Innovation through participation Business Case of eduGAIN, (T3) in Multi-Domain User Applications...

Innovation through participation

Business Case of eduGAIN, (T3)in Multi-Domain User Applications (SA3)

Valter Nordh, NORDUnet / GU

TNC 2010, Vilnius, 04 Jun 2010


Agenda

Goals of this session

Outline of the eduGAIN task

Why eduGAIN, or why federations?

What is eduGAIN, what will eduAGIN solve?

The eduGAIN BC

Joining eduGAIN / mandatory parts

Governance model for eduGAIN

Q & A


Goals of this meeting

After this session we should have knowledge about:

a brief understanding of the eduGAIN service, organisation and future development

the eduGAIN BC (draft)

discuss expectations on eduGAIN

discuss expectations on participating federations


Outline of the eduGAIN task

eduGAIN is a project under the GÉANT umbrella

eduGAIN is a service (SA3 / T3), that other GÉANT services will use

Results from JRA3 will be incorporated into eduGAIN when ready

eduGAIN is built upon use cases, with new use cases added every year. First years use cases focuses on webSSO

Next set of use cases will be collected during summer/autumn 2010


Why eduGAIN, or why federations?

Why do we have federations at all? To save €€!

Why eduGAIN?

Offer services to a wider audiance – secure and safe

Lower implementation costs for new pan european services with regards to authentication and authorisation

eduGAIN replaces the need for separate agreements between federations


What is eduGAIN, what will eduAGIN solve?

eduGAIN started as JRA5 in GN2 and is under GÉANT3 turning into a service

The service eduGAIN will offer interconnectivity between participating federations, ie the ”glue”.

The ”glue” consists of both technichal and policy framework

The eduGAIN service is NOT a federation, it only connects federations

The eduGAIN platform will initially be excellent for authentication, however for authorisation you will (probably?) need attributes.eduGAIN offers a optional dataprotection profile that aims to fulfill the EC data protection directive.


The eduGAIN BC

The eduGAIN BC, in brief: (see provided hardcopy)

Summary / Service OverviewStrategic FitOptionsAffordability / CostsRecommendations


Summary / Service Overview

Why do we have federations at all? To save €€!

Why eduGAIN?

Need for large scale identity proofing across new boundaries

Offer services to a wider audiance – secure and safe

Lower implementation costs for new pan european services with regards to authentication and authorisation

In some aspects eduGAIN replaces the need for separate agreements between federations


Summary / Service Overview

Building eduGAIN

eduGAIN in the first iteration is built upon use cases targeting primarly WebSSO.

five use cases (eduroam OTRS, wiki, Sharepoint, CLARIN, foodle)

”Simple” use cases, but will deliver a working service


Strategic Fit

Normally two federations can’t in a trustworthy way exchange information between eachother.

More services are being offered at a pan european (global?) scale, increasing the need for a common plattform

As the number of ”multi-domain” services increase he number of identities that end users will mangage increases as well.

A number of GÉANTs projects needs pan european AAI (perfSONAR, autobahn)

For eduGAIN to be successful ”many” federations needs to participate


Strategic Fit

KPI for eduAGIN:

CSF 1

“Participation”

CSF 2

“Delivery”

CSF 3

“User satisfacti

on”

KPI1

“Partner Participatio

n”

KPI2

“GN3 service

participation”

KPI3

“Participation by other services”

KPI4

“Policy acceptance

”

KPI5

“Service reliability”

KPI6

“Support provision”

KPI7

“Partner satisfaction”

KPI8

“GN3 service

satisfaction”

KPI9

“Satisfaction of other services”

Strategy N/A N/A N/A N/A N/A N/A N/A N/A N/A

Design 12% 0% N/A N/A N/A N/A N/A N/A N/A

Transition (prototype/pilot)

30% 0% >0% 25% 99% 50% 50% 50% 30%

Production 60% 25% 5% 75% 99.9% 80% 75% 75% 60%


Options

Option 1: Implement a federated identity service based on the experience gained from the GN2 eduGAIN test-bed.

Option 2: Do not implement a GN3 federated identity service and rely on bilateral agreements.


Affordability / Costs

A set of centrally-managed functions: such as metadata service operations, website, technical development and documentation.

A set of NREN-managed functions: such as federation-level metadata distribution, marketing and end-user support.

The costs incurred through the centrally-managed functions are likely to remain broadly constant, irrespective of the number of participating federations.

The costs incurred in participating in the eduGAIN service are likely to be proportional to the number of members within a Partner’s federation; clearly, this will differ very significantly.



Resource cost / year

GN3 project annual costs

Resources per NREN

for introducing

and operating

the service

Equipment CAPEX(€) 5,000 0

Equipment OPEX(€) 20,000 0

Manpower 20.3 FTE allocated to this task over the GN3 lifetime.

Variable according to size of participating Partner federation; see Section 4.1.1.1.

TOTAL annual cost Equivalent of ~5 FTE n/a

Total cost over the life-time of the project Equivalent of 20.3 FTE plus 25,000€ n/a



Requirement

Resource

FTE (Initial)

FTE (On-going)

Notes

Developing the internal business case for participating in the eduGAIN service.

Federation Service Manager, Chief Technology Officer (CTO) and Marketing Function

3 MM ~0 MM The Project will provide materials that will contribute towards and support an internal business case.

Developing an understanding of the technical and policy requirements.

Technical specialist and policy specialist and Federation Service Manager

2 MM ~0.5 MM The Project will provide training and other materials.

Technical adaptations to the production service.

Technical specialist 2MM 1 MM The Project will document the technical requirements for participating in the eduGAIN service.

Marketing to federation member organisations.

Federation service manager 0.5 MM ~0 MM The Project will provide materials to support the marketing of the eduGAIN service in cases where it’s deemed needed.

Marketing function 2 MM ~0.5 MM

Technical support to Partner federation member organisations concerning eduGAIN related issues.

Technical specialist ~0 MM 6 hours per entity

The level of support required per entity is expected to decline with increasing experience of participating in the eduGAIN service.

TOTAL Man Months 9.5 MM 2 MM + 6 hrs per entity


Joining eduGAIN / mandatory parts

Requirements for joining Federations

The joining processSign the unilateral declaration and present it to the OTConnect on a technical level and start the “opt-in” processInform OT about contact points (helpdesk, responsible manager etc)

Right to opt outEach federation member has the rights to NOT participate in eduGAIN

Leaving eduGAINYes, it can be done.



Inclusive process, low threshold in order to ensure success

Proposed governing bodies:

NREN PC

Technical Steering Group

Operations Team



NREN PC is responsible for:

approving changes to this constitution,decisions on peering with other confederations,approving technical and other Policy documents, if they are REQUIRED for Participant Federations (i.e. can force a Participant Federation out of eduGAIN),approving joining of new Federations, if they are not operated by a GÉANT network and project partner,other tasks defined in the Policy.



Technical Steering Group

Each Participant Federation SHOULD nominate a delegate to TSG. TSG's term is two calendar years, and it is responsible for:preparing issues for approval by NREN PC,approval of documents which do not need approval by NREN PC (such as, RECOMMENDED and OPTIONAL profiles).



Operational Team (OT) is responsible for:

daily technical issues in eduGAIN,receiving enquiries about eduGAIN and forwarding them to the appropriate body,receiving and processing applications to join eduGAIN.


Q & A

??

Innovation through participation Business Case of eduGAIN, (T3) in Multi-Domain User Applications...

Documents

Transcript of Innovation through participation Business Case of eduGAIN, (T3) in Multi-Domain User Applications...