© 2012 UZH, CSG@IFI 1

The Design of a Single Funding Point Charging Architecture (SFP-CA)

Christos Tsiaras, Martin Waldburger, Guilherme Sperb Machado,Andrei Vancea, Burkhard Stiller

{tsiaras,waldburger,machado,vancea,stiller}@ifi.uzh.ch

Department of Informatics IFI, Communication Systems Group CSG, University of Zürich UZH

Budapest, August 31, 2012EUNICE 2012

Motivation

Requirements

Components

Architecture

© 2012 UZH, CSG@IFI 2

Motivation

Institution & federation expenses decrease– Cautious user resources requests– Unnecessary infrastructure replication avoidance

User- instead of service-dependent funding accounts– A missing feature from Single Sign-on (SSO) systems– Not the case in the majority of federations today

Inter-domain charging capability– Make sense for costly services

• NOT for eduroam / YES for printing, Short Message Service (SMS), VoIP– Today this is a privilege only for Mobile Network Operators (MNOs)

and banks Real-time service access decision making functionality

– Today is mainly offered only by MNOs A Single Funding Point Charging Architecture (SFP-CA) as an add-on for

SSO systems in federated environments is essential

© 2012 UZH, CSG@IFI 3

Use case: SMS service @ ETHZ

SMS offered by the Eidgenössische Technische Hochschule Zürich (ETHZ)– SMS gateway– Agreement with an operator

• The more SMS are sent the better the price per SMS is

Assume that the University of Zurich (UZH) is willing to offer the same service– A second SMS gateway is needed

• Infrastructure cost (purchase, setup, maintain)– A separate agreement with an operator is needed

• Best case: The same price will be achieved

Low SMS service load @ ETHZ– The existing infrastructure could serve all federation members– Better agreement with the SMS operator could be achieved!

© 2012 UZH, CSG@IFI 4

SFP-CA Requirements

organizationVirtualFundsAccount

ServiceTariffMap

ServiceUsageConstraints andLimits

Interruption Service Trigger

userVirtualFundsAccount

SMS: 10 BC Min: 0 BC . . .

© 2012 UZH, CSG@IFI 5

Virtual Funds Accounts (VFAs) uVFA

– One per user– Credits used to pay the

requested resources– In postpaid solutions negative

values are allowed– Created by user's IdP

oVFA(A)

oVFA(B)

oVFA(A)

oVFA(B)0

-x

x

↓

↑ ↓

↑

oVFA– Each organization has one oVFA for every

other organization in the federation– If a user from organization A use

resources at B then oVFA(A) ↓ and oVFA(B) ↑

• If a payment has been done thenoVFA(A) = oVFA(B) = 0

• If oVFA(A) + oVFA(B) ≠ 0 then Charging Data Record (CDR) transfer error occurred

© 2012 UZH, CSG@IFI 6

SFP-CA Components

Authentication and Authorization Infrastructure (AAI) / Single Sign-On (SSO) System

Organization

IdentityProvider

ChargingRateManager

ChargingManager

AccountBalanceManager

User

ServiceProvider

SMS: 10 BC Min: 0 BC . . .

Service Provider Manager (SPM)– Service Providers (SPs) and users

location-independent charging Charging Rate Manager (CRM)

– Support of event- and session-based services

Account Balance Manager (ABM)– Support of prepaid and postpaid

payment method Charging Manager (CM)

– Support of multiple organizations, which belong on the same federation

Service Provider Manager

© 2012 UZH, CSG@IFI 7

Charging scenarios that can be handled by the SFP-CA

his home organizationwhich is charging...

The service is providedto the user by...

a foreign organizationwhich is charging...

the user using a...user's homeorganization, using a...

- VoIP- Printing

- VoIP- Printing

- VoIP- SMS

offline chargingmethod

offline chargingmethod

online chargingmethod

and then user's home

institution will charge...

© 2012 UZH, CSG@IFI 8

Service UsageConstraints &Limits

SFP-CA

AAI / SSO System

Organization A

IdentityProvider

ChargingRateManager

Service Provider Manager

InterruptionServiceTrigger

ChargingManager

AccountBalanceManager

User

userVirtual Funding Account

organizationVirtual Funding Account

Multiple times interaction

One-time interaction Service request

Organization B

IdP

CM

ABM

User

uVFA

SUCLoVFA

This domain does not offer a serviceServiceTariffMap Service

Provider

© 2012 UZH, CSG@IFI 9

Summary & future work The SFP-CA enables the inter-domain charging

functionality for federations– User & organization level

The SFP-CA enables the real-time service access decision making– Grant access– Interrupt service

The SFP-CA handles a large scenario set of charging requests– Local & guest users– Event & session based services– Offline & online charging

SSO system + SFP charging mechanism => Efficiency Implementation of the SFP-CA (printing, SMS, VoIP)

© 2012 UZH, CSG@IFI 10

Q&A