SPIRE – LionShare in the UK - Version 2.0 – 31 January 2006
SPIRE
LionShare in the UK: ‘ technical and political pros and cons’ SPIRE – LionShare in the UK - Version 2.0 – 31 January 2006
2 SPIRE – LionShare in the UK - Version 2.0 – 31 January 2006
Contents
4. Peer-to-Peer: LionShare
4. What are the possible attractions of peer-to-peer working for the academic community?
5. Current use of peer-to-peer
5. Why do network administrators dislike the use of peer-to- peer systems?
6. How does LionShare attempt to counter network administrator’s fears?
6. Authentication 6. Technical 7. Political
8. Shibboleth
8. Reaching beyond the immediate academic community
10. Initiating an academic peer-to-peer community in the UK 10. Prong1: The ‘Early Adopter’ network 11. Prong2: Connecting to the Oxford System 13. Prong3: Shibboleth Connection
15. Links to Repositories
15. At time of writing what do you need to set-up LionShare?
16. General Feasibility
17. Appendix A: Narrative use cases for LionShare
3 SPIRE – LionShare in the UK - Version 2.0 – 31 January 2006
Peer-to-Peer: LionShare
This report assumes that you have a reasonable grasp of the peer-to-peer (P2P) concept. For a good description of P2P see: http://en.wikipedia.org/wiki/Peer2peer
The JISC funded SPIRE project is researching the feasibility of peer-to- peer (P2P) working across UK HE and FE institutions. SPIRE has chosen to work with the LionShare1 system being developed by Penn State University specifically for academic peer-to-peer working. The LionShare site describes LionShare as follows:
“The LionShare P2P project is an effort to facilitate legitimate file- sharing among individuals and educational institutions around the world. By using Peer to Peer technology and incorporating features such as authentication, directory servers, and owner controlled sharing of files, LionShare promises secure file-sharing capabilities for the easy exchange of image collections, video archives, large data collections, and other types of academic information. In addition to authenticated file-sharing capabilities, LionShare will also provide users with resources for organizing, storing, and retrieving digital files.”
This report outlines the pros and cons of using the LionShare P2P system in an academic environment at both practical and technical levels.
What are the possible attractions of peer-to-peer working for the academic community?
The introduction of P2P working in academic communities would provide a useful semi-formal method of sharing and collaborating which is more organised than simply e-mailing materials and less rigid than using a traditional repository. The other advantage is that the user can decide on the level of access to materials, releasing them to the whole P2P network, peer/research groups or to specific individuals. This gives the user choice and could lead to academics or students sharing more freely. For example, an academic may be happy to share a paper that is in draft form with a chosen research or special interest group. This could elicit useful feedback in a less formal manner then during a normal peer review. Another example would be a student who has numerous pictures of artefacts which are yet to be officially identified and registered in a formal taxonomy for that discipline. The student in question could release the images to an appropriate community which would lead to them being properly discussed and identified2. Of course, at this early stage of the project these scenarios are merely speculation. To gain some perspective, it is useful to note what P2P systems are currently being used for.
1 http://lionshare.its.psu.edu/main/ 2 See Appendix A for a collection of detailed narrative use cases.
4 SPIRE – LionShare in the UK - Version 2.0 – 31 January 2006
Current use of peer-to-peer
Within UK HE and FE institutions the answer to this question can only be guessed at as P2P systems are officially banned from the University of Oxford network, and thus the project team have not been able to fully investigate the extent of usage. However, students do use P2P systems such as Skype and Kazaa illegally and the University regularly receives ‘Cease and Desist’ notices from major copyright holders. In addition to this, unusual traffic levels on the network are sometimes tracked down to P2P usage. In the public sphere, P2P, is traditionally known as a method of illegally sharing media files. There is a possibility that groups of students are using P2P systems to help with group projects and other collaborative work legitimately but there is no way of finding this out.
