Seamless Access (aka thiss.io) is an implementation of the RA21 recommendations for Identity Provider discovery and persistence. The service consists of the following parts:
- An Identity Provider Persistence Service which allows SPs to launch an authentication request to the the last used IdP associated with a device/browser.
- An implementation of SAML Identity Provider Discovery which persists choices in the Persitence Service
- An MDQ implementation covering at least eduGAIN SAML metadata and implementing extensions for metadata search.
The users of the Seamless Access service are:
- Service Providers integrating the Persistence Service.
- Service Providers integrating the Discovery Service.
- End users relying on the service for Discovery and Persistence.
|Product manager||Lead Architect|
|Marina Adomeit||Leif Johansson|
Operations manager- ??
Engineering - Maria Haider, Erik Bergstrom
Operations - SUNET NOC
GÉANT representative in Seamless Access Governance Committee: Klaas Wierenga
GÉANT representative in Seamless Access Technical Committee: Christos Kanellopoulos
The SeamlessAccess Organisational chart and GEANT participation mapping is available at https://docs.google.com/presentation/d/1z6wghptHOB3l0QM_CCFL9tQbNlMq8AncufH-vMwolYE/edit#slide=id.g97fe49199d_0_0, and current snapshot is available at:
Responsibilities of operational team are defined in the OLA document.
Responsibilities of Service Operations Manager are as follows:
- Responsible for the overall operational health of the service, planning and implementing improvements.
- Manages the operational team making sure that relevant operational procedures are followed.
- Responsible to fulfil functions as defined in relevant operational procedures.
- Defines and put in place new operational procedures as required.
- Collaborates with Product manager and operational team to plan for deployment of new software releases.
- Responsible for creating and maintaining documentation related to service operations.
Responsibilities of Service Product Manager are as follows:
- Works with the UX team and SeamlessAccess Advanced Integrators to structure and conduct user research and interviews.
- Develops product requirements for each level of integration and for different stakeholder groups (publishers, research collaborations, federation operators).
- Develops a full product roadmap, and maintain it depending on incoming influences that can change priorities.
- Coordinates the work of UX and development team to fulfil the roadmap.
- Works with the Outreach Manager to ensure that SPI documentation is complete, clear and helpful; write additional documentation as needed.
- Collaborates with operational manager and development team on release and deployment plan.
- Communications with the user community on roadmap and release plan.
Service Delivery Model
Delivery of Seamless Access service is done through the Coalition for Seamless Access, a collaboration between five organizations – GÉANT, Internet2, the National Information Standards Organization (NISO), ORCID, and the International Association of STM Publishers (STM). Seamless access has in 2019 started the beta service, that will operationally run on a production level quality infrastructure and will conduct a business pilot working with first adopters. Coalition partners will seek to provide sufficient resources to meet the deliverables defined for each responsibility area as follows:
- STM: Project secretariat, publisher outreach and UX design
- NISO: Library outreach
- GÉANT: Technical development and operations
- All Parties: Governance, community engagement, and other deliverables as mutually agreed by the Parties
The service consists of the following main components:
- Commercial CDNs used to deliver web artifacts (JS, HTML, CSS) to end user browsers.
- Frontend software https://github.com/TheIdentitySelector/thiss-js, to be implemented by Service Providers.
- A backend consisting of an MDQ implementation with search extensions enabled (currently pyff.io).
Discovery service searches for substring in one of the metadata elements that are defined in entity_extended_display_i18n in https://github.com/IdentityPython/pyFF/blob/master/src/pyff/samlmd.py.
Documented at Seamless Access Deployment Architecture
All software components except the CDN are configured and maintained using cosmos+puppet infrastructure at https://github.com/TheIdentitySelector/thiss-ops. Documentation in the docs directory. Monitoring is done using nagios generated automatically from service configuration. Additional monitoring is done using pingdom. Status.io is used to communicate service status.
Cost Benefit Analysis (CBA)
Not applicable at the moment