Innovation through participation Business Case of eduGAIN, (T3) in Multi-Domain User Applications (SA3) Valter Nordh, NORDUnet / GU TNC 2010, Vilnius, 04 Jun 2010
Innovation through participation Agenda Goals of this session Outline of the eduGAIN task Why eduGAIN, or why federations? What is eduGAIN, what will eduAGIN solve? The eduGAIN BC Joining eduGAIN / mandatory parts Governance model for eduGAIN Q & A
Innovation through participation Goals of this meeting After this session we should have knowledge about: a brief understanding of the eduGAIN service, organisation and future development the eduGAIN BC (draft) discuss expectations on eduGAIN discuss expectations on participating federations
Innovation through participation Outline of the eduGAIN task eduGAIN is a project under the GÉANT umbrella eduGAIN is a service (SA3 / T3), that other GÉANT services will use Results from JRA3 will be incorporated into eduGAIN when ready eduGAIN is built upon use cases, with new use cases added every year. First years use cases focuses on webSSO Next set of use cases will be collected during summer/autumn 2010
Innovation through participation Why eduGAIN, or why federations? Why do we have federations at all? To save €€! Why eduGAIN? Offer services to a wider audiance – secure and safe Lower implementation costs for new pan european services with regards to authentication and authorisation eduGAIN replaces the need for separate agreements between federations
Innovation through participation What is eduGAIN, what will eduAGIN solve? eduGAIN started as JRA5 in GN2 and is under GÉANT3 turning into a service The service eduGAIN will offer interconnectivity between participating federations, ie the ”glue”. The ”glue” consists of both technichal and policy framework The eduGAIN service is NOT a federation, it only connects federations The eduGAIN platform will initially be excellent for authentication, however for authorisation you will (probably?) need attributes. eduGAIN offers a optional dataprotection profile that aims to fulfill the EC data protection directive.
Innovation through participation The eduGAIN BC The eduGAIN BC, in brief: (see provided hardcopy) Summary / Service Overview Strategic Fit Options Affordability / Costs Recommendations
Innovation through participation Summary / Service Overview Why do we have federations at all? To save €€! Why eduGAIN? Need for large scale identity proofing across new boundaries Offer services to a wider audiance – secure and safe Lower implementation costs for new pan european services with regards to authentication and authorisation In some aspects eduGAIN replaces the need for separate agreements between federations
Innovation through participation Summary / Service Overview Building eduGAIN eduGAIN in the first iteration is built upon use cases targeting primarly WebSSO. five use cases (eduroam OTRS, wiki, Sharepoint, CLARIN, foodle) ”Simple” use cases, but will deliver a working service
Innovation through participation Strategic Fit Normally two federations can’t in a trustworthy way exchange information between eachother. More services are being offered at a pan european (global?) scale, increasing the need for a common plattform As the number of ”multi-domain” services increase he number of identities that end users will mangage increases as well. A number of GÉANTs projects needs pan european AAI (perfSONAR, autobahn) For eduGAIN to be successful ”many” federations needs to participate
Innovation through participation Strategic Fit KPI for eduAGIN: CSF 1 “Particip ation” CSF 2 “Delivery ” CSF 3 “User satisfacti on” KPI1 “Partner Participatio n” KPI2 “GN3 service participation ” KPI3 “Participatio n by other services” KPI4 “Policy acceptance ” KPI5 “Service reliability” KPI6 “Support provision” KPI7 “Partner satisfaction” KPI8 “GN3 service satisfaction” KPI9 “Satisfacti on of other services” StrategyN/A Design12%0%N/A Transition (prototype/ pilot) 30%0%>0%25%99%50% 30% Production60%25%5%75%99.9%80%75% 60%
Innovation through participation Options Option 1: Implement a federated identity service based on the experience gained from the GN2 eduGAIN test-bed. Option 2: Do not implement a GN3 federated identity service and rely on bilateral agreements.
Innovation through participation Affordability / Costs A set of centrally-managed functions: such as metadata service operations, website, technical development and documentation. A set of NREN-managed functions: such as federation-level metadata distribution, marketing and end-user support. The costs incurred through the centrally-managed functions are likely to remain broadly constant, irrespective of the number of participating federations. The costs incurred in participating in the eduGAIN service are likely to be proportional to the number of members within a Partner’s federation; clearly, this will differ very significantly.
Innovation through participation Affordability / Costs Resource cost / year GN3 project annual costs Resources per NREN for introducing and operating the service Equipment CAPEX(€)5,0000 Equipment OPEX(€)20,0000 Manpower20.3 FTE allocated to this task over the GN3 lifetime. Variable according to size of participating Partner federation; see Section TOTAL annual costEquivalent of ~5 FTEn/a Total cost over the life-time of the projectEquivalent of 20.3 FTE plus 25,000€n/a
Innovation through participation Affordability / Costs RequirementRequirement ResourceResource FTE (Initial)FTE (Initial) FTE (On-going)FTE (On-going) Notes Developing the internal business case for participating in the eduGAIN service. Federation Service Manager, Chief Technology Officer (CTO) and Marketing Function 3 MM~0 MMThe Project will provide materials that will contribute towards and support an internal business case. Developing an understanding of the technical and policy requirements. Technical specialist and policy specialist and Federation Service Manager 2 MM~0.5 MMThe Project will provide training and other materials. Technical adaptations to the production service. Technical specialist2MM1 MMThe Project will document the technical requirements for participating in the eduGAIN service. Marketing to federation member organisations. Federation service manager0.5 MM~0 MMThe Project will provide materials to support the marketing of the eduGAIN service in cases where it’s deemed needed. Marketing function2 MM~0.5 MM Technical support to Partner federation member organisations concerning eduGAIN related issues. Technical specialist~0 MM6 hours per entity The level of support required per entity is expected to decline with increasing experience of participating in the eduGAIN service. TOTAL Man Months9.5 MM2 MM + 6 hrs per entity
Innovation through participation Joining eduGAIN / mandatory parts Requirements for joining Federations The joining process Sign the unilateral declaration and present it to the OT Connect on a technical level and start the “opt-in” process Inform OT about contact points (helpdesk, responsible manager etc) Right to opt out Each federation member has the rights to NOT participate in eduGAIN Leaving eduGAIN Yes, it can be done.
Innovation through participation Governance model for eduGAIN Inclusive process, low threshold in order to ensure success Proposed governing bodies: NREN PC Technical Steering Group Operations Team
Innovation through participation Governance model for eduGAIN NREN PC is responsible for: approving changes to this constitution, decisions on peering with other confederations, approving technical and other Policy documents, if they are REQUIRED for Participant Federations (i.e. can force a Participant Federation out of eduGAIN), approving joining of new Federations, if they are not operated by a GÉANT network and project partner, other tasks defined in the Policy.
Innovation through participation Governance model for eduGAIN Technical Steering Group Each Participant Federation SHOULD nominate a delegate to TSG. TSG's term is two calendar years, and it is responsible for: preparing issues for approval by NREN PC, approval of documents which do not need approval by NREN PC (such as, RECOMMENDED and OPTIONAL profiles).
Innovation through participation Governance model for eduGAIN Operational Team (OT) is responsible for: daily technical issues in eduGAIN, receiving enquiries about eduGAIN and forwarding them to the appropriate body, receiving and processing applications to join eduGAIN.
Innovation through participation Q & A ??