Background and Purpose of the Project
SWITCH implemented together with its partners, the institutions of the Swiss higher education sector, the authentication and authorization infrastructure (SWITCHaai), which gives its users access to web-based resources across institutions.
From the user's point of view the main advantages of this infrastructure are:
- The user can access with the same username and password various internet services.
- The user gain access to the services of his own institution as well as services of other institutions. Thus synergies between institutions are being realized.
- The user needs to authenticate himself only once after each start of his browser.
From the point of view of the organization the main advantage of SWITCHaai is the uniform way how the user is being authenticated and authorized, which decreases the administrative burden of the services maintained by the IT services.
As of now (fall 2007) 75% of the members of the Swiss higher education sector have an AAI account. This comprises all cantonal universities, both ETHs as well as a large fraction of the Universities of Applied Science. There are about 180 resources that are accessible through AAI.
The figure below shows the growth of this infrastructure over the last three years. The cooperation project of the Swiss University Conference (SUC) "AAI 2004-2007" was key in the roll-out of SWITCHaai. It is planned the the remaining Universities of Applied Science will also introduce SWITCHaai by the end of March 2008.
SWITCHaai is a prime example how synergies between the organizations of the Swiss tertiary education sector can be realized through the use of a common infrastructure. In this sense it can be considered as part of a national "e-Infrastructure for e-Science".
"AAA/SWITCH - e-Infrastructure for e-Science"
The main goal of the project "AAA/SWITCH - e-Infrastructure for e-Science" is to continue on the success of the project "AAI 2004-2007" and implement further key components of a national e-Infrastructure through a series of projects between the Swiss universities and SWITCH. The projects should be selected based on the criterias of innovation, coooperation and sustainability.
It was decided to pursue projects in the following four domains:
- AAA - Extending AAI with Auditing, Accounting and Assurance Levels
- Support for virtual organizations (VO)
- Grid middleware
In the following we describe these four domains and explain the potential value created through these series of projects.
AAA - Extending AAI with Auditing, Accounting and Assurance Levels
The projects from this domain aim to extend the existing AAI with the "third A", i.e.
- Auditing: The AAI currently does not support any auditing functionality. However, auditing to the AAI is highly desirable as it allows to systematically track the transactions in the AAI, monitor its (inter-institutional) use and obtain statistical measures.
- Accounting: Extensions in the area of general accounting of services, e.g. ECTS, services between universities etc.
- Assurance Levels: Assurance levels express information on the quality of the AAI account as well as the strength of the authentication of the user. For example, a guest account has a lower assurance level than an account of an employee which authenticates himself with an X.509 certificate. The projects in this domain shall evaluate the need and use of assurance levels as introduce them on an as needed basis.
Support for Virtual Organizations
A key measure of the so-called Bologna reform is the promotion of the mobility of the users of the academic system in Europe. Besides physical mobility (e.g. attending lectures outside their own university) virtual mobility is getting more and more important. It involves collaboration across institutional boundaries without physically moving between places. SWITCHaai enables virtual mobility as described in the background section above.
Many project teams comprise members from different institutions. These teams can be very small (with a minimum of two members) or very big (thousands of members) and may have lifetimes of a few days or many years. Such teams are called "virtual organizations" (VO) - in contrast to the real organizations. Common to all virtual organizations is the fact that the IT services offered by the real organizations only partially address the needs of virtual organizations. The reasons are manyfold: incompatibilities between IT infrastructures of different institutions, non-existent access mechanisms to data maintained by a given institution as well as lack of services for the management of virtual organizations (e.g. user management).
Commercial products can not really address the needs of virtual organizations, as these products can only be poorly integrated into the existing IT infrastructures at the real organizations. Individual products tend to support only inadequate functionalities and are thus very resource intensive to maintain.
The goal of the projects in this domain is to create simple, dynamical configurable portals with the aim to unify existing applications of the real organizations as well as commercially available products and create new applications on an as needed basis.
The figure below shows the vision of an "e-Academia framework" with the following layers:
- Users: Members of real and virtual organizations
- Applications: for communication, collaboration, e-Learning and other areas
- Middleware: Authentication, security, directory services (one middleware component is the above mentioned AAI)
- Infrastructure: an intelligent and transparent network between components
Also shown are support components such as servers, databases and repositories. Support including a dedicated hotline as well as training of users is important.
Grid computing aims to offer resources (CPU, storage, sensors etc) to users across administrative domains whereas the user is not aware where the physical resources are located. The users of the Grid are organized as virtual organizations (see section above) in a national as well as international context.
This concept attracted significant interest since the mid-nineties, in the academic as well as commercial sector. E.g. it is planned to analyze the data generated by the new large hadron collider (LHC) at the European Center for Nuclear Research (CERN) in Geneva through the use of grid computing. The European Union is also heavily promoting grid technology within their framework programs (currently FP7).
In Switzerland Grid technology has not yet found wide applicability outside CERN with the notable exception of the Swiss Bio Grid and the high energy physics community. SWITCH is currently participating on the world's largest grid infrastructure EGEE (Enabling Grids for E-scienE), where it is working on the interoperabilty of AAI and grids.
The common goal of the projects in this domain is to promote and advance a stable and secure Grid infrastructure in Switzerland. The authentication shall be based on AAI and virtual organization shall properly be supported by exploiting synergies with projects of the AAA and VO domain.
The main advantages for the user of the Grid infrastructure are:
- transparent access to computing power and storage
- improved usage of computing resources
- access to computing architectures not supported by his own institution but by another member institution of the grid
- uniform view of the Grid (use of AAI account)
- stable and secure Grid infrastructure
Today, e-Learning has a wider meaning than just supporting learning with the use of learning management system (LMS). In fact, all means of communication and cooperation belong to the spectrum of e-Learning. The figure below shows the possible interaction of the main tools and applications with a relation to e-Learning.
The main challenge in this area lies in the definition of open interfaces and standards such that standard applications can be integrated into the e-Academia framework (see also section on virtual organizations above).
All components of e-Academia require access to data stored in databases and repositories in many different formats (simple text files, publications, video). One example of federated data management is the "learning object repository" (LOR) initiated by SWITCH (see figure below). It supports simple and transparent storage of reusable learning objects which may be simple pictures and/or text as well as highly complex learning modules. Access rights are implemented with AAI and metadata can be manipulated easily with simple mouse clicks. An important feature of the LOR is its federated architecture: Every institution can operate its own LOR, which is linked through a common interface to a central repository, where the metadata is stored and search engines are supported.
The following challenges have to be addressed by the projects within the e-Learning domain:
- Technical issues: conversion of different data formats, common protocols and interfaces, compatibilities with existing national and international repositories
- Legal framework (copyright and licenses)
- Common extensible data model
- Quality assurance