Versions Compared

Old Version 2

changes.mady.by.user Michael Schmidt

Saved on

compared with

New Version 3

changes.mady.by.user Michael Schmidt

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The original idea of an IdP as a service was born in the last GÉANT phase based GN4-2 based on a community survey which indicated the desire for such a service. During the first half of the incubator cycle, a lot of effort was invested in analyzing the needs of the community on the one hand and technical possibilities on the other. After these results were presented to the community and discussed with representatives, it turned out that these former assumptions were no longer true. The initial idea was to deliver a fully fledged IdP as a Service solution to organisations by automate the deployment of independently hosted Idps for organisations by creating a platform hosted by either GÉANT or NRENS. However, it turned out that this does not match the demand of the R&E community. Although there Based on community requirements, it was concluded there is a potential market for an IdP as a Service offering, especially for small and medium sized institutions, this solution should be very lightweight in a way that is is really easy to use, to deploy and supports basic functionality only.

...

It is clear there is a need for a hosted IdP solution, especially for smaller institutions who have no means of operating and managing an IdP themselves. Operating in this case is not just the technical operations of the IdP itself, but the whole enterprise of running an IdP, including managing IdM, dealing with (custom) attribute release, software updates and maintenance etc. Therefore, the solution provided by this activity should no longer try to provide a fully fledged service, but a lightweight software that enables NRENS and other organisations to create such an offer on their own. To achieve this goal, this activity should work on the following two tasks

Due to this new situation it follows that the previous approach based on the Campus IdP prototype cannot be pursued any further. Its design is aimed at automating the deployment of IdPs in any distributed environment and providing customers with a fully functional Shibboleth IdP. The entire functional range of the platform and IdPs provided, which still requires a lot of development work before a first release, would go far beyond what is expected from the community. An adaptation of the software to the new requirements would require fundamental architectural changes, which would result in a disproportionately high effort.

Taking into account these new facts and their impact on the activity, the following approach is proposed:

IdP as a Service Software Design

...

This way we offer value as we set the baseline for any requirements and potential procurement by NRENs or federationsFor the creation of this, we can heavily reuse work done in he first phase of this incubator activity.

Creation of a Reference implementation

Based on the formerly created design, a reference software will be implemented. This reference implementation provides a simple, easily deploy-able solution that includes all specified features using the reference architecture. This solution will be provided to the community as a publicly available open source software including technical documentation. This software is intended to be used by NRENS to create their own IdP as a Service offering for institutions in their country. We have already, again as part of previous work in this activity, identified a software product (SAMLidP.io) that is being used in the NREN community and seems to have a broad coverage of the required features. We think this product will provide a very good starting point.

Decision

Based on the described reasons, the Incubator activity will change it's course of action drastically. There won't be any official product, service or software support provided by GÉANT. The further development of this reference design and software is up to the community. The usage of these resources won't be restricted, so everyone and every organization is free to build their own solution on top. This applies to non-profit organizations as well as commercial vendors, which may offer similar products. The individual decisions and implications of this choice are listed below.Dont

Do's
  • There won't be a service or product provided by GÉANT
  • The created software won't be owned software or supported by GÉANT
  • There won't be a business plan regarding the provided solution
  • The development of the Campus IdP prototype implemented during GN4-2 will be stopped
  • After delivering a design and software solution, the activity ends properly and there won't be any further actions for the Incubator

...

Dont's

Creation of a specifcation and design for a software that can be used to support an IdP as a Service offering

There won't be a service or product provided by GÉANT

Development of a simple software that implements the specification, which will be provided as open source software

...

on GitHub

The created software won't be owned software or supported by GÉANT

The provided solution will enhance the already existing open source software samlidp.io

The development of the Campus IdP prototype implemented during GN4-2 will be stopped

The results of this activity will be provided completely to the community for further support and development

There won't be a business plan regarding the provided solution

The community will be informed about the availability of this open source software during the runtime of this activity

After delivering a design and software solution, the activity ends properly and there won't be any further actions for the Incubator

In order to reflect this major change, the activity will be transferred from IdP as a Service Business case to IdP as a Service Software Solution.