apanheath
DESCRIPTION
TRANSCRIPT
The AAFFrom start-up to a steady state Federation in 2.5 years
February16 2012Presented by Heath Marks Manager & Terry Smith Technical Manager
• Incorporated not-for-profit association owned by Australian universities and leading national research and research support organisations
• Federal government seed funding $2M AUD (June 2009 – Dec 2011)
– AAF subscription base to meet critical mass for self sustainability– AAF business model developed for self sustainability
• As of 31 December 2011 – 67 Subscribers– 68+ services registered in the AAF
It all began June 2009
Subscriber Growth
Identity Provider
Identity Provider & Service Provider
Service Provider
100% AU unis
Key Streams of Activity
Policy, procedures and frameworks Technology, infrastructure and its support
Marketing and communication
Running the business (AAF Incorporated)
Policy, procedures, frameworks
Policy: Federation Rules
Federation Rules containing Subscriber responsibilities
– Rules for Identity Providers– Rules for Service Providers– Data protection and privacy (the Australian
Privacy Act 1988)– Limitation of liability, termination, cessation,
changes to rules, dispute resolution .. etc.
Policy: Core Attributes
• “8.3 Identity Providers must collect or generate the Core Attributes as defined by the Federation Subscriber responsibilities”
– auEduPersonSharedToken– displayName– eduPersonAffiliation – eduPersonEntitlement – eduPersonScopedAffiliation – eduPersonTargetedID – AuthenticationMethod – eduPersonAssurance – cn – o – mail
Attribute release filters in place
Other Policy and Procedures
• Test and production federation usage policy
• Test federation terms of use• Logo usage policy• Change management• Software release policy• Operational policies & frameworks
Compliance Program
• Annual compliance statement required:Organisations confirm that they have examined the compliance of their system, process and documentation against its obligations under the Federation Rules.
• Non-compliance activities in place• Additional compliance statement
required for organisations asserting LoA values
30June
LoA Framework
Concepts of Assurance• Identity Assurance: eduPersonAssurance
urn:mace:aaf.edu.au:iap:id:.[level], where level is a value from 1 to 2.
• Token and Credential Management Assurance: AuthenticationMethod urn:mace:aaf.edu.au:iap:authn:[level], where level is a value from 0 to 22NIST SP 800-63 – LoA 1 and LoA 2.
http://www.aaf.edu.au/technical/levels-of-assurance/
Technology, infrastructure and its support
AAF Infrastructure
• Test and Production Federations• ANYCast• Core infrastructure hosted by
our subscribers with agreements in place.
• National Server Program for eResearch
• Services in the cloud
WAYF Brisbane
WAYF Melbourne
WAYF Perth
AAF Technology
A Central point of registration, management and reporting for identity and service providers participating in a standards compliant SAML 2 identity federation.
http://wiki.aaf.edu.au/federationregistry/
Good Practice Program
• Continuous improvement:– Rule compliance– Current deployment – Prod
quality– Attribute release filters– Contacts and
administrators– Test Federation policies– High Availability IdP– LoA– Relationship building
Running the Business (AAF Incorporated)
Business Model
Principles:– The AAF should aim to break even;– AAF subscribers vary greatly in their size and
usage of the AAF and the subscription should apportion costs fairly and equitably;
– The subscription fees should be flexible and adaptable so that as the AAF evolves, the fees can be readily adjusted to reflect changing cost structures and subscriber diversity.
$
Subscription Fees
Subscription Component
2012- AUD
One-time joining fee $4,500
Basic annual fee (1* IdP + 10 SPs)
$4,628
Fee per FTE $2.02
Extra 10 Service Fee $3,250
Extra 1 IdP Fee $5,850
Subscription Component
2012- AUD
One-time joining fee $4,550
Annual fee per service $3,900
Annual fee per IdP $13,000
Universities and
Research
Commercial (3 year discount
available)
Steady State = 3.8 people
Manager
Technical Manager
Technical Architect
Communications Manager .8
Marketing and Communication
Key Messages
• The AAF is a significant and growing part of the Australian eResearch infrastructure landscape.
• Its core value proposition is that it is operating as a shared service for the Australian research and education sector. It minimises the cost and effort for each individual subscriber of managing federated identity.
• The AAF has achieved a critical mass of Identity Providers. This has given service providers access to over one million identities and proved to be a catalyst for service growth in the Federation.
Key Messages
• The Federation is being funded primarily by Universities and large government research organisations
• A vibrant and successful Federation will have many services, some will be heavily used and some will be lightly used.
.
What next
• Measuring our success in 2012 will focus on continuing to build the value proposition by the services that are available via the AAF.
• Super Science initiatives • AAF infrastructure for:
National Entitlement Server for fine grained authorisation
?