Seamless Access (aka thiss.io) is an implementation of the RA21 recommendations for Identity Provider discovery and persistence. The service consists of the following parts:
- An Identity Provider Persistence Service which allows SPs to launch an authentication request to the the last used IdP associated with a device/browser.
- An implementation of SAML Identity Provider Discovery which persists choices in the Persitence Service
- An MDQ implementation covering at least eduGAIN SAML metadata and implementing extensions for metadata search.
The users of the Seamless Access service are:
- Service Providers integrating the Persistence Service.
- Service Providers integrating the Discovery Service.
- End users relying on the service for Discovery and Persistence.
|Service Owner||Lead Architect|
|Marina Adomeit||Leif Johansson|
Engineering - Maria Haider, Erik Bergstrom
Operations - SUNET NOC
GÉANT representative in Seamless Access Governance Committee: Klaas Wierenga
GÉANT representative in Seamless Access Technical Committee: Christos Kanellopoulos
Service Delivery Model
Delivery of Seamless Access service is done through the Coalition for Seamless Access, a collaboration between five organizations – GÉANT, Internet2, the National Information Standards Organization (NISO), ORCID, and the International Association of STM Publishers (STM). Seamless access has in 2019 started the beta service, that will operationally run on a production level quality infrastructure and will conduct a business pilot working with first adopters. Coalition partners will seek to provide sufficient resources to meet the deliverables defined for each responsibility area as follows:
- STM: Project secretariat, publisher outreach and UX design
- NISO: Library outreach
- GÉANT: Technical development and operations
- All Parties: Governance, community engagement, and other deliverables as mutually agreed by the Parties
The service consists of the following main components:
- Commercial CDNs used to deliver web artifacts (JS, HTML, CSS) to end user browsers.
- Frontend software https://github.com/TheIdentitySelector/thiss-js, to be implemented by Service Providers.
- A backend consisting of an MDQ implementation with search extensions enabled (currently pyff.io).
Discovery service searches for substring in one of the metadata elements that are defined in entity_extended_display_i18n in https://github.com/IdentityPython/pyFF/blob/master/src/pyff/samlmd.py.
Documented at Seamless Access Deployment Architecture
All software components except the CDN are configured and maintained using cosmos+puppet infrastructure at https://github.com/TheIdentitySelector/thiss-ops. Documentation in the docs directory. Monitoring is done using nagios generated automatically from service configuration. Additional monitoring is done using pingdom. Status.io is used to communicate service status.
Cost Benefit Analysis (CBA)
Not applicable at the moment