The GN4-2 project developed a solution to offer an IdP as a Service solution for hosted IdPs. This incubator investigates the business case of this solution to investigate how this solution could be made into a sustainable service offering.
When the incubator is finished, a business model for the provisioning of the GEANT IdPaaS platform will be made available, defined in its fundamental parts. The business model will define for the IdPaaS platform the following key points:

1. Added value of the IdPaaS platform with respect to the current provisioninig model for Identity providers in eduGAIN / GEANT community
2. What will be the provided product: Deployment model and service provisioning scenario, after identification of the service target users
3. Key benefits for : a) End Users b) Individual Home Institutions IdP managers c) Federation operators
4. Product Service deployment requirements and service lifecycle management
5. Raugh estimate of the costs to provide the service

In addition to the business model, the Incubator IdPaaS task will work to consolidate the current provided GN4-2 platform, with the aim to:

1. Add a set of minimal required functionality to make the product consistent and attractive for target users, like:
   1. Add to the current "spawn new IdP" functionality also the "IdP management/Configuration updates" functionality.
   2. Make the platform to be an eduGAIN Service Provider accessible via federated credentials.
   3. Add the necessary hooks to onboard Home Organization IdP admins ( without federated credentials available initially).
2. Consolidate the product in terms of robustness, testing, stress testing and scalability.
3. Package the product to ease the deployment.
4. Integrate the platform with the required additional services to support a reasonable and concrete deployment scenario.
5. Document the service for
   1. End Users
   2. Service Providers
   3. Service Maintainers

Also, given the option to adopt a full fledged developed solution made available by the SAMLIDP.IO company, this task will assess the possibility to endorse this platform, further developing it where/if needed, and bless it as the provided solution as an alternative to the GN4-2 Campus IdP platform.

• Collect requirements from the R&E community
• Define a software specification and design based on the community requirements
• Develop a prototype that implements all basic requirements
• Provide all basic required functionality
• Gather initial feedback from potential users

The the software created is based on the already existing open source software samlidp.io (https://github.com/samlidp/samlidp.io). This software does already include a sound code base and was already used in production at samlidp.io

Technologies: PHP, Simphony, SimpleSAMLphp

The business case of this activity is to enable NRENS to offer an IdP as a Service solution by providing them a software solution that supports the automatic deployment and management of R&E compliant IdPs.

• The software design generally allows compliance to CoCo and GDPR requirements.
• The software itself is based on commonly used technologies and implements state of the art security measures to ensure security, privacy and data protection.
• The implementation of security measures and compliance to privacy and local laws is up to the organization using the software to offer a service.

This activity is successfully finished when:

• A feature specification of a software that supports an IdP as a Service offering is described
• A technical design and reference architecture of the software is created
• The specification and design package is published and verified by the community
• A software prototype using the specification and design is implemented
• The prototype is documented and publicly available

The aim of the Incubator is to deliver a sustainable open source software to the community.

A long term goal is to gather organizations from the R&E community to take care of the software. A further involvement of the Incubator or the GÉANT project is not in scope of this activity. There might be consecutive activities started if demanded by NRENS.

Ongoing