[phpwiki]
!UPDATE: May 17, 2006
Two recent presentations have been given that provide an overview of myVocs and the scope of the technology and project. The first as at the [Spring 2006 Interent2 Member Meeting|http://grid.ncsa.uiuc.edu/presentations/i2mm-myvocs-gridshib-april06.ppt] in April and discussed our collaboration with the GridShib project and the second was given at the [TERENA 2006 conference in May|http://www.terena.nl/events/tnc2006/programme/presentations/show.php?pres_id=206]. This latter presentation is a good overview of the goals and architecture of myVocs. More updates to come.
!Back to Original Content
These instructions are provide a preliminary guide to understanding
myvocs: a collaboration environment. The steps describe a demo that
should help people get a sense of what this work is about and how it
enables the construction of collaboration spaces for virtual
organizations.
!Background
The main idea behind this demo is to show how a user can seamlessly access
a bunch of different tools that aren't directly aware of each others
existence but that each provide a useful resource to user as part of their
collaboration. The seamless experience comes from the fact that each tool
will recognize the user and the groups that they belong to and will be
able to make an appropriate authorization decision based on that
knowledge. The user will see attempts to use protected resources as
either allowed or denied but will only be prompted for their
identity credentials once during the interactive session.
This experience is intended to mimic the desktop user experience (or
traditional system environment) where the user logs in once at the start
of their session and then can access any available application and is not
further prompted for identity information. Each application (command
request) can properly determine if the user is allow to perform the action
or access the data based on what groups the user belongs to.
The main operational difference between this environment and the desktop
environment is that the user in myVocs typically begins as the anonymous
user and is only elevated to a specific identity as needed. That is, the
user isn't blocked from performing any actions except login when they are
anonymous, as is typical of the desktop experience.
Another difference occurs in the visual space. The web applications that
make up the collaboration space (system environment) are not built against
a common graphic/UI library as in the familar desktop. Therefore, visual
differences abound when crossing application boundaries. Elliminating
these differences is possible with disciplined use of layout and graphics
but is outside the scope of this demo and toolset.
Note: This demo is best performed in Firefox with the WebDeveloper
plugin installed
(https://addons.mozilla.org/extensions/moreinfo.php?id=60). This plugin
makes it easier to control the resetting of cookies without undu clicking.
Simply select "Miscellaneous --> Clear Session Cookies" from the toolbar
to reset the logged in state of applications. Any browser works well so
long as the cookies can be reset without much bother.
!Running the demo
We start the documentation here, because in the ideal case there would not
be any setting up that has to occur. Unfortunately, some tools still make
some incompatible assumptions about our systems expectations. This isn't
meant as a short coming of the tool since these tools were built for
tradiational stand-alone opperation. As we move forward with this
project, we'll correct the major issues and document ways in which
developers can prepare for deployment in middleware environments. Set
"Setting up the demo" below for some preperation steps.
* Open your browser to the myvocs start page:
http://myvocs.org
* Note the simplified, Google-esque UI. The goal is to elliminate
complexity and concentrate on the idea of combining distinct resources
into a common authn/z user experience.
* The form is designed to accept predefined commands and arguments that
carry out specific tasks. There is a short list of examples below the
form. It is based on the yubnub (http://yubnub.org) social command line
tool.
* The first command to execute is the "cms" command. This command expects
one argument, the name of a virtual organization to which you belong. (See
"Setting up the demo" below if you don't belong to a VO yet. If you are
not a member of the VO, you will simply see an authorization denied error.
Which is also an informative example, but might be better to save till
later.) This command launches the "cms" (content management system) tool
for the VO. As an example, you could type "cms collabtools".
* This first command should force you to authenticate. You'll see the
standard Shibboleth authn sequence. First you'll be asked to select your
identity provider (IdP) from a list of known providers. (If your
organization doesn't provide identity services, you can register for an
identity at http://openidp.org. See Setup below.) Select your IdP and then
enter your username/password as appropriate for your IdP.
* After successfull authentication, you should now see the cms tool loaded
in your browser and displaying the content for the virutal organization
you specified.
* The cms tool will allow you to make changes to content according to the
authorization priviledge you have for your virtual organization. By
default, VO members are only allow to post blogs in the CMS. There are
two other user groups, editor/modirator and owner, which have additional
priviledges.
* Open a new tab in your browser viewing http://myvocs.org.
* Now you can enter a second command, the "wiki" command. This command
also expects a VO name as a single argument. An example, "wiki
collabtools". This command will open the wiki tool with the specified
VO's wiki content loaded. All members of the VO are allowed to modify the
wiki content.
* Any number of commands can now be explored. You can give the "ls"
command to see what other commands have been defined or give the "create"
command to define a new one of your choosing.
* The goal of looking at these commands is to get a sense that actions can
be carried out directly, that authorization occurs transparently, and that
authentication needs to only happen once.
!Joining a VO
* There is a little bit of a chicken/egg problem. You don't see anything
but authorziaton denied errors unless you are part of VO. To solve
this, you can join a vo with the "join" command. This command expects one
argument, the name of a VO you want to join.
* But wait! Due to a application assumption in the VO core application,
you need to log into the VO core (Sympa) directly before you can execute
certain functions in that application. The "join" command is one of them.
Log into the vocore vi inqueue here: http://webapp.lab.ac.uab.edu/sympa
(please ignore the "WhoAreYou" authn provider option).
* After logging into the VO core, you can now join a vo by simply giving
the command "join
!Sending a message to fellow VO members and other points of interest
* The "post
By now we should probably have seen enough commands to get the sense
that actions can be carried out directly with sufficient ease. The next
part of the demo, is to explore how these actions can be recorded in a
browser to offer point-n-click command shortcuts.
All the commands defined so far have a predictable URL structure. This
let's us define bookmarks for commonly used commands. Then by displaying
the bookmarks as a sidebar tab, we can begin to see a model of command
selection emerge that is similar to the desktop experience, where the
tools/commands can be accessed via a menu heirarchy.
Since the authn/z is transparant the user simply moves from command to
command without being confronted with individual authentication requests
by each tool.
We can also image defining a list of popular commands or a command history
that is accessable via an RSS feed. This feed can be used as a bookmark
folder in Firefox and other tools offering a "live" command list or even a
central contolled/moderated list of popular commands. We can also readily
integrate these commands directly with the desktop.
!Referencing Data Across Application Boundaries
Another important feature that this demo only scratches the surface, is
the world of tagging data and the social networking. By tagging data and
having structured URLs by which to access the tagged data, we can relate
information across application boundaries. Combining this the web command
line, let's us quick relize browsable information stores customized to
our collaboration environment that naturally support authn/z rules of the
virtual organization. The "tec
you explore tagged data from http://technocrati.com and http://del.icio.us
! Setting up the demo
Random setup notes that need to be cleaned up.
* In a new tab, open the VOSP (Virtual Organization Service Provider):
http://webapp.lab.ac.uab.edu/sympa
* Log in to the Sympa mailing list tool be clicking the "Login" tab and
selecting "InQueue Federation" from the "Authentication Server" drop-down.
* Select your identity provider from the InQueue WAYF. (If you don't
belong to an organization with a working identity provider, register an
identity at The Open Identity Provider (http://openidp.org) first and
the select it as your identity provider at the WAYF.
Please feel free to add comments to the demo. There is more work to be
done.
