The Shibboleth system, developed by Internet2, offers a powerful, scalable, easy-to-use, and easy-to-manage solution to securely sharing online services and digital content. It leverages campus middleware services; users can manage their privacy level with remote services. This presentation will profile several campuses using Shibboleth as both a Single-Sign-On System within the campus, and a framework for controlling access to remote licensed resources. This session is offered in collaboration with the NSF Middleware Initiative-EDIT Consortium of Internet2 and EDUCAUSE. In addition, the Shibboleth development roadmap for the next year will be reviewed.

Virtual communities form around a common interest and typically cross institutional boundaries. The task of establishing on-line collaboration tools, so essential to virtual organizations, can quickly become mired in the difficult problems of tool selection, identity management and access control. Collaborations are hampered when there is no single tool or site that can satisfy all requirements and the quality of collaboration suffers.

Most solutions assume a central administration body will provide and manage the service; we will demonstrate a 'Just In Time' approach for creating virtual organizations that provides an easy way for anyone to create, manage and share their own collaboration space, without requesting special permission or requiring a portal.

Virtual organizations define and assign members' roles in the VO and are the authoritative source for these attributes. MyVOCS/MyVO provides an attribute aggregator service that is the VO's attribute authority for Shibboleth. This approach combines institutional identity management and VO specific attribute authorities and leverages Shibboleth to distribute member attributes to all collaboration tools, across institutional and administrative boundaries. VO attribute federations provide a consistent user experience to researchers based on their role in the virtual organization. MyVO is a virtual organization provider infrastructure that enables members of an identity federation to dynamically create virtual organizations. VO members establish collaboration specific attributes which are distributed via Shibboleth to all collaboration tools. This presentation reports on work done by NSF ANI-0330543 NMI Enabled Open Source Collaboration Tools for Virtual Organizations.

Whether you attempt to implement core middleware services, like identity management or trust networks, on a single campus, across a hierarchically organized state system, or in a loosely coupled consortium, you may struggle, in the first stage, between the Scylla of centralized "power grab" and the Charybdis of multiple "autonomous" implementations. Navigating a wise course is critical at this early stage of middleware implementation. To assist in this process, panel members, who participate together in the Extending the Reach portion of the NSF Middleware Initiative (NMI-ETR) have developed and continue to refine a lifecycle framework from which to understand and discuss the implementation of core middleware services.

The panel will present several case studies in the context of this lifecycle approach with particular emphasis given to:

• factors motivating the initial decision
• initial project goals
• strategies to gain buy-in and decrease resistance
• policy considerations and decisions
• problems encountered and related adjustments
• user satisfaction
• impact of environmental changes (e.g., new middleware releases) on implementation.

The Internet2/MACE efforts in the security / middleware area have resulted in an understanding of the business drivers, organizational processes, and functional technical specifications surrounding campus-level identity and access management. This session will present a view of this space and help attendees understand how the best practices, standards, schema, and tools can be integrated to implement the model that has emerged.

This session is the first of two parts. The companion presentation, "Using Signet and Grouper for Access Management" will illustrate how these specific tools can be integrated into a comprehensive campus identity and access management system. Sponsored by the NSF Middleware Initiative-EDIT Consortium of Internet2, EDUCAUSE, and SURA.

This session involves discussions related to middleware-enabling the mailing list application, focusing on the work of the MACE-MLIST Working Group since the last I2 member meeting. First, results from our survey of campus mailing list administrators will be presented; about half the respondents indicated that they are considering changing their current choice of mailing list software. Find out what functionality is most important to mailing list administrators and strengths and weaknesses of commonly used packages. Second, we will present a high-level review of candidate middleware integration points in the mailing list application. Last, Serge will lead a discussion about which new technologies may be useful for controlling spam into and out of mailing lists. Mailing list servers may be wrongly placed on ISP blacklists; what information might be required to prove that your mailing List server is not a spam machine? What technologies on the horizon may provide solutions for authentication of the mailing List service? MACE-MLIST, working with the open source Sympa development team, is interested in developing a reference document describing solutions to these problem; this discussion will serve as a kick-off towards that effort.

Instant Messaging and presence is becoming the watchword and underlying communications architecture of today's enterprise network. Whether IM came into the enterprise virally or through a decision by the IT manager, presence-based communications is now an important way people communicate. But, as IM becomes part of a larger communications strategy, how does the IT manager integrate it into a larger desktop multimedia communications architecture of voice, video, and data communications and collaboration?

In this session we will explore the architecture of Instant Messaging and presence and then discuss how it can be used as a tool for initiating ad hoc point-to-point or multipoint conferences. After that we will discuss related IT and network issues such as supporting other protocols, inviting in other non-IM video/voice end points, scheduling, scalability, deployment, and integration into third party directory services such as Microsoft Active Directory.

Signet and Grouper are tools that support distributed management of authority and authorization information and enable granular access control for integrated applications. This session will describe real access management scenarios and show attendees how these tools function as part of an integrated campus identity and access management system capable of meeting requirements as exemplified by these scenarios. This presentation is the second of two parts : the first one entitled "An Integrated Framework for Identity and Access Management" describes a framework for comprehensive campus identity and access management systems of which these tools are substantial parts.

Sponsored by the NSF Middleware Initiative-EDIT Consortium of Internet2, EDUCAUSE, and SURA.

