This activity is the continuation of the former IdP as a Service Business case activity, which goals and direction was fundamentally changed. It is about designing an open source software targeted at NRENS that is capable of automating the process of deploying and managing IdPs. This software shall offer a platform that can be used by institutions to configure, create and deploy an IdP through an easy to use graphical user interface (GUI). Instead of just implementing such a software, an open design of such a platform shall be defined based on the features needed in the R&E community. This design shall be used to create a reference implementation for the open source community, but it will enable other vendors to offer similar products as well. 

The activity will contain the following tasks:

IdP as a Service Software Design
Creation of a specification that describes a Minimum reference architecture and Minimal Viable Product definition for an IdP as a Service platform in the context of R&E federations. We validate this against the eduGAIN community and present it as a baseline for any IdP as a Service offering.
This way we offer value as we set the baseline for any requirements and potential procurement by NRENs or federations.

Creation of a Reference implementation
We create a Reference implementation of the above ‘IdP as a Service baseline’. This reference implementation provides a simple, easily deploy-able solution that offers techncally all the features of the ‘IdP as a Service baseline’. Support is however out of scope. It is an open source product which may be picked up by whoever wants to use it. We may support an NREN community around this product. We should make running this IdP as a Service platform as easy as deploying a Wordpress instance. Yet clearly, to offer such a platform properly and securely, much more is needed, which is left to the operators.

This way we create a product that can be used to validate the baseline. At the same time we offer a solution to those NRENs who need something and want to offer such a platform themselves. Finally we enable commercial vendors to offer a solution based on this if they want to do so.

Vendor products
We invite vendors to (self) asses their service offerings against the above ‘IdP as a Service baseline’. We publish these results in our community. They may offer a solution based on the reference implementation, but now including support features and possibly additional technical features. However if they have another product they want to use that is fine as long as it meets the baseline needs

The GN4-2 project developed a solution to offer an IdP as a Service solution for hosted IdPs. This incubator investigates the business case of this solution to investigate how this solution could be made into a sustainable service offering.
When the incubator is finished, a business model for the provisioning of the GEANT IdPaaS platform will be made available, defined in its fundamental parts. The business model will define for the IdPaaS platform the following key points:

1. Added value of the IdPaaS platform with respect to the current provisioninig model for Identity providers in eduGAIN / GEANT community
2. What will be the provided product: Deployment model and service provisioning scenario, after identification of the service target users
3. Key benefits for : a) End Users b) Individual Home Institutions IdP managers c) Federation operators
4. Product Service deployment requirements and service lifecycle management
5. Raugh estimate of the costs to provide the service

In addition to the business model, the Incubator IdPaaS task will work to consolidate the current provided GN4-2 platform, with the aim to:

1. Add a set of minimal required functionality to make the product consistent and attractive for target users, like:
   1. Add to the current "spawn new IdP" functionality also the "IdP management/Configuration updates" functionality.
   2. Make the platform to be an eduGAIN Service Provider accessible via federated credentials.
   3. Add the necessary hooks to onboard Home Organization IdP admins ( without federated credentials available initially).
2. Consolidate the product in terms of robustness, testing, stress testing and scalability.
3. Package the product to ease the deployment.
4. Integrate the platform with the required additional services to support a reasonable and concrete deployment scenario.
5. Document the service for
   1. End Users
   2. Service Providers
   3. Service Maintainers

Also, given the option to adopt a full fledged developed solution made available by the SAMLIDP.IO company, this task will assess the possibility to endorse this platform, further developing it where/if needed, and bless it as the provided solution as an alternative to the GN4-2 Campus IdP platform.