Authentication and Authorisation for Research and Collaboration Heiko Hütter, Martin Haase, Peter Gietz, David Groep AARC 3 rd AHM meeting Sustainability of services Sustainability and Operational models May 25 th, 2016 Presented by DavidG, NA3 coordinator 1

From AARCs perspective a number of services / architectures (SA1 pilots) should be sustained, e.g. The AARC CILogin-like TTS Pilot (see later slides for more details) The Collabora Cloud Suite Pilot (Libre Office Text, Calculation and Presentation Tools in the Cloud) Library Pilot In general there are three possible strategies to achieve a sustainable operation of a service developed within a research project: 1.Find an established public sector organization to operate the service 2.Achieve a sustainable “project-funding” / found an organization to operate the service 3.Find a private sector organization to operate the service 2 The Strategy of sustaining Services for Research

Despite having some advantages like same people have the opportunity to continue their efforts no transaction costs (know how, code,...) no (possible) interruptions... this is quite hard to achieve. Stakeholders (project partners, funding agencies,...) of the project typically don’t suspect such a move – a project is even defined as something with a defined end time. There are no well established (political) mechanisms for such efforts. In general the cost isn’t worth the effort. 3 1) Achieve a sustainable “project-funding” / found an organization to operate the service

In many cases it is possible to find an organization with a mission that aligns to the solutions the respective service provides. Often times these partners are already part of the research consortium developing the service (or pilot in our case) for obvious reasons. If you can make a strong case and convince such an organization to overtake the service after the end of the project, this is the best possible solution as already in-place sustainable public funding mechanisms get reused to sustain the service and very low transaction costs are expected (especially if the organization is already part of the research project). But there are some obstacles to overcome Service operation is different from Service development. Most research facilities focus only on development as this is part of the research (for very comprehensible reasons – there are no funding structures for operation in place,...) Apart from the established funding there is no way for the public organization to use other turnover sources => the service operation gets departed from given budget. 4 2) Find an established public sector organization to operate the service

Very critical to find the right partner early to get the right balance of compromise (clash of cultures). Apart from some general criteria (e.g. what profit margin and RoI does the possible partner expect how aligned is his vision and mission with the respective service operation how long does the partner already exist on the market... there are also some service specific criteria to check before deciding on a cooperation. To convince the private partner to take over the service it is key to have a small time to market (if it’s a valuable business plan, he should be able to ship before someone else does something similar) high expected RoI based on reliable estimations. 5 3) Find a private sector organization to operate the service

The good news: To achieve both, a short time to market and a high RoI, you simply should follow good / best practices for service development. E.g. Documentation (not only user documentation but also Administrator, Operator and Supporter documentation!) Provide and consider scaling studies Have a strong focus on user experience (the better the user experience the lower the support effort) Have Backup and Recovery built in the service (If already clear) integrate the business model into the service This is common knowledge but still many research projects focus on feature completeness until the last project day over these critical factors. Without those tackled it’s going to be hard to get a business partner take over the service. 6 3) Find a private sector organization to operate the service

Review current pilot status regarding maturity evaluate possible strategies evaluate possible partners engage with respective task team to ensure possible service operation maturity involve possible parters to start possible cooperation and develop migration plans 7 Roadmap to find the right strategies for the AARC pilots

Identify current set of policies and practices in use in R&E federations Which of the capabilities are crucial for the use cases to be successful? What specific recommendations should we make to federations (and eduGAIN) such that the use cases will ‘work’ across Europe, and we support the SA1 pilots based on them? Evolve sustainability models – AARC will not live forever, nor will it run any services! Translation services Guest identity providers Attribute authorities ‘Develop models that enable collaboration across infrastructures and domains to be successful beyond the life time of AARC’ Which pilots and activities should have a specific plan? How to we get engagement? 8 ‘Every task should have a sustainability strategy’

Some pilot federations interviewed Received data on Legal Aspects, SAML Metadata in the federation, Service Providers, Identity Providers, and Further services Results show that especially the situation wrt. to guest IdPs needs more focus currently extending questionnaire to cover more data on guest IdPs, Attribute Authorities, and attribute translation services to try to find out whether fedOps would be open to connect to the SA1 pilots (i.e. similar production systems) aligning work pertaining to the other data with GN4-1 SA1 T1.3 9 Service operational model - Federations Questionnaire

Identify current set of policies and practices in use in R&E federations Which of the capabilities are crucial for the use cases to be successful? What specific recommendations should we make to federations (and eduGAIN) such that the use cases will ‘work’ across Europe, and we support the SA1 pilots based on them? Evolve sustainability models – AARC will not live forever, nor will it run any services! Translation services Guest identity providers Attribute authorities ‘Develop models that enable collaboration across infrastructures and domains to be successful beyond the life time of AARC’ Which pilots and activities should have a specific plan? How to we get engagement? 10 ‘Every task should have a sustainability strategy’

Thank you Any Questions? © GÉANT on behalf of the AARC project. The work leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under Grant Agreement No (AARC). 11