The overall point is that the perceived (and often actual) frivolous and illegal use of P2P systems does not necessarily preclude the constructive use of the principle in a more controlled manner. The use of informal collaborative tools such as Wikis, Blogs and P2P systems by FE and HE institutions is potentially fruitful. However, this raises the cultural problem of whether the formal requirements an institution places on such software (security, authentication etc.) negate the informal method of working inherent in these new forms of collaboration.
Why do network administrators dislike the use of peer-to-peer systems?
There are two main reasons why network adminstrators are cautious of P2P systems; the first is the simple fact that the systems are usually anonymous and users can’t be tracked of identified. The second is that the peer networks tend to route traffic via the network sectors that have the largest bandwidth. JANET, the UK’s academic and research network has significant bandwidth and therefore peer clients installed within HE and FE institutions will quickly consume a disproportionate amount of network capacity. This situation in conjunction with the suspicion that peer systems are not being used for academic work makes them extremely unpopular with network administrators.3
3 http://www.ict.ox.ac.uk/oxford/rules/p2p.xml has a comprehensive list of peer-to-peer related concerns: It can result in a machine sharing resources without the knowledge or control of its owner. For example, the Skype Voice-over-IP package can turn a machine into an 'exchange' for routing calls between other Skype users. It can make very intense use of a network's bandwidth to the detriment of other users. It can be used to illegally distribute copies of software, music, video etc. possibly without the knowledge of the machine's owner. This could result in legal action by copyright owners, together with bad publicity for the University. It can significantly increase the vulnerability of a machine to external attack, for example to allow a hacker to gain access to confidential data, or to plant malicious programs. P2P software can itself have malicious 'spyware' embedded that bypasses a system's normal security. Machines running P2P software can be used as a base for external attackers to get a foothold inside a network to exploit other vulnerable machines within the network.
5 SPIRE – LionShare in the UK - Version 2.0 – 31 January 2006
How does LionShare attempt to counter network administrator’s fears?
A LionShare user has to be authenticated with the institution’s core security systems. This means that users can’t share anonymously and that activity can be tracked if it appears suspicious (usually indicated by a sudden increase in traffic through an individual’s computer). In addition to this the Gnutella protocol used by LionShare has been labelled so that administrators can lock out un-sanctioned P2P traffic without loosing LionShare.
Authentication
The feasibility of LionShare in the UK is almost entirely decided by the method and implementation of the authentication system used. This issues needs to be clearly separated into technical and political (policy) aspects:
Technical
LionShare is very restrictive about the authentication systems it can work with. At the time of writing, the full functionality of LionShare can only be used at institutions that have a Kerberos realm / Active Directory and a Shibboleth environment. Kerberos provides network security and Shibboleth the ability to restrict access to files to user designated groups. Both security and the flexibility to move across institutions’ networks are crucial for LionShare as the peer network needs to extend beyond a single institution to be effective.
At this point, we need to be clear about the distinction between sharing files and restricting access to files. The LionShare system uses a bespoke SALS-CA server to provide network certificates for the client. This server interacts with the institution’s security (Kerberos) and directory service (Active Directory/LDAP). It is envisaged that every institution using LionShare would have its own SASL-CA. Every LionShare client has a list of SASL-CA generated root certificates that it trusts. Users can then search the peers of the institutions which run the SASL-CAs in this list. In effect, the ability to see and download shared files is not dependant on Shibboleth at all. For example, the ‘Early Adopter’ version of the LionShare network that we have set up at Oxford could immediately see and retrieve files from Penn State University because our Oxford version of the LionShare client trusts the root certificate generated by the Penn State SASL-CA.
Tying LionShare into a Shibboleth federation allows users to restrict access to files. The access can be restricted in some detail between other members of the federation. This is crucial as it is the main benefit in using
6 SPIRE – LionShare in the UK - Version 2.0 – 31 January 2006
LionShare over and above illegally using a standard P2P system. For this to really work a number of things need to be in place:
1. A national level group management service (similar to the JISC-Mail system). Groups created and managed at this level could be applied to LionShare files. If collaboration using Shibboleth is to take off then this service could be used by a wide variety of systems. 2. The wide adoption of Shibboleth in the UK. 3. A system to allow users who are not members of a federation institution to join a LionShare network and become part of a group.
