Open Menu Close Menu

Evolutionary in Technology, Revolutionary in Impact

Network innovator Ken Klingenstein weighs in on the internet then, now, and tomorrow.

Ken Klingenstein

Internet2 Director of Middleware and Security Klingenstein: 'One of our consistent shortcomings has been to underestimate the success and the impact we were going to have.'

Ken Klingenstein has led national networking initiatives for the past 25 years. He served as director of computing and network services at the University of Colorado at Boulder from 1985-1999, and today, Klingenstein is director of middleware and security for Internet2. Truth is, this networking innovator has participated in the development of the internet from its inception, and admits he's had one of the best seats from which to watch the evolution of network infrastructure and applications. Here, Klingenstein shares his experience and identifies new trends that higher education IT leadership needs to be ready for.

What are the major changes or consistencies you've seen in the development of networking, over time? A significant change that has accelerated over the past couple of years is the move toward tactical thinking and away from strategic thinking. This is a challenge we have to deal with as an inventive, collaborative community. There's been pressure to cope with the consequences of past innovation, so we really can't think about escaping into new rounds of innovation. An example: our inability to control spam and other network problems. We're working around the edges on these issues, trying to respond tactically, partly because, as a community, we are shifting to be more tactical than strategic, and partly because we're dealing with the extensive embedded base that we've created.

And constant throughout the past 25 years is the struggle between developing infrastructure and doing things in an ad hoc fashion. Sometimes people just want to solve the problem that they are facing, and the fact that their solution doesn't solve a broader class of problems and won't scale to a largeruse community may be lost on developers who don't want to be dependent on anything external.

But another thing that hasn't changed is the drive within the higher ed community to innovate and do good. It is stunning to me that 25 years later, there still are very bright people working in higher ed who are making one nth of the salary they could make in the corporate sector. The combination of being able to execute properly and having motives that are genuinely for the greater good seems to be a staple for higher ed, and that's breathtaking to me.

In the development of the internet, what were some of the good choices made along the way? First, we picked the TCP/IP open standard for networking. It was critical to choose an open source instantiation of the internet, versus something that would have been proprietary.

And we made the access to the contents of the network "flat"--directly accessible without any kind of vetting process or structure. In the early '90s, we moved from the hierarchical, gated model of Gopher for information discovery, to the World Wide Web, with its ability to cross directly to another site and another content. That was a fundamental move toward democratization of the network; a pivotal point in the history of the internet. A second pivotal point was the move not to charge on a per-bit basis. Those were important design decisions, done right.

Another good decision, made just in the last few years: the idea that people need internet identity. I've been working with Shibboleth, where we allow a person to use his or her identity in the context of an employer, a university, etc., and leverage that identity for use in other instances. The federated identity piece is being done right, respecting the right values, and we're creating new infrastructure for layering on top of the internet.

At the same time, in the internet identity space, there's another set of efforts going on, saying, "We'd like to create some type of identity mechanism that will be independent of your work and everything else." It's a peer-to-peer trust environment, with mechanisms emerging as we speak, coming from a variety of places. It's likely that within a year or two, the two [identity mechanisms] will be integrated.

The people creating the next generation of internet are looking at what they call trust-mediated transparency, so that we get back to the transparency that will allow innovation.

What are a few more challenges, going forward? Over the past 25 years, we've seen that rich technologies tend to highlight how poor [some] policies are. [In other words,] we end up creating a lot of "disruptive" technologies. But the trick is for businesses to make a market with the new disruptive technologies, rather than stifle them.

One of the challenges particular to higher ed is [our need] to have security and privacy at the same time. [We need to] preserve privacy because it's a fundamental academic value, and at the same time improve the security environment of campuses. Security, more than anything else, is what was not envisioned 25 years ago in the internet--an example of our values of openness and our naivete about the consequences of success causing challenges down the road. In fact, one of our consistent shortcomings has been to underestimate the success and the impact we were going to have.

Another new challenge: the need to make a business case. People want to see a business plan that could create new marketplaces within five years. For example, in the federated identity space, campuses want to understand what the benefits are, on a cost basis. We've gotten traction in federated identity largely by exhibiting the reduction in help desk calls and the reduction in user support costs in general. Even if that's not why we're doing it, we need to be able to explain the economic benefits of what we're doing, in order to gain support.

What are today's most important trends in network infrastructure and applications? What should we prepare for, in the next five to 10 years? One of the ways the internet succeeded in its early days was through the "unimpeded wire," also known as transparency. That meant that the two folks on either end of that wire could invent whatever they wanted to, because they had a direct connection. But that's changed dramatically. There are now network address translators in every cable box, in houses, etcetera. It isn't a transparent network anymore, so innovation can't happen as it did early on. A major theme of the next five to 10 years will be to securely reintroduce transparency back into the network. The people creating the next generation of internet are looking at what they call trust-mediated transparency, so that we get back to the transparency that will allow innovation.

And dynamic network capabilities are going to be an important theme. There's a new class of collaboration among scientists that radically changes the pattern of traffic flow that we've seen in the internet so far, and introduces a burst of traffic unlike anything else. Think of a hundred scientists wanting to have access to two petabytes of data, and they all want it now. That's going to require us to create a new dynamic capability for provisioning network capacity, [in order] to enable this kind of massive burst of data and a limited high-performance mesh capability on the internet. The radically new capability may not even be TCP/IP, when we get done with it.

Also, we're going to have to learn how to manage privacy in an international world, say, when a user in the EU wants to come to a protected wiki at a university in the US. We have to learn how to handle privacy and security on a global level. And we're just beginning that climb.

Finally, the whole social networking phase that we've gone through, as unplumbed and chaotic as it has been--with Flickr,, MySpace, and Facebook--is a harbinger of the rise of sharing and content on the network. But it was done in an ad hoc fashion; we're going to need to add some rivers of consistency across the vast space of collaboration applications that are being provided to us.

Given all these areas for development, will there need to be a more hierarchical structure to internet applications? How will all of this change be managed? As you engage in collaborative applications going forward, there's not going to be an uber-app; one application sitting on top that controls and presents everything. Instead, you're going to wind up using a bucket of apps. And you're going to want to have some consistency across those apps. Users will need a consistent search experience, for example, so that the commands that one uses to manage a search in Google are similar to those on the desktop. [Other examples are] consistent metadata and digital objects.

Last, there is the problem of an embedded base. There was a parable I heard about 15 years ago when, as a community, we were debating some changes to TCP/IP that eventually resulted in IPv6. During the debate period, there was a lot of tension among various ideas being floated. And I remember one day, a newspaper reported that there was a big clash of "intellectual titans" going on. One of the titans happened to drive his car into a repair shop that day, and the mechanic said, "Isn't that you in this newspaper article?" The driver said, "Yes, that's me." And the repairman asked, "What's so hard about all this? It's like you're just going to take out the spark plugs and put in new ones, right?" The driver's response was, "Well yeah, but try to do that with the engine running." That illustrates our challenge right now: We have a lot of embedded infrastructure that's built one way. And we're trying to add security, privacy, and a consistent set of experiences. But we can't stop the engine while this is happening. This has led us to look for approaches that are evolutionary in technology and revolutionary in impact. That's a tough bill to meet.

Ken Klingenstein will present the opening keynote, "Leading in a New IT Environment," at Campus Technology 2007 in Washington, DC, July 30-Aug. 2.

comments powered by Disqus