Description and Value Proposition
Federation as a Service supports NRENs by providing them with the infrastructure needed to operate a classic identity federation (web based Single Sign-on) with access to eduGAIN included.
Technical Description
The core service offering will include the following infrastructure, offered pre-installed on Virtual Machines:
Technical Components
- Resource Registry
- Metadata Aggregator
- Discovery Service
Service Description
Federation as a Service will provide NRENs with the core infrastructure needed to operate an identity federation.
The elements provided by Federation as a Service are positioned in a wider context as shown.
Offering
Federation as a Service offers NRENs hosted infrastructure for the operation and delivery of a classic web Single Sign-on Identity Federation.
Reason to Act
While once it was only expected that an NREN would provide a reliable national network, today's user expects a range of additional facilities such as Single Sign-on access to pan-European federated services. Providing access to such services is enabled with a SAML-based Identity Federation that enables NRENs to participate in eduGAIN.
Of the 43 partners in GN3plus, there are 21 NRENs that don't have a production SAML Identity Federation. As the consequence, these NRENs are not able to join eduGAIN through which users access a growing number of European and global federated services and services offered through GÉANT Service Area such as Cloud providers.
Customer Experience
The NREN is provided with high quality, supported, reliable infrastructure with which to operate their federation.
Benefits
The NREN is able to offer federated services and access to eduGAIN to their users, providing a trusted environment where they have single sign-on access to a range of services, from journals to e-Infrastructure projects.
Costs
Covered by NREN subscription to GÉANT.
A cost model for non NREN users will be developed.
Alternatives
No central support for Single Sign-on, bilateral agreements with insititutions and multiple passwords for users.
Advantages
Reduces the manpower needed to start and run a federation as infrastructure is provided.
Engagement
Structured interviews were held with NRENs who do not have a federation.
An outline list of topics and questions were addressed, consisting of the following groups:
General – investigates the status of Federation deployment. NRENs were asked if there are existing or planned web services which need an AAI.
Issues – NRENs were asked to grade the problems they have with Federation deployment, grading the issues by difficulty.
Support - the ways that NRENs can be supported by FaaS in their way of joining or providing a Federation.
NRENs have also been engaged in UAT prior to pilot launch.