Q: What is an Access Management Federation?
ROLES
FUNCTIONS
TECHNOLOGY
POLICY
Member
"Operator"
Registrar
Aggregator
Support
Auditor
Discovery Tools
Metadata Aggregration 
Management
Identity Providers
Service Providers
Registration 
Tools
A bunch of servers!
Groups Management Tools
Each role will need tools to function,
but it is not necessarily the job of any role
to 'provide' these tools
The concept of a federation operator
is a construct of several roles.  This 
construct can be changed
?
A: A construct of ROLES, FUNCTIONS, TECHNOLOGY and POLICY that can be organised in many different ways?
q: As a funder, how do i best commission 'services' for my community?
What elements of the above do I need to fund?
How do I best commission these?
How does this fit with the service provision model?
How do I manage and monitor (SLA model)?
Statements of Practise
Rules of Engagement
Identity Assurance Profile Statements
Community Best Practise Guidelines
A Registrar will have a statement of practise.
An Aggregator will have a statement of practise. 
Registrars and 'Members' may agree rules of engagement (Current Federation Policy agreements).
Registrars and Aggregators may agree rules of engagement ('Interfederation' agreements?).
Registrars will use, but not necessarily design identity assurance profiles.
Registrars do not need to develop community best practise guidelines.
'Member' and entity registration
Maintain authoritative entity metadata
Aggregate and distribute metadata
note: IdP and SP functions largely ignored at the moment
define identity assurance profiles
audit organisations against identity assurance assertions
provide advice and guidance
provide tools for roles to use
define and agree rules of engagement
Need to think about challenging which role is responsible for different functions
do we need to define a formal role for international groups such as REFEDs?
we've created this construct
Standards Body
Governance