You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Registration and whitelisting flow, initial premises

  • Done in completely automatic fashion. 
  • SP needs to be listed in one of the metadata that SA is consuming, at the moment: eduGAIN, OpenAthens, SWAMID, InCommon
  • Technical and Administrative contact from the SP metadata are taken as contacts that SA is recognising
  • Advanced (and potentially Standard) implementors will need to register the API keys in order to call the persistence service API 
  • For API key registration domain ownership needs to be proved by inserting a defined record in their DNS? 
  • Once an API key is registered, there needs to be a process for renewal. It can be an automatic job, and the old key is left functioning if there is a job error. 
  • During the registration process, SPs need to accept the terms of use: 
    • Advanced - registration flow in the website, part of click-through, policed through API key registration process 
    • Standard - registration flow in the website, part of click-through, policed through API key registration process if mandatory for standard
    • Limited - registration flow in the website, part of click-through, no way to police


Registration of the SP and acceptance of ToS

  • Registration is done via