Identity Management |  Directory Service  |  Authentication |  Authorization |  Digital IDs |  Systems

Conceptual Overview

"Middleware" is evolving software that enables many forms of collaborative computing required for research, education, clinical care and business processes. It allows two or more otherwise separate applications to securely access diverse resources across the Internet or local area networks via a robust set of advanced network services. It enhances personal communication and allows scientists, researchers, medical professionals and others to effectively share instruments, computing resources, laboratories, and data. It also greatly enhances the efficiency and effectiveness of business process both internal and external to the university. 

Middleware makes the sharing of resources transparent to end user(s). It provides consistency, security, privacy and other integrative capabilities.

The five core middleware services are

  • identifiers,
  • authentication
  • directory services
  • authorization
  • certificates and public-key infrastructure (e.g. digital IDs)

National Science Foundation (NSF) Middleware Initiative

In September 2001, the National Science Foundation (NSF) created the NSF Middleware Initiative (NMI).  This initiative consists of two teams:

Middleware In Action at UTHSC-H

Here are some examples of how middleware facilitates activities in cyberspace. 
  • Middleware services work seamlessly together to facilitate identity verification, ensure identity reconciliation and assign electronic identity credentials to students, faculty, staff and official guests. Identities and associated digital credentials are automatically managed such that only individuals officially affiliated with the university can be authenticated for possible access to restricted resources. Such resources include desktops, e-mail, Blackboard, Web servers, multiple secure databases, VPN access to the UTHSC-H network, etc.
  • Each person affiliated with the university has a single, virtual entry within the Integrated Directory Service. Associated with each entry are various attributes which characterize that person's affiliation(s) with UTHSC-H. These attributes are often dynamically defined and can be used to determine if an individual is authorized to be a participant in certain processes and/or is to be authorized to access specific restricted resources. For example, all first year medical students are automatically designated as being "memberof" the "MSI-Student" group. Members of this group receive e-mail addressed to the group and are authorized to use resources restricted to first year medical students.
  • Many restricted  resources at the university currently require only a person's UTHSC-H username/password or digital ID for access. The goal is to have only these two mechanisms provide authentication for all digital resource. This greatly increases security and reduces user frustration since users no longer will need to remember multiple usernames and passwords.
  • Digital IDs enable the use of digital signatures to electronically sign documents. This greatly reduces the costs associated with the handling and storage of paper documents and increases the security and privacy of business transactions conducted in cyberspace. A digital signature strongly authenticates the identity of a person signing a document, ensures that the document's content has not been changed and allows documents to be viewed only by the intended recipient(s).
  • The Integrated Directory Service can provide software applications with current information required to complete a task. For example, everyone at UTHSC-H must take HIPAA training and a record of that training must be retained. However, if an audit report is required at a particular instant to determine who currently at the university has completed the required training, the report should not include those individuals who have left the university. The Compliance Database Reporting application can obtain a list of all individuals currently affiliated with the university from the directory service and report on the compliance status of only those individuals. It can also retrieve the e-mail address of individuals who have not completed training and send them e-mail reminding them to take the required training.
Academic Technology