The UK Access Management Federation has been successful in supporting the collaboration, access and sharing of services between UK organisations for many years now. To access (or offer) a range services outside the UK or allow the participation of institutions in other countries has required the creation of bilateral agreements or joining multiple federations. This is a solution which doesn't scale and increases the administrative burden of IdPs, SPs and the Federation! eduGAIN, launched in April 2011, enabling the trustworthy exchange of information between participating organisations via their home identity federation. This presentation will provide a status update on eduGAIN, examples on how institutions and services are supporting interfederation and what lessons have we learnt and need to change to truly provide a Global Authentication INfrastructure.

1. eduGAIN: State of the ∪
Brook Schofield
eduGAIN Task Leader, GN3 Project
schofield@terena.org
6 November 2012
FAM12, Birmingham, UK
Innovation through participation

2. About me…
Brook Schofield
mailto:schofield@terena.org
skype://brookschofield
tel:+31651553991
http://terena.org/~schofield
linkedin.com/in/brookschofield
Australian living in The Netherlands.
Grew up on the island state of Tasmania.
Task Leader in the GN3 Project for eduGAIN.
Innovation through participation

3. IdP IdP
SP SP MDS SP SP
WhatYour Federation
is eduGAIN? 2 Other
Federation
3
Downstream eduGAIN
Metadata
Federation C
SP SP
eduGAIN SP
SP IdP
Declaration IdP
SP
Federation B
Constitution
Good MDS SP
Practice
IdP
Web SSO SP IdP
Metadata IdP
SP
Federation A
Terms of Use
Attributes Service Provider Identity Provider
educational Global Authentication Infrastructure (for interfederation)
Two parts:
eduGAIN Policy Framework
Upstream Federation
MDS (Metadata Distribution Service)
Metadata
3 1 1
http://eduGAIN.org/ for more information connect •B
Innovation through • collaborate
communicate participation 3
A
IdP IdP
SP SP MDS SP SP

4. Project Expectations
Pilot in April 2011
Battle Test MDS – It’s just an aggregator!
Have people review & sign up to the Policy
Production in July 2011
Officially low expectations
“We’re the only game in town”
Federations MUST want us!
GN3 would finish in March 2013
Success!!!
Innovation through participation

5. Naïve Roadmap…
http://www.tshirtlaundry.com/The-Underpants-Gnome_p_1441.html Innovation through participation

6. eduGAIN status (in numbers)
15 participant federations
3 joining federations
6 European federations not participating
AT, DK, EE, IE, TR, SI, UK
8 federations not participating
AU, CL, CN, IN, JP, NZ, OM, US
18 GN3 Partners without a federation (23 GN3+)
Innovation through participation

7. eduGAIN status
Innovation through participation

8. What are we doing?
“Brook’s Service Catalogue”  REFEDS MET
http://terena.org/~schofield/servicecatalogue/
WARNING! Browser-site database in use!
Then (August 2011) 24 entities; Now 97 entities (64 IdPs)
Building Federation Capacity & “Federation-as-a-Service”
Goal of getting to 100% adoption
In progress now – Infrastructure + Policy training
GÉANT Code of Conduct
Data protection confuses people
Innovation through participation

9. How much sharing do we do?
6000
5000
4000
Number of Entities
3000 SAML2 Entities
SPs
IdPs
2000
1000
0
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
Innovation through participation

10. How much sharing do we do?
Logarithmic Graph
8192
4096
2048
1024
512
256
128 Number of Entities
SAML2 Entities
64
SPs
32 IdPs
16
8
4
2
1
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
Innovation through participation

11. How much sharing do we do?
Logarithmic Graph + eduGAIN
8192
4096
2048
1024
512
256
128 Number of Entities
SAML2 Entities
64
SPs
32 IdPs
16
8
4
2
1
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
Innovation through participation

12. How much sharing do we do?
Extra Federations
90
80
70
60
50
SPs
40 IdPs
30
20
10
0
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
Innovation through participation

13. How much sharing do we do?
Extra Federations + eduGAIN
90
80
70
60
50
SPs
40 IdPs
30
20
10
0
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
Innovation through participation

15. Who doesn’t have a federation…
18 GN3
5 GN3+
23 new feds
Innovation through participation

16. GÉANT Code of Conduct
Easy • Least Privilege
Complex • Bilateral Contract
Scales • GÉANT Code of Conduct
Trouble • Ignore/break the law
Innovation through participation

17. Where is UK Access Management
Federation?
When will the UK join eduGAIN?
It’s nothing personal
We’re working on it
We aren’t a monopoly
eduGAIN made some mistakes (policy revision)
There’s more value now…
Innovation through participation

18. linkedin.com/in/brookschofield
facebook.com/brook.schofield
skype://brookschofield
schofield@terena.org
@BrookSchofield
+31651553991
Slide 18