Basic Overview of Middleware

The term middleware is defined by one's point of view. Many interesting categorizations exist (see for a good discussion), all centered around sets of tools and data that help applications use networked resources and services. Some tools, such as authentication and directories, are in all categorizations. Other services, such as coscheduling of networked resources, secure multicast, object brokering and messaging, are the major middleware interests of particular communities, such as scientific researchers and business systems vendors. One definition that reflects this breadth of meaning is "Middleware is the intersection of the stuff that network engineers don't want to do with the stuff that applications developers don't want to do."

Middleware has emerged as a critical second level of an enterprise IT infrastructure, sitting on top of the network level. The need for middleware stems from the increasing growth in the number of applications, in the customizations within those applications and the number of locations in our environments; these and other factors now require that a set of core data and services be moved from their multiple instances into a centralized institutional offering. This central provision of service eases application development, increases robustness, assists data management, and provides overall operating efficiencies.

Interoperable middleware between organizations is a particular need of higher education. Researchers need to have their local middleware work with that operated by national scientific resources such as supercomputing centers, scholarly databases, and federal scientific facilities and labs. Many of the advanced applications that will transform instructional processes depend on middleware to function. That higher education is fractal in structure create markets that need interoperable standards and products.


A rough taxonomy of the components of middleware can be drawn. At the center is a set of core functionalities that seem to be required by the rest of middleware services. Those functionalities include identifiers, authentication, directory services and authorization services. The challenges in providing these services are as much political as they are technical; many of the hardest issues involve the ownership and management of data in the complex world of higher education.

Identifiers - a character string that connects a real-world subject to a set of computerized data. Identifiers were simple when each person had exactly one. Now identifiers apply beyond people to objects such as printers and applications and to groups of subjects, and typically a real world subject will have several identifiers. Thus the relationships among a subject's identifiers, and the policies associated with the assignment of identifiers become important issues.

Authentication - Given the breadth of interactions that are now computer-assisted, establishing that a particular request is associated with a specific real-world subject becomes critical. The traditional approach of login and clear text password is far too insecure and inflexible for the variety of ways that clients need to authenticate to servers.

Directory services - Much of the information about real-world subjects needs to be contained in a general-purpose, high-performance server that can respond to application requests for information. There are substantial technical and political issues in the development and operation of a directory service. Technically, determination of the elements of the directory (the schema), the ways of addressing the elements (the namespace), and operational issues such as replication and partitioning need to be addressed. Applications must be reengineered to use the directory. Policy issues include ownership of data, feeds into and out of the directory, and setting permissions to read and write data.

Authorization services - An important subset of the information about a real world subject is what it is permitted to do. Authorization can range from allowing access to refined controls of a remote electron microscope to permissions to place purchase orders below a specified level on an institutional account. Defining these rules, including means to delegate or reassign authority on a temporary basis, as well as delivering this information to applications, are some of the challenges in this newly emergent area.

At the boundary of the network layer lie a number of services that may well be classified as "middleware-based networking" or "networking-oriented middleware". Such services include:

Secure multicast - the ability to extend fledging multicast efforts to permit, at the network layer, secure access to join a multicast session.

Bandwidth brokering - a service that securely allocates QoS to various applications and users within an institution or organization.

Typically, these services require, in turn, core middleware such as identifiers, authentication and directories to operate.

Above the core middleware services are a number of burgeoning sectors of application-oriented middleware. A rough grouping of such middleware would include:

Services for ubiquitous computing - Higher education needs a variety of open protocols and implementations that allow students to access their bookmarks and aliases from any location, as well as institutional and multiorganizational file systems to enable sharing and support collaboration tools.

Support for research computing - Efforts are underway to transform scattered national computational resources into a coherent grid, providing researchers consistent access across a variety of architectures, permitting coscheduling of resources, coupling data, networking and computing together.

Support for administrative computing - The new generations of business systems have loosely coupled components that depend on a common applications infrastructure, which provides services such as object brokering for component requests, message handling between components, and monitoring of transactions.

Again, these services depend on core middleware components to operate. In turn, as these areas continue to evolve rapidly over the next few years, new utilities may be developed within the core to support them.