A panel of people from very different environments who have each implemented H.350 at their respective institutions will present why they selected H.350, architectural decisions made during their deployment implementation, and what new advantages exist as a result of their deployments.

Jason Lynn's implement ion at a large research university includes both room and person listings and is integrated with the campus directory. Frank Reinemer was hired by a very large German corporation for an internal videoconferencing management solution. Kewin Stoeckigt has implemented H.350 for the German national research network and uses H.350 to solve the fire wall traversal problem . Larry Amiot has recently implemented H.350 for a SIP deployment. A basic familiarity with the H.350 LDAP schema is assumed.

For background information please refer to http://metric.it.uab.edu/vnet/.

California Polytechnic State University and the San Luis Obispo County Office of Education are working in collaboration on the integration of common technologies and infrastructure, to deliver on the promise of a rich and compelling, personalized educational experience in the classroom and at home for students and educators throughout California.

As part of a large-scale pilot, Cal Poly is working to demonstrate portability of existing content between portals, and the benefits of enabling transparency for users across centers of expertise, reaching a unified teaching and learning population of over one million users. Cal Poly is also employing a unique funding and collaborative model with select corporate agencies to help build the core infrastructure, and to establish friendly, easy-to-deploy, and cost-worthy technology bundles that may be added in a modular fashion in order to scale service and accessibility.

This session will describe the overall progress the NSF Middleware Initiative has made and highlight the ongoing development efforts and the emerging national and international federations.

This session is sponsored by NMI-EDIT Consortium of Internet2, EDUCAUSE, and SURA.

How are K-20 learning organizations using Internet2 to manage and deliver their high-quality educational resource collections? The panelists will present successful models and suggest best practices.

Museum Applications of Internet2
The Exploratorium will share experiences in developing media and exhibits for distribution over high performance networks. They will demonstrate and discuss their use of DVD-quality Webcasting, a multi-user music exhibit, and a microscope imaging station. They will also discuss other ways in which the Internet2 participation will enable the Exploratorium to enhance and expand its museum programs.

Internet2 and Informal Science: Connecting K-8 Classrooms with Real Science
The Franklin Institute Science Museum is investigating how informal science institutions can use Internet2 to connect K-8 classroom learning with the real science resources accessible within the Internet2 consortium. They will share the outcomes of the Institute's work with NASA's informal science education office to explore how informal science institutions can use Internet2 to connect K-6 classrooms with NASA's earth and space science education resources. They will also highlight the Institute's development of models for using Internet2 to provide support for teachers of science in grades six, seven, and eight.

Digital Asset Management: Solutions for Campus Collections
ResearchChannel uses the DigitalWell Digital Asset Management System (DAMS) to manage large, collaborative video collections. The same system is in use by other organizations to provide encoding services, simplify management and distribution of high quality dynamic media (audio/video), and provide a solid architecture that scales depending on individual needs. Members of the ResearchChannel and DigitalWell teams will describe the functionality and features of the DAMS content administration interface as it is currently being used by a variety of groups including UWTV, ResearchChannel, and KEXP Radio among others. They will also briefly describe the supporting infrastructure.

Discussion will focus on the growing interest in Federations, associations of enterprises that come together to exchange information about their users and resources to enable collaborations and transactions. Session will highlight the interactions with the Federal Government and International Research and Education Federations on both technology and policy issues and the efforts to address interfederation interoperability. There will also be an update on InCommon, the first U.S. Research and Education Federation.

ResearchChannel continues to experiment with interactive technologies. Quality and latency are the two areas that most impact the user experience and the value of interaction. ResearchChannel and the University of Washington have demonstrated High Definition Interactive technologies at bitrates up to 1.5gigabits. Come learn the details of the architecture, software development, and partnerships required to enable fabulous quality video approaching real time communication. Lessons learned from successful demonstrations at SC2004, PTC and JGNII will be discussed.

This session describes an initiative that has been underway for about two years as a partnership involving Internet2, Harvard Business School, and several other universities and technology companies. The purpose of the "Business Applications Group" is to accelerate the adoption of advanced networking applications in business. Inspiration for this effort arises from the observation by certain Internet pioneers that the elapsed time between the creation of the Internet (late 1968) and widespread adoption in business (late 1990s) seems unreasonably long. We aspire to shorten that cycle for the next generation Internet.

Learn about the latest developments in the ever-evolving, complex world of PKI for the Higher Education community including an update from the recent Research Workshop co-sponsored by NIH, NIST, and Internet2, details on the US Higher Education Root (USHER) and the Higher Education Bridge Certification Authority (HEBCA), two PKI initiatives designed to enable inter-institutional use of PKI, and information on the Federal Public Key Infrastructure, bridge to bridge issues and opportunities, and digitally-signed forms.

USHER and HEBCA each provide a specific set of benefits to Higher Education and this session seeks to detail what has been accomplished to date by each of these projects, and to outline future goals and development roadmaps. The following questions will be answered: 1) What services do HEBCA and USHER offer, and what are the differences between them? 2) Why is there a need for both and how do they complement each other? 3) What has each project accomplished so far? 4) What is planned for each initiative? 5) How do these two initiatives work together to maximize synergy? 6) Which initiative is right for your institution?

This presentation includes a live demonstration of PKI interoperability where an USHER-rooted end entity certificate will be used to sign an Education Department form that will be trusted via the HEBCA and its interaction with the Federal Bridge Certification Authority (FBCA).