UZH.9

AMAAIS (Phase 3)

Long Title: Accounting and Monitoring of AAI Services (Phase 3)
Leading
Organization:
Universität Zürich
Participating
Organizations:
ETH Zürich
SWITCH - Teleinformatikdienste für Lehre und Forschung
Domain: AAA
Status: finished
Start Date: 01.03.2011
End Date: 30.08.2012
Project Leader: B. Stiller
Deputy Project Leader: M. Waldburger
Website: http://www.csg.uzh.ch/research/amaais

During this third phase the team will design and implement security and charging extensions. New functionalities to meet forward-looking needs such as cross-domain interchange of aggregated accounting information, customizable usage reports and integration into a monitoring tool with alerting are planned as well as extensive testing with users in a productive environment.

(See also Phase 1, Phase 2 and Phase 4)

Goals

The major goal of the AMAAIS project is to extend the existing AAI infrastructure and its services offered. This extension includes accounting and monitoring functionality, which will enable the cross-domain charging and supervision, driven by the respective management functions, of many AAI services today.
Since Phase 1 has determined the key architecture of AMAAIS, Phase 2 has completed a fine design of the basic functions needed as well as an implementation of selected functionality. Thus, since the feasibility of this approach has been demonstrated, in AMAAIS Phase 3 the need for

  • a completion of the system,
  • an addition of new functionality into the implementation, and
  • trials with users and services under operational constraints

will be addressed.
Accounting and monitoring have been focused in Phases 1 and 2 - and will be focused in Phase 3 as well.
Charging will be newly focused in Phase 3. The major results foreseen cover

  • a pre-product stability of the AMAAIS protocols and components,
  • a suitable approach for enabling the charging of resource-intense services of AAI,
  • and security and privacy aspects being considered.

Phase 3 extensions relate not only to a content- and implementation-wise completion of the system, they also embrace the addition of new functionality and trials under operational conditions. Completion addresses the path taken in accounting and monitoring extensions. It foresees, for instance, the existing statistical evaluations to newly cover forward-looking needs too, such as cross-domain interchange of aggregated accounting information, customizable usage reports and the integration into a monitoring tool with alerting (Nagios). Addition of new functionality addresses new paths to be taken beyond accounting and monitoring. It foresees the design and implementation of security and charging extensions. The trials under operational constraints, finally, address an extensive testing of existing extensions with users and in a productive environment.

Detailed Topics

Operational Extensions and Trials

  • Specific system, configuration, and operational testing - combined with measurements - to an understanding of stability and performance improvement of AMAAIS.
  • Planning for processes in operations.
  • Investigations on the definition of terms and conditions (service AGBs) or a clear relation to service providers' legal domains and contracts.
  • Embedding of the AMAAIS prototype into the existing infrastructure and combining it with a selected number of useful services offered: University-/ETHZ-based trials with AMAAIS 1 and 2 results for the existing use cases of printing and SMS. Collection of accounting data for all the SMS sent through the ETHZ SMS Web Gateway and collection of accounting data of several printing servers. Both will be tested with live data using on-production systems.
  • Investigations and brief guideline developments on the deployment of the AMAAIS software and processes to ensure an easy deployment, a documentation for sites planning to run AMAAIS components (installation guideline), a guidance for the integration of services into AMAAIS technology, and testing instructions.

Technology and Functionality Extensions

  • Determining and addressing in detail (requirements, parameters, configurations, and settings) alternative use cases, such as network access, database access (e.g., library), or archive access.
  • Detailed implementation, deployment, testing, and operational evaluation of a newly selected range of those use cases. This task includes the elaboration of test cases, expected results, and a cycle where implementation bugs can be corrected. An installation package is also expected to ease the deployment of AMAAIS software.
  • Fine design and implementation of the accounting functionality across domains, which is based on the concept developed in Phase 2, and which includes forwarding policies and configuration, anonymity and attribute filtering (e.g., removal of a user name from a record), and interfaces to third party systems, such as data bases, their interfaces, and access schemes.
  • Optimization of accounting record storage for an operational service, which addresses data bases and record archiving, and implementation of related fail-over, loss and duplication mechanisms (secondary server).
  • Addressing a further integration into Shibboleth-based AAI, e.g., to use federation meta data files for the distribution of configuration elements, which improves the system's configuration.
  • Definition and development of a direct charging module, which can work across domains by design and will be service-dependent (driven by use cases and scenarios investigated).
  • Fine design and implementation - based on the existing developed concept of Phase 2 – of an extension for accounting attributes into accounting attributes composed from group-based values.
  • Developments of extensions of visualization and evaluation functionality of accounted for data and information by providing interactive reports to visualize data on the accounting server, a set of customizable templates for reports, and the export of accounting data in different file formats, such as CSV or XLS.

Security and Privacy Extensions

  • Detailed investigation and considerations of firewalls between Service Provider domains and user domains with respect to the new Shibboleth-based accounting extensions and their storage requirements, and relations to inter-domain record exchanges and anonymity.
  • Design and implementation of a stronger security for accounting record encryption across domains.
  • Analysis of possibly stronger needs in terms of privacy aspects at various components and processes within the AMAAIS Architecture.
  • Determination of a compliance check with data privacy acts and regulations with respect to the data storage, their handling, and the user ID management.

Back