In the summer of 2016, the technical infrastructure underpinning the UK federation will be changing. Jisc will use this transition as an opportunity to take the lessons we’ve learned over the past 10 years to enhance the infrastructure. This will involve changes in technology, processes and functionality. The planned enhancements include: • Enhancing the Shibboleth MDA to include APIs for managing federation membership, managing domains and scopes, and managing entities with a version control repository backend. • Providing a self-service portal on the Jisc community website that makes use of these APIs • Allowing customers direct access to the APIs to make changes to metadata directly; also allowing 3rd party providers to make bulk changes. • Using a HSM to securely store the signing key and moving to an online signing model. • Making it easier to deploy new instances of the infrastructure as a whole, for the purposes of more easily spinning up new federation instances for new customer sectors – or for a (Large) Federation as a Service offering. Alongside these, Jisc will be starting to offer managed services to its customer base in 2016 – initially a managed SAML IdP, later also including Jisc Assent (Moonshot) and eduroam functionality. These will make use of the new federation management APIs, dynamically registering themselves on the UK federation whenever a new instance is spun up. In this session, Rhys will present a detailed overview of the changes to the UK federation infrastructure, discussing the reasons we’ve chosen these particular design patterns, and where we see the future of SAML federations moving towards (including rationalisation of well maintained management tool sets, whether there’s a place for a Federation as a Service offering for large federations, and whether federation operators should be using shared infrastructure where possible).