The AAFFrom start-up to a steady state Federation in 2.5years February16 2012 Presented by Heath Marks Manager & Terry Smith Technical Manager
It all began June 2009• Incorporated not-for-profit association owned by Australian universities and leading national research and research support organisations• Federal government seed funding $2M AUD (June 2009 – Dec 2011) – AAF subscription base to meet critical mass for self sustainability – AAF business model developed for self sustainability• As of 31 December 2011 – 67 Subscribers – 68+ services registered in the AAF
Subscriber Growth 100% AU unis Identity Provider Identity Provider & Service Provider Service Provider
Key Streams of ActivityPolicy, procedures and frameworks Technology, infrastructure and its support Marketing and communication Running the business (AAF Incorporated)
Policy: Federation RulesFederation Rules containing Subscriber responsibilities – Rules for Identity Providers – Rules for Service Providers – Data protection and privacy (the Australian Privacy Act 1988) – Limitation of liability, termination, cessation, changes to rules, dispute resolution .. etc.
Policy: Core Attributes• “8.3 Identity Providers must collect or generate the Core Attributes as defined by the Federation Subscriber responsibilities” – auEduPersonSharedToken – displayName Attribute release – eduPersonAffiliation filters in place – eduPersonEntitlement – eduPersonScopedAffiliation – eduPersonTargetedID – AuthenticationMethod – eduPersonAssurance – cn – o – mail
Compliance Program • Annual compliance statement30 required: Organisations confirm that they haveJun examined the compliance of theire system, process and documentation against its obligations under the Federation Rules. • Non-compliance activities in place • Additional compliance statement required for organisations asserting
LoA Framework Concepts of Assurance • Identity Assurance: eduPersonAssurance urn:mace:aaf.edu.au:iap:id:.[level], where level is a value from 1 to 2. • Token and Credential Management Assurance: AuthenticationMethod urn:mace:aaf.edu.au:iap:authn:[level], where level is a value from 0 to 2 NIST SP 800-63 – LoA 1 and LoA 2. http://www.aaf.edu.au/technical/levels-of-assurance/
AAF Infrastructure WAYF Perth WAYF Brisbane WAYF Melbourne • Test and Production Federations • ANYCast • Core infrastructure hosted by our subscribers with agreements in place. • National Server Program for eResearch • Services in the cloud
AAF Technology A Central point of registration, management and reporting for identity and service providers participating in a standards compliant SAML 2 identity federation. http://wiki.aaf.edu.au/fe derationregistry/
Good Practice Program• Continuous improvement: – Rule compliance – Current deployment – Prod quality – Attribute release filters – Contacts and administrators – Test Federation policies – High Availability IdP – LoA – Relationship building
Business Model Principles: – The AAF should aim to break even; – AAF subscribers vary greatly in their size and usage of the AAF and the subscription should apportion costs fairly and equitably; – The subscription fees should be flexible and adaptable so that as the AAF evolves, the fees can be readily adjusted to reflect changing cost structures and subscriber diversity.
Subscription Fees Subscription Component 2012- AUD One-time joining fee $4,500 Basic annual fee (1* IdP + $4,628 10 SPs) Universities and Fee per FTE $2.02 Research Extra 10 Service Fee $3,250 Extra 1 IdP Fee $5,850 Subscription Component 2012- AUD Commercia One-time joining fee $4,550 l (3 year Annual fee per service $3,900 discount available) Annual fee per IdP $13,000
Steady State = 3.8 people Manager Technical ManagerCommunications Manager Technical Architect.8
Key Messages • The AAF is a significant and growing part of the Australian eResearch infrastructure landscape. • Its core value proposition is that it is operating as a shared service for the Australian research and education sector. It minimises the cost and effort for each individual subscriber of managing federated identity. • The AAF has achieved a critical mass of Identity Providers. This has given service providers access to over one million identities and proved to be a catalyst for service growth in the Federation.
Key Messages • The Federation is being funded primarily by Universities and large government research organisations • A vibrant and successful Federation will have many services, some will be heavily used and some will be lightly used. .
What next• Measuring our success in 2012 will focus on continuing to build the value proposition by the services that are available via the AAF.• Super Science initiatives• AAF infrastructure for:? National Entitlement Server for fine grained authorisation