Political
The University of Oxford has a simple regulation relating to the use of ‘technology facilities’:
(6) (a) No computer connected to the University network may be used to give any person who is not a member or employee of the University or its colleges access to any network services outside the department or college where that computer is situated.
This immediately negates the use of P2P networks which extend beyond the University. The next section of the regulation does allow for some exceptions to be made.
(b) Certain exceptions may be made, for example, for members of other UK universities, official visitors to a department or college, or those paying a licence fee.
The University of Oxford has also recently posted a network usage note specifically relating to peer-to-peer which includes the following:
…the unauthorised use of P2P software on machines connected to the Oxford University Network is prohibited. Anyone running P2P software may be liable to disciplinary action. If you are in doubt whether a particular item of software uses P2P technology, please contact your local IT staff for advice before you install the software.
This rule allows some flexibility as it goes on to say:
Exemptions allowing the use of specific P2P applications may be considered if these can be shown to be crucial to some academic or research related activity…
The SPIRE project has liaised with Oxford University Computing Services to get LionShare officially accepted as an exemption, mainly on the basis that it authenticates users. This means that we can use LionShare within the Department for Continuing Education at the University but does not necessarily mean that we could interact with a LionShare system at another university.
7 SPIRE – LionShare in the UK - Version 2.0 – 31 January 2006
Shibboleth
The feasibility of the LionShare peer-to-peer system rests on three main issues:
1. Do enough institutions in the UK have the required technical infrastructure and support to run the rigorous authentication and authorisation systems for LionShare? 2. Will the policy makers, IT and legal services in institutions be flexible enough to allow authenticated P2P use across institutions? 3. Will the LionShare software mature into a project which is well documented enough for a normal developer/IT person to install.
If we imagine a scenario whereby many UK HEI’s have Shibboleth and share services amongst themselves then the IT regulations for Oxford will have to allow members of officially recognised Shibboleth-based federations to use the network within Oxford. This would then allow LionShare to be used across a large field of students and academics and would account for the distributed research group scenario as outlined in narrative use case 1 in Appendix A.
The management of the federation will be done using existing licences and other policies where possible. Arranging new licensing and usage policies between large institutions could be challenging.
There are a number of methods that allow users who are outside a Shibboleth federation or are not members of an HEI to engage with federation services (see ‘Reaching beyond the immediate academic community’ below).
Reaching beyond the immediate academic community
Once LionShare is working within and across academic institutions in the UK the next step will be to widen the peer network beyond universities and colleges. A LionShare network would ultimately need the ability to include users from outside a Shibboleth federation, especially where consultants or contracted staff are not members of a University involved in research projects. The LionShare team is considering this. One possible model comes from the Swiss Education & Research Network’s initiations of ‘Virtual Home Organisations’ (VHOs)4 which is being looked into by the JISC-funded Middleware Take-Up (MATU) service. These give the owner of a resource or service in an institution the ability to create profiles for users outside that institution or federation for the resource they own. The profiles created authenticate with the central authentication system of that institution but only give the external user the right to use that specific resource.
4 http://www.switch.ch/aai/vho.html
8 SPIRE – LionShare in the UK - Version 2.0 – 31 January 2006
VHO Service Interactions from: http://www.switch.ch/aai/docs/AAI_VHO_Policy.pdf
This has many advantages, not least of which that the resource owner becomes directly responsible for the users of that resource, so in the event of a problem there is a clear line of enquiry. Another advantage to this method of authenticating is that small organisations that do not have the staff or time to set-up the necessary security infrastructure could ‘piggy-back’ onto useful service networks via the equivalent of a VHO.
The challenges faced in managing ‘non-standard’ users are complex but should not be ignored. Here at Technology-Assisted Lifelong Learning at the University of Oxford, we face the problem that many of the students on our online, distant, and non-accredited courses are not entitled to become a ‘member’ of the University. This means that they don’t receive a University card with a University number on it. This in turn means that they can’t access useful services online, such as the library system.
