2015 SAFIRE Workshop

SANReN, TENET and ASAUDIT successfully hosted the second Federated Identity Workshop in Pretoria on the 27th February 2015. This workshop was attended by 18 Universities and 7 science and research institutions.

The goals of the workshop were to:

  1. Provide feedback to the community regarding the work that has been done on the pilot implementation.

  2. Discuss the future of SAFIRE and explore alternatives.

  3. Elect a new Steering committee and to crystallise a clear mandate for the committee.

  4. Discuss efforts to assist in the roll out of SAFIRE in the future.

  5. Get the community’s opinions on the services that SAFIRE needs to focus on moving forward.

  6. Discuss how to better communicate SAFIRE and how to develop a brand around it.

Feedback to the community

Members of the pilot project team and the Steering Committee provided details into the development of the SAFIRE pilot. This included an overview presentation that brought the attendees up to speed regarding the work done on the pilot project to date. The project was logically divided into three streams, together building the pillars of SAFIRE. These were:

  1. The Policy stream

  2. The Technical stream

  3. The Governance stream

The tasks of all three of the streams were completed by the time of the workshop. The only outstanding task of the streams is the implementation of the automated meta-data exchange, which will be imminently implemented.

This session also included a demonstration of the SAFIRE pilot implementation. This was done by asking the IT director of UCT to use a federated logon onto a service that he had not previous used, MCONF.

The demonstration was followed by a discussion on the various lessons learnt during the implementation of the project. It was identified that the lack of a clear direction or mandate for the steering committee was problematic from the start. Additionally, many of the issues that the project team faced could have been avoided by proper communications – a topic that was discussed in detail towards the end of the workshop.

The session concluded with a talk around the governance of SAFIRE moving forward. As a transitional step, SAFIRE will be “hosted” by TENET, but in the longer term, especially at the stage when funding needs to be collected for the continued operation of SAFIRE, a governance structure needs to be decided upon and agreed to by national departments like the DST or the DHET.

The future of SAFIRE

Various scenarios for the operation of SAFIRE was presented together with the required funding for each scenario. It was made clear that with the current transitional governance of SAFIRE, dedicated personnel would need to be assigned to the project. The current mode of operation (using existing employees’ time to operate SAFIRE) would not achieve the kind of speedy community penetration that is required to make the federation useful. Several burning questions were discussed including whether there are alternatives to the way that the project team has decided to implement the federation.

One of these alternatives was discussed in detail: using the Microsoft cloud federation. A proof of concept using three institutions was presented. The advantages of the cloud solution was the speed of deployment as well as access to many thousands of existing services that already exist on the Microsoft cloud. There was a discussion around how the cloud solution compared with the pilot implementation of SAFIRE. A proposal to use the Microsoft cloud federation was put forward to the community for consideration.

The election of a new Steering committee

A new steering committee was necessary to guide the project in this new transitional phase of operation. There was a discussion around the mandate of the steering committee in this phase. There was no agreement on the mandate, but rather than cancel election, it was decided that a committee be voted in and subsequently, they would propose a “terms of reference” for themselves that would then have to be accepted by the community writ large.

The composition of the committee was decided to be:

  • 1 member nominated from TENET

  • 1 member nominated from ASAUDIT

  • 1 member nominated from SANReN

  • 2 members voted in from the University community

  • 2 members voted in from the Science & Research community

Sakkie Janse van Rensburg (UCT) and Guy Halse (RU) were elected by the universities present and Jasper Rees (ARC) and Jeremy Main (SKA) by the science and research institutions present at the event. TENET, ASAUDIT and SANReN will make their representatives know within the week.

Rolling out SAFIRE

There were two main topics discussed in this session:

  1. the selection of attributes for SAFIRE

  2. a proposal to get funding to get trainers from overseas to provide some sort of train-the-trainers session.

In the discussion around the attributes required by SAFIRE, it was agreed that some sort of community agreement on the required attributes needed to occur. The attributes that are generally used within a Federation is largely dependent on the requirement of the services that are available within that federation. The principle of using only the least number of attributes to make a service work was discussed. Ultimately, since deciding on a set of attributes using an open forum is not viable, a process to decide upon a set of attributes was proposed and accepted.

Regarding the wider roll-out of SAFIRE, one of the possible means of achieving this was discussed. This involved a two-prong approach. Trainers from overseas would come to South Africa to train individuals to act as trainers within the community. They would subsequently train individuals from institutions to deploy SAFIRE onto their systems, or they would become part of a parachute-team to deploy SAFIRE at institutions all over the country. An estimated cost of this approach was presented to the community as well as the intention to approach a funder (DST/DHET) to fund this initiative.

Services

A list of services that the community would want in SAFIRE to make it attractive was discussed. A number of potential services was proposed by the community. It was made clear that an expectation was being made that these suggested services would immediately become part of the federation, and to mitigate this, some kind of prioritisation of services would be necessary. It was suggested that a mechanism for the prioritisation of these services be created and communicated with the community. As the first step towards this, a list of the suggested services is available on the SAFIRE website. Additional services can be suggested by commenting on the post about the services.

Communication

The final discussion for the day was around how to improve communications and marketing of SAFIRE. Various options were discussed including having a monthly newsletter as well as a “collaboration space” of some kind to discuss issues about the federation. Another important suggestion was the importance of creating a brand around SAFIRE.

SANReN volunteered to allow its soon to be appointed dedicated communications officer to be used to assist in marketing SAFIRE.

Conclusion

The workshop was well attended and there were quite a few debates about the way forward. Ultimately, the event was a success, but a lot of work still needs to be done to make SAFIRE useful for the community.

The aim is to hold workshops around SAFIRE annually, possibly in conjunction with already existing workshops (NATE, TENET SLARG, etc). Subsequent workshops will possibly have a similar acronym – e.g. SIS (SAFIRE Information Session).

South African Identity Federation