Transcript THIS IS MAIN TITLE FOR THE WHOLE PRESENTATION

Business Case of eduGAIN, (T3)
in Multi-Domain User Applications (SA3)
Valter Nordh, NORDUnet / GU
TNC 2010, Vilnius, 04 Jun 2010
Innovation through participation
Agenda
Goals of this session
Outline of the eduGAIN task
Why eduGAIN, or why federations?
What is eduGAIN, what will eduAGIN solve?
The eduGAIN BC
Joining eduGAIN / mandatory parts
Governance model for eduGAIN
Q&A
Innovation through participation
Goals of this meeting
After this session we should have knowledge about:
a brief understanding of the eduGAIN service, organisation and future
development
the eduGAIN BC (draft)
discuss expectations on eduGAIN
discuss expectations on participating federations
Innovation through participation
Outline of the eduGAIN task
eduGAIN is a project under the GÉANT umbrella
eduGAIN is a service (SA3 / T3), that other GÉANT services will use
Results from JRA3 will be incorporated into eduGAIN when ready
eduGAIN is built upon use cases, with new use cases added every year.
First years use cases focuses on webSSO
Next set of use cases will be collected during summer/autumn 2010
Innovation through participation
Why eduGAIN, or why federations?
Why do we have federations at all?
To save €€!
Why eduGAIN?
Offer services to a wider audiance – secure and safe
Lower implementation costs for new pan european services with regards
to authentication and authorisation
eduGAIN replaces the need for separate agreements between
federations
Innovation through participation
What is eduGAIN, what will
eduAGIN solve?
eduGAIN started as JRA5 in GN2 and is under GÉANT3 turning into a
service
The service eduGAIN will offer interconnectivity between participating
federations, ie the ”glue”.
The ”glue” consists of both technichal and policy framework
The eduGAIN service is NOT a federation, it only connects federations
The eduGAIN platform will initially be excellent for authentication,
however for authorisation you will (probably?) need attributes.
eduGAIN offers a optional dataprotection profile that aims to fulfill the
EC data protection directive.
Innovation through participation
The eduGAIN BC
The eduGAIN BC, in brief: (see provided hardcopy)
Summary / Service Overview
Strategic Fit
Options
Affordability / Costs
Recommendations
Innovation through participation
Summary / Service Overview
Why do we have federations at all?
To save €€!
Why eduGAIN?
Need for large scale identity proofing across new boundaries
Offer services to a wider audiance – secure and safe
Lower implementation costs for new pan european services with regards
to authentication and authorisation
In some aspects eduGAIN replaces the need for separate agreements
between federations
Innovation through participation
Summary / Service Overview
Building eduGAIN
eduGAIN in the first iteration is built upon use cases targeting primarly
WebSSO.
five use cases (eduroam OTRS, wiki, Sharepoint, CLARIN, foodle)
”Simple” use cases, but will deliver a working service
Innovation through participation
Strategic Fit
Normally two federations can’t in a trustworthy way exchange
information between eachother.
More services are being offered at a pan european (global?) scale,
increasing the need for a common plattform
As the number of ”multi-domain” services increase he number of
identities that end users will mangage increases as well.
A number of GÉANTs projects needs pan european AAI (perfSONAR,
autobahn)
For eduGAIN to be successful ”many” federations needs to participate
Innovation through participation
Strategic Fit
KPI for eduAGIN:
⦁
⦁
KPI1
“Partner
Participatio
n”
⦁
CSF 1
⦁
“Particip
ation”
KPI2
KPI3
KPI4
CSF 2
⦁
CSF 3
“Delivery
”
⦁
“User
satisfacti
on”
KPI5
KPI6
KPI7
KPI8
KPI9
“Service
reliability”
“Support
provision”
“Partner
satisfaction”
“GN3
“Satisfacti
service
on of other
satisfaction” services”
Strategy
N/A
“GN3
“Participatio
“Policy
service
n by other acceptance
participation
services”
”
”
N/A
N/A
N/A
Design
Transition
(prototype/
pilot)
12%
30%
0%
0%
N/A
>0%
N/A
25%
N/A
99%
N/A
50%
N/A
50%
N/A
50%
N/A
30%
Production
60%
25%
5%
75%
99.9%
80%
75%
75%
60%
N/A
N/A
N/A
N/A
N/A
Innovation through participation
Options
Option 1: Implement a federated identity service based on the
experience gained from the GN2 eduGAIN test-bed.
Option 2: Do not implement a GN3 federated identity service and rely
on bilateral agreements.
Innovation through participation
Affordability / Costs
A set of centrally-managed functions: such as metadata service
operations, website, technical development and documentation.
A set of NREN-managed functions: such as federation-level metadata
distribution, marketing and end-user support.
The costs incurred through the centrally-managed functions are likely to
remain broadly constant, irrespective of the number of participating
federations.
The costs incurred in participating in the eduGAIN service are likely to
be proportional to the number of members within a Partner’s federation;
clearly, this will differ very significantly.
Innovation through participation
Affordability / Costs
⦁
⦁
Resource cost /
year
⦁
GN3 project
annual
costs
Equipment CAPEX(€)
5,000
0
Equipment OPEX(€)
20,000
0
Manpower
20.3 FTE allocated to this task over the Variable
according
GN3 lifetime.
participating Partner
Section 4.1.1.1.
TOTAL annual cost
Equivalent of ~5 FTE
n/a
Total cost over the life-time of the project
Equivalent of 20.3 FTE plus 25,000€
n/a
Resources
per NREN
for
introducing
and
operating
the service
to
size
federation;
Innovation through participation
of
see
Affordability / Costs
⦁
⦁
R
e
q
u
i
r
e
m
e
n
t
⦁
R
e
s
o
u
r
c
e
Notes
Developing the internal
business case for
participating in the eduGAIN
service.
Developing an
understanding of the
technical and policy
requirements.
Technical adaptations to the
production service.
Federation Service Manager,
3 MM
Chief Technology Officer (CTO)
and Marketing Function
~0 MM
The Project will provide materials that
will contribute towards and support an
internal business case.
Technical specialist and policy
specialist and Federation
Service Manager
2 MM
~0.5 MM
The Project will provide training and
other materials.
Technical specialist
2MM
1 MM
Marketing to federation
member organisations.
Federation service manager
Marketing function
0.5 MM
2 MM
~0 MM
~0.5 MM
Technical support to Partner
federation member
organisations concerning
eduGAIN related issues.
Technical specialist
~0 MM
6 hours per
entity
The Project will document the
technical requirements for
participating in the eduGAIN service.
The Project will provide materials to
support the marketing of the eduGAIN
service in cases where it’s deemed
needed.
The level of support required per
entity is expected to decline with
increasing experience of participating
in the eduGAIN service.
TOTAL Man Months
9.5 MM
2 MM + 6 hrs
per entity
Innovation through participation
Joining eduGAIN / mandatory parts
Requirements for joining Federations
The joining process
Sign the unilateral declaration and present it to the OT
Connect on a technical level and start the “opt-in” process
Inform OT about contact points (helpdesk, responsible manager etc)
Right to opt out
Each federation member has the rights to NOT participate in eduGAIN
Leaving eduGAIN
Yes, it can be done.
Innovation through participation
Governance model for eduGAIN
Inclusive process, low threshold in order to ensure success
Proposed governing bodies:
NREN PC
Technical Steering Group
Operations Team
Innovation through participation
Governance model for eduGAIN
NREN PC is responsible for:
approving changes to this constitution,
decisions on peering with other confederations,
approving technical and other Policy documents, if they are REQUIRED
for Participant Federations (i.e. can force a Participant Federation out of
eduGAIN),
approving joining of new Federations, if they are not operated by a
GÉANT network and project partner,
other tasks defined in the Policy.
Innovation through participation
Governance model for eduGAIN
Technical Steering Group
Each Participant Federation SHOULD nominate a delegate to TSG.
TSG's term is two calendar years, and it is responsible for:
preparing issues for approval by NREN PC,
approval of documents which do not need approval by NREN PC (such
as, RECOMMENDED and OPTIONAL profiles).
Innovation through participation
Governance model for eduGAIN
Operational Team (OT) is responsible for:
daily technical issues in eduGAIN,
receiving enquiries about eduGAIN and forwarding them to the
appropriate body,
receiving and processing applications to join eduGAIN.
Innovation through participation
Q&A
??
Innovation through participation