The AAFFrom start-up to a steady state Federation in 2.5 years

February16 2012Presented by Heath Marks Manager & Terry Smith Technical Manager

• Incorporated not-for-profit association owned by Australian universities and leading national research and research support organisations

• Federal government seed funding $2M AUD (June 2009 – Dec 2011)

– AAF subscription base to meet critical mass for self sustainability– AAF business model developed for self sustainability

• As of 31 December 2011 – 67 Subscribers– 68+ services registered in the AAF

It all began June 2009

Subscriber Growth

Identity Provider

Identity Provider & Service Provider

Service Provider

100% AU unis

Key Streams of Activity

Policy, procedures and frameworks Technology, infrastructure and its support

Marketing and communication

Running the business (AAF Incorporated)

Policy, procedures, frameworks

Policy: Federation Rules

Federation Rules containing Subscriber responsibilities

– Rules for Identity Providers– Rules for Service Providers– Data protection and privacy (the Australian

Privacy Act 1988)– Limitation of liability, termination, cessation,

changes to rules, dispute resolution .. etc.

Policy: Core Attributes

• “8.3 Identity Providers must collect or generate the Core Attributes as defined by the Federation Subscriber responsibilities”

– auEduPersonSharedToken– displayName– eduPersonAffiliation – eduPersonEntitlement – eduPersonScopedAffiliation – eduPersonTargetedID – AuthenticationMethod – eduPersonAssurance – cn – o – mail

Attribute release filters in place

Other Policy and Procedures

• Test and production federation usage policy

• Test federation terms of use• Logo usage policy• Change management• Software release policy• Operational policies & frameworks

Compliance Program

• Annual compliance statement required:Organisations confirm that they have examined the compliance of their system, process and documentation against its obligations under the Federation Rules.

• Non-compliance activities in place• Additional compliance statement

required for organisations asserting LoA values

30June

LoA Framework

Concepts of Assurance• Identity Assurance: eduPersonAssurance

urn:mace:aaf.edu.au:iap:id:.[level], where level is a value from 1 to 2.

• Token and Credential Management Assurance: AuthenticationMethod urn:mace:aaf.edu.au:iap:authn:[level], where level is a value from 0 to 22NIST SP 800-63 – LoA 1 and LoA 2.

http://www.aaf.edu.au/technical/levels-of-assurance/

Technology, infrastructure and its support

AAF Infrastructure

• Test and Production Federations• ANYCast• Core infrastructure hosted by

our subscribers with agreements in place.

• National Server Program for eResearch

• Services in the cloud

WAYF Brisbane

WAYF Melbourne

WAYF Perth

AAF Technology

A Central point of registration, management and reporting for identity and service providers participating in a standards compliant SAML 2 identity federation.

http://wiki.aaf.edu.au/federationregistry/

Good Practice Program

• Continuous improvement:– Rule compliance– Current deployment – Prod

quality– Attribute release filters– Contacts and

administrators– Test Federation policies– High Availability IdP– LoA– Relationship building

Running the Business (AAF Incorporated)

Business Model

Principles:– The AAF should aim to break even;– AAF subscribers vary greatly in their size and

usage of the AAF and the subscription should apportion costs fairly and equitably;

– The subscription fees should be flexible and adaptable so that as the AAF evolves, the fees can be readily adjusted to reflect changing cost structures and subscriber diversity.

$

Subscription Fees

Subscription Component

2012- AUD

One-time joining fee $4,500

Basic annual fee (1* IdP + 10 SPs)

$4,628

Fee per FTE $2.02

Extra 10 Service Fee $3,250

Extra 1 IdP Fee $5,850

Subscription Component

2012- AUD

One-time joining fee $4,550

Annual fee per service $3,900

Annual fee per IdP $13,000

Universities and

Research

Commercial (3 year discount

available)

Steady State = 3.8 people

Manager

Technical Manager

Technical Architect

Communications Manager .8

Marketing and Communication

Key Messages

• The AAF is a significant and growing part of the Australian eResearch infrastructure landscape.

• Its core value proposition is that it is operating as a shared service for the Australian research and education sector. It minimises the cost and effort for each individual subscriber of managing federated identity.

• The AAF has achieved a critical mass of Identity Providers. This has given service providers access to over one million identities and proved to be a catalyst for service growth in the Federation.

Key Messages

• The Federation is being funded primarily by Universities and large government research organisations

• A vibrant and successful Federation will have many services, some will be heavily used and some will be lightly used.

.

What next

• Measuring our success in 2012 will focus on continuing to build the value proposition by the services that are available via the AAF.

• Super Science initiatives • AAF infrastructure for:

National Entitlement Server for fine grained authorisation

?