The VHO approach will counter one of the risks of having a strict single sign-on environment. Groups at the fringes of the institution that can’t engage with the central security systems will be tempted to instate small scale, parallel systems thus eroding the advantages of the centralised system. The compromise of the VHO concept could offer a practical solution, which gives greater flexibility but still allows network administrators to retain an acceptable level of control.
Initiating an academic peer-to-peer community in the UK
9 SPIRE – LionShare in the UK - Version 2.0 – 31 January 2006
The SPIRE project aims to create an early adopter community of authenticated peer-to-peer users in the UK. To do this we are setting up a LionShare system that we hope to make available to interested parties in UK HEI’s. This process is being undertaken in three prongs:
Prong1: The ‘Early Adopter’ network (in place)
The LionShare software is currently still in beta version, and as such installation of the software for the SPIRE project has become a form of quality control for the LionShare project. As the SPIRE team attempted to set-up LionShare we discovered difficulties with the software and omissions in the documentation which only a third party tends to find. The SPIRE project is also providing perspective on the functionality and feasibility of the LionShare system. We hope that by engaging with development early in its lifecycle, the SPIRE team will be able to influence future developments of LionShare. The narrative use cases in Appendix A have already been used as a reference for development.
The Early Adopter network has to allow users from all over the UK to logon and start to experiment with LionShare. To do this we had to install an authentication system in parallel to the one used at the University of Oxford. This is because non-members of the University of Oxford are not allowed a profile on the University’s directory service.
Oxford University Institutional Boundary
Active Directory
Kerberos
Peer
SASL-CA
We chose to use the Microsoft Active Directory system as this was the simplest for us to install and because it contains Kerberos within it, thus combining the network security and directory service in one box.
This Early Adopter system is now up and running. Apply to [email protected] for a profile.
10 SPIRE – LionShare in the UK - Version 2.0 – 31 January 2006
Prong 1 summary:
Set-up:
. Based on an Active Directory Realm rather than the separate Kerberos/LDAP system in the University.
Elements:
. AD realm running on windows server 2003 . A SASL-CA server running on Linux (SUSI) to provide certificates for LionShare . A specific build of the LionShare client to connect to AD and to include the early adopter SASL-CA.
Challenges:
. First install of Active Directory based LionShare outside of Penn State . Version of Kerberos in SUSI was Swedish not the one from MIT . Key tabs were easy to control because it was our Active Directory but his could be a challenge if the domain is controlled by another group . SASL-CA server was set-up by Derek Morr (the original developer), we don’t know of any SASL-CA that hasn’t been installed by the original developer although now we have example config files etc. it might be possible for us in the future.
Proves:
. This prong allows SPIRE to encourage an early adopter community for LionShare to see how people react to/use the software. . That LionShare can work with AD which makes it more feasible for smaller institutions. Especially those that work with windows-based authentication already.
Omits: . The ability for the user to create access permissions to shared files which is only available with Shibboleth. . The tie-in of LionShare to the core of an HE institution.
Prong2: Connecting to the Oxford System (in place)
The University of Oxford already uses the Kerberos network security protocol that LionShare requires, allowing us to ‘tap-into’ the central system.
The setup above tests LionShare in principle but does not allow users from outside the University to get to the peer network. Currently we only have
11 SPIRE – LionShare in the UK - Version 2.0 – 31 January 2006 the official go ahead from network administration to install and use LionShare within our department as part of a test for the SPIRE project so the above setup suffices.
Oxford University Institutional Boundary
Oxford University LDAP
Kerberos
Peer
SASL-CA
This setup is currently running.
Prong 2 summary:
Elements:
. SASL-CA on Linux for Oxford . A specific build of LionShare to talk to the Oxford SASL-CA . A connection to the Oxford LDAP via Kerberos.
Challenges:
. Getting permission to connect to the LDAP . Getting the right key tab information . General communication with OUCS . Kerberos version (Swiss not American)
Proves:
. That LionShare can tie into the core of an HE institution’s systems. Can use the single sign-on of the University.
Omits:
. Shibboleth: because Oxford does not have Shibboleth running at this level yet this means that access controls will not work. Does not allow non-Oxford members to logon.
Prong3: Shibboleth Connection (In Progress)
12 SPIRE – LionShare in the UK - Version 2.0 – 31 January 2006
The University of Oxford is a Shibboleth Early adopter via the JISC-funded SPIE (Shibboleth-aware Portals and Information Environments) project. However, it is simpler for the SPIRE project to become a separate IdP and to connect to the EDINA-run ‘SDSS’ test federation. SPIRE has contacted this federation who are happy to have us onboard as members although we have not installed Shibboleth 1.3 yet.
This prong will test the access permissions system that can be used in LionShare if it is part of a Shibboleth federation.
Authentication+ Sharing Oxford University Institutional Boundary Access Control
Active Directory
SDSS Shibboleth Federation Shib IdP Kerberos
Trusted Institution Peer
SASL-CA Peer Shib IdP
Prong 3 summary:
Set-up:
. Possibly another SASL-CA server needed . Send info to Edina SDSS test Shibboleth realm to become an IdP . Easier to be our own IdP than to work with the SPIE project which is also connected to ‘SDSS’ in from Oxford. . Install Shibboleth 1.3. . Need new build of LionShare for this.
Challenges:
. Having to do this without any UK-based LionShare expertise
Proves:
. That LionShare can work with Shibboleth and gives us an opportunity to test the access control options.
Omits:
. Everyone outside the SDSS realm.
13 SPIRE – LionShare in the UK - Version 2.0 – 31 January 2006
Three Prongs Summary
If the SPIRE project can successfully install and work with the three prongs above then it will have proved that LionShare, and therefore academic P2P working, is feasible at a technical level. In effect, SPIRE will have shown that the software works. The three prongs are necessary as the Shibboleth infrastructure in the UK is not mature enough to allow for an early adopter community within Shibboleth at this point in time. If Shibboleth is successfully rolled out, and if it allows (politically) for something akin to the Virtual Home Organisation mentioned above then LionShare will be able to function fully both technically and politically. The cultural take-up of P2P in this form is another matter and will be explored over the remainder of the SPIRE project via the early adopter community.
Links to Repositories
In addition to the peer network LionShare can also search over repositories using either ECL5 or the DR OSID6. We hope to connect to one of the Robert Talbot7 repositories in the JISC-funded WMShare project using the OSID method.
At time of writing what do you need to set-up LionShare?
Currently, any institution wising to set-up LionShare for their members will need the following.
Direct help from Derek Morr and Alex Valentine of the LionShare project team: The setup of the current version of the LionShare P2P system is complex and the software is still in beta. This means that some guidance from the LionShare team is likely to be required.
Blessing from the centre of the institution: Because P2P is seen as a controversial technology the plan for plugging in LionShare has to become part of the institutions ICT strategy. In this way getting a P2P system up and running can be officially requested of the core IT staff.
Buy in from network administrators: In a larger institution the network administrators have the real, practical control over what can use the central security systems and directory services. P2P systems go against the standard network usage and security philosophy, and as such, network administrators are unlikely to be keen to open systems up to P2P unless that have the official go ahead.
5 Educational Communication Layer (ECL). An XML based standard for federated searching. 6 Open Service Interface Definition (OSIS) see: http://prdownloads.sourceforge.net/okiproject/OSID_Repository_rel_2_0.pdf?download for full specification. 7 Robert Talbot repository written by Robert Talbot of City College Coventry
14 SPIRE – LionShare in the UK - Version 2.0 – 31 January 2006
Knowledge of Linux: Most institutions will have a member of IT staff who knows Linux. This is necessary for the set-up of LionShare. This member of staff could be very busy or tricky to identify. Again, the drive to install LionShare has to come from above, through the IT staff’s line managers.
A network security expert: The security aspects of LionShare, especially related to the provision of certificates and key tabs requires the skills of a security expert. This individual needs to be trusted by the network administrators (if he/she is not one already). Our experience of linking LionShare into Oxford’s central systems was that we needed a member of the team who could talk in the right terms to the network administrators. My personal attempts to secure access to the Universitiy’s LDAP were (rightly) viewed with suspicion because I could not accurately describe my requirements.
An appropriate Shibboleth federation: If you require access control on shared files then an appropriate Shibboleth federation is essential. This aspect of LionShare is still relatively impractical as Shibboleth is still rolling out.
General Feasibility
Currently running the full functionality of LionShare, with access controls on files, is infeasible as it requires Shibboleth. Getting a version running which creates a peer network and can search over repositories is more feasible as this utilises technologies which are currently in place at many institutions. However, this would still require some input from the LionShare team as the beta state of the software continues to shift and adapt.
As outlined in the section above, the most important factors relating to feasibility are political and managerial. As with all technology projects which aim to encourage cross institutional collaboration the technical challenges are less complex to solve than the political ones. Making a clear distinction between institutional hurdles and technical requirements is key to getting this type of system adopted.
15 SPIRE – LionShare in the UK - Version 2.0 – 31 January 2006
Appendix A
Narrative use cases for LionShare
Here are four possible use cases for LionShare in the UK. Cases 1, 3 and 4 are feasible with the current version of LionShare while case 2 would require additional software engineering.
1. Cross Institutional Project
Dr Davies is part of a team of archaeologists who have won a grant to investigate further a well know site. The project team has members spread across a number of HEIs in the UK. The project will generate a large amount of digital images which will have to be assessed and discussed by the whole team, some of which will not be able to attend the dig for very long.
Dr Davies ensures that all members of the project team are using LionShare. She collects the LionShare usernames from the team members and uses this list to create a permissions policy in LionShare. She then places image files from the dig into a LionShare shared folder and writes appropriate descriptive metadata. She then applies the permissions policy to the folder that she created to ensure that only members of her project team can see the images on the peer-to-peer network. Crucial images that need to be accessible even when Dr Davies’ computer is switched off are sent to the peer server at her institution which remains on 24-7.
Members of the project team in Dr Davies’ University and in partner universities logon to LionShare and search using key terms for images relating to the project. They can download the relevant images into their own shared folders for closer scrutiny. Dr Davis creates a chat room using LionShare to facilitate discussion relating to the dig images. Each day, new images become available for viewing as the dig continues. Academics in the team widen the permissions on certain images to other groups, such as tutor groups and related projects/departments. As the project progresses significant images are officially categorised and moved into a formal repository for archaeology. This repository can also be searched by LionShare, allowing the team members to track the progress of images through from initial informal discussion to final archiving.
2. Courseware Authoring
Ian has been asked to write a Learning Design for part of an engineering course. He is working with Sarah, another author who is located at a different University within the UK. Ian starts by looking for relevant copyright free images and media using LionShare. He gathers this media into his shared folder and makes it available to Sarah. They discuss the media over the phone and using the LionShare chat facility. They start a specification document which is placed on Ian’s institution’s LionShare peer server. This allows both Ian and Sarah to make updates.
16 SPIRE – LionShare in the UK - Version 2.0 – 31 January 2006
Once the general planning and media have been decided on, Ian uses a Learning Design editor which is connected to LionShare to design an IMS Learning Design. The link with LionShare makes it easy for Ian to gather media that they agreed on into the Learning Design. Ian also uses the link into LionShare to search for relevant IMS Content Packages which could be included in the larger design.
Once the first draft of the IMS Learning Design is created, Ian places it in his shared folder and makes it available for his faculty to download. Ian receives feedback and updates the design.
3. Research Student
An anthropology student wishes to include a number of images in his report but does not want to infringe copyright. He searches LionShare, using relevant keywords and finds a set of images that are marked as copyright free or available for use under a Creative Commons licence.
4. Materials Science Academic
An academic is conducting crystallographic research which produces a large number of detailed images. He uses LionShare to organise and mark-up these images. He can then use LionShare to search through his own materials as well as other relevant sources.
These images are of use to the wider materials science community, so he attaches a very open permission policy to the folder that contains the images. This material can then be found by anyone with a LionShare client in a university that is ‘trusted’ by his institution.
17