registration is required.

    If you are unable to attend this event, the sessions noted above will be presented at FSU Thursday, April 12. See for more details.

    Questions and comments regarding this visit can be directed to Kathy Bergsma (, 392-2061).

Comments are currently closed.