This project pursues the NMI integration of a set of collaboration tools to support virtual organizations with an emphasis on authentication and authorization functionality. Authentication and authorization subsystem functionality can be categorized as establishing identity, applying access control rules, and provisioning system specific accounts. The Shibboleth architecture supports federated administration of authentication and authorization, but it does not provide account provisioning. System-specific accounts are the vehicle for allocation and tracking of resources within the system. Allocation of these accounts is frequently accomplished manually today and the amount of work involved can serve as a barrier to collaboration; automated account provisioning makes it easier for virtual organizations to form.
This project has the following specific goals for NMI-enabled system integration:
(1)NMI-enable the web interface to an open source mailing list application to include modular authentication, graceful handling of attachments, and use of digital signatures without the "Invalid Signature" error;
(2)NMI-enable an open source Content Management System that incorporates the WebDAV protocol;
(3) Automatically provision NMI-authorized system accounts via portable POSIX user account objects in LDAP;
(4) Prototype an NMI-enabled user space file system for dynamic provisioning of files and resources based on user identity, regardless of user location;
(5) Form an Internet2 MACE-TOOLS Working Group to review the project and provide feedback for improvement using the pledged Internet2 organizational and administrative support for this activity;
(6) Disseminate information on "How to NMI-enable Applications and Systems;" and
(7) Provide Shibboleth services for members of virtual organizations selected for the NMI testbed activities to speed the adoption of NMI-enabled collaboration tools.
NMI and the contributions of this project to NMI are important in broader society. Collaborations across organizational boundaries occur even in small non-profit groups who form city or state-wide committees to address issues of common interest. These organizations would benefit tremendously by tying together their existing computer systems to share information with very little additional administrative overhead.
