WAYF now has 10 million logins a year
Royal Society of Chemistry now a WAYF service
WAYF unaffected by "Shellshock"
A vulnerability in the bash shell has recently been discovered making it possible to execute arbitrary code on Linux/Unix machines over the net. WAYF's servers are not affected by the vulnerability, which has been dubbed Shellshock.
Payment model for the WAYF service
Since 2013 WAYF has been one of the services provided by DeIC (Danish e-Infrastructure Cooperation) as part of the Danish Research Network.
WAYF has so far been funded through development grants, and it was always the intention to introduce user funding of operations at some point. According to the agreement between the institutions and WAYF, the time for this transition should have been the beginning of 2013; however, to the benefit of the institutions, user funding has not been introduced yet.
Until the end of 2012, WAYF was a development project jointly funded by DeIC (the Danish Research Network), the Danish Ministry of Culture, and the Danish Ministry of Education. Funding of operations by these entities will continue until January 1, 2015. At that date, user payment will be introduced.
This is of no significance to those institutions connected to the Danish Research Network: Their financial contribution to WAYF is included in the existing budget, and the introduction of user funding will not imply any further expenditure for them.
The payment model for WAYF applies the same principle as that for the Danish Research Network.
The cost of standard connections to the Research Network is distributed across the institutions connected, based on the totals of their regular operating costs. A few institutions pay separately for special services in addition to the standard connection. Each institution pays 1,5‰ of its operating costs as a standard contribution the Research Network.
The total budget for WAYF operations and maintenance in 2014 is 4 million DKK. Collecting from the institutions using WAYF today 0,1‰ of their operating costs will generate sufficient income to consolidate basic operations at the current level. For this reason, the price for using WAYF has been fixed at 0,1‰ of an institution's operating costs.
As a result, 2.863 million DKK are collected from those institutions connected to the Danish Research Network as their contribution to the funding of WAYF. This amount is already included in the budget and will not imply any further expenditure.
Institutions unaffiliated with the Danish Research Network
DeIC is currently sending letters to those institutions using WAYF without connections to the Danish Research Network, notifying them that payment will be introduced for WAYF.
The total revenue generated from these institutions is expected to amount to 1.385 million DKK in 2015.
Each institution can tell from the letter how much it will have to pay.
As not all of the 2013 annual accounts were available at the time of calculation, those of 2012 have been applied as bases. For invoicing in the beginning of 2015, the figures of 2013 will be applied as bases for the final distribution of contributions. Special rules for payment apply to institutions that are in the process of connecting to the service. These appear from the letter.
Institutions now being notified of future payment but with no wish to continue to use WAYF are requested by DeIC to report this before September 1, 2014. They will then be able to use WAYF for the rest of the year.
WAYF, now featuring responsive design
Two WAYF functions (the list of IdPs and the user consent dialogue) have been updated, now featuring ‘responsive design’, supporting multiple display resolutions (PC, tablet, phone). Also, the graphical layout has been simplified and now loads faster. Info about the performed browser test can be found here.
WAYF a Virtual Campus Hub contributor
WAYF contributed with infrastructure and know-how to the EU-funded project Virtual Campus Hub, which aims a developing new ways of collaboration and teaching green energy.
An article describing the success.
Heartbleed and WAYF
On April 8, 2014 a serious bug was discovered in the OpenSSL open-source library that enabled attackers to read the memory of servers and clients, thereby gaining access to highly sensitive data such as private keys and passwords. The bug has been dubbed Heartbleed and been assigned the CVE ID of CVE-2014-0160.
WAYF has, on occasion of Heartbleed, reviewed its setup to clarify if WAYF servers have been exposed.
The review showed that none of WAYF's central machines had been exposed to Heartbleed. Only those machines delivering the BIRK interface for WAYF had the vulnerability.
Thus, the few service providers utilising BIRK might have been affected. Consequently, BIRK services should update their BIRK metadata, which their servers should already have been configured to do regularly.
More systems have been exposed indirectly, having used the same asterisk certificate as BIRK. This certificate has been replaced.
Other than that, WAYF has tested remotely the Heartbleed vulnerability of servers of connected services and institutions, and notified those organisations having been found to have vulnerable servers.
Finally, a number of internal WAYF systems were found to have been exposed. They have all been upgraded and had their certificates replaced.
The task of securing WAYF servers was completed on April 9, 2014.
WAYF to attend EIC in Munich
Going to EIC in Munich? Don't miss WAYF's presentation (by David Simonsen) about the economic benefits of eID federation, Tuesday, May 13.
Six years of WAYF
On March 28th, 2014 WAYF is celebrating six years of production-level federation.
Many of the guests expressed satisfaction (see photo) with those six years' reported total downtime of less than 30 minutes.