Internet2 Report
I was at the Internet2 conference in San Diego this week, presenting on the R&E view of the Federal Cyber Security Picture. While it wasn't clear that this was the right audience for this talk (note to program committee), the other talks I attended were excellent and a stark contrast to the somewhat gloomy federal picture.
In particular, it's inspiring to see the the cyberinfrastructure that is starting to appear for next generation science applications. At the keynote, a 9.8gig virtual circuit was deployed between Fermi and U. Wisconsin as the prototype for the LHC data flows. The virtual circuit crossed Internet2, ESnet, and the RON that serves U. Wisconsin. The technology underlying this was developed by the R&E networks (ESnet, I2, and I2 members) and the institutions themselves (Fermi, for instance, helped to develop the scheduler). This is a remarkable achievement and is a testament to the power of self-organization within the research community.
It also stands in stark contrast to Federal efforts to consolidate and separate federal networks from other networks. While this may or may not work well for traditional parts of the government, for the research community (DOE Labs, NASA, parts of NIH) it would be an unmitigated disaster. This is because the underlying assumption (that components of government agencies talk to each other and that this needs to be protected) is not the reality of science collaboration. The DOE labs talk to each other, but they mostly talk to external Universities and International Collaborators. And of course, when I say "talk" I mean at speeds and data flows that dwarf nearly all commercial and government data traffic in this country. (streaming video of keynote here)
Some of the proposals assume a world that would be equivalent to the UC campuses trusting each other completely across a regional optical network. This setup is bad for security and even worse for actual mission, because the underlying assumption - that we mostly talk to each other - is wrong. It's not just wrong because I say so either - ESnet is a net exporter of data: that is, more data flows between the labs and the R&E community then flows between the labs themselves.
Other useful stuff from the I2 meeting included discussions with Incommon, which Berkeley Lab is in the process of joining. Incommon is an R&E identity federation based on Shibboleth, which also forms the basis of the UCTrust federation. Incommon will eventually allow LBL researchers to authenticate to a variety of resources, perhaps most importantly, NIH Grant Administration tools. I am generally skeptical of arguments that "having multiple passwords" is a problem worth solving, but this one turns out to be a real issue with some very unique characteristics - it is a problem worth solving. It will take some time for us to modify some our IDM policies and practices to complete our federation, and this must be prioritized, but we are moving in that direction barring unforeseen technical problems. (Note to Fed readers: it's not that we are a government institution and need to interact with NIH, it's that we are a research institution that needs to interact with NIH - that is, the critical thing is that we are like any other grantee institution of NIH and need to interact with them as a University grantee does).
Labels: feds, incommon, internet2, limiting, nasa, nih, uc, uctrust
posted by IT Policy @ 8:19 AM
0 Comments
