From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Apanheath
1. The AAF
From start-up to a steady state Federation in 2.5
years
February16 2012
Presented by Heath Marks Manager & Terry Smith Technical Manager
2. It all began June 2009
• Incorporated not-for-profit association owned by Australian
universities and leading national research and research
support organisations
• Federal government seed funding $2M AUD (June 2009 – Dec 2011)
– AAF subscription base to meet critical mass for self sustainability
– AAF business model developed for self sustainability
• As of 31 December 2011
– 67 Subscribers
– 68+ services registered in the AAF
3. Subscriber Growth
100% AU
unis
Identity
Provider
Identity
Provider
&
Service
Provider
Service
Provider
4. Key Streams of Activity
Policy, procedures and frameworks Technology, infrastructure
and its support
Marketing and
communication
Running the business
(AAF Incorporated)
6. Policy: Federation Rules
Federation Rules containing Subscriber responsibilities
– Rules for Identity Providers
– Rules for Service Providers
– Data protection and privacy (the Australian Privacy
Act 1988)
– Limitation of liability, termination, cessation, changes
to rules, dispute resolution .. etc.
7. Policy: Core Attributes
• “8.3 Identity Providers must collect or generate the Core
Attributes as defined by the Federation Subscriber
responsibilities”
– auEduPersonSharedToken
– displayName Attribute release
– eduPersonAffiliation filters in place
– eduPersonEntitlement
– eduPersonScopedAffiliation
– eduPersonTargetedID
– AuthenticationMethod
– eduPersonAssurance
– cn
– o
– mail
8. Other Policy and Procedures
• Test and production federation usage
policy
• Test federation terms of use
• Logo usage policy
• Change management
• Software release policy
• Operational policies & frameworks
9. Compliance Program
• Annual compliance statement
30 required:
Organisations confirm that they have
Jun
examined the compliance of their
e system, process and documentation
against its obligations under the
Federation Rules.
• Non-compliance activities in place
• Additional compliance statement
required for organisations asserting
10. LoA Framework
Concepts of Assurance
• Identity Assurance: eduPersonAssurance
urn:mace:aaf.edu.au:iap:id:.[level], where level is a value from 1 to 2.
• Token and Credential Management Assurance: AuthenticationMethod
urn:mace:aaf.edu.au:iap:authn:[level], where level is a value from 0 to 2
NIST SP 800-63 – LoA 1 and LoA 2.
http://www.aaf.edu.au/technical/levels-of-assurance/
12. AAF Infrastructure
WAYF Perth WAYF Brisbane
WAYF
Melbourne
• Test and Production Federations
• ANYCast
• Core infrastructure hosted by our
subscribers with agreements in
place.
• National Server Program for
eResearch
• Services in the cloud
13. AAF Technology
A Central point of
registration,
management and
reporting for identity
and service providers
participating in a
standards compliant
SAML 2 identity
federation.
http://wiki.aaf.edu.au/fe
derationregistry/
14. Good Practice Program
• Continuous improvement:
– Rule compliance
– Current deployment – Prod
quality
– Attribute release filters
– Contacts and administrators
– Test Federation policies
– High Availability IdP
– LoA
– Relationship building
16. Business Model
Principles:
– The AAF should aim to break even;
– AAF subscribers vary greatly in their size and
usage of the AAF and the subscription should
apportion costs fairly and equitably;
– The subscription fees should be flexible and
adaptable so that as the AAF evolves, the fees
can be readily adjusted to reflect changing cost
structures and subscriber diversity.
17. Subscription Fees
Subscription Component 2012- AUD
One-time joining fee $4,500
Basic annual fee (1* IdP + $4,628
10 SPs) Universities
and
Fee per FTE $2.02 Research
Extra 10 Service Fee $3,250
Extra 1 IdP Fee $5,850
Subscription Component 2012- AUD
Commercia
One-time joining fee $4,550 l (3 year
Annual fee per service $3,900 discount
available)
Annual fee per IdP $13,000
18. Steady State = 3.8 people
Manager Technical
Manager
Communications Manager Technical Architect
.8
20. Key Messages
• The AAF is a significant and growing part of the Australian
eResearch infrastructure landscape.
• Its core value proposition is that it is operating as a shared
service for the Australian research and education sector.
It minimises the cost and effort for each individual
subscriber of managing federated identity.
• The AAF has achieved a critical mass of Identity
Providers. This has given service providers access to over
one million identities and proved to be a catalyst for
service growth in the Federation.
21. Key Messages
• The Federation is being funded primarily by Universities
and large government research organisations
• A vibrant and successful Federation will have many
services, some will be heavily used and some will be
lightly used.
.
22. What next
• Measuring our success in 2012 will focus on
continuing to build the value proposition by
the services that are available via the AAF.
• Super Science initiatives
• AAF infrastructure for:
? National Entitlement Server for fine grained
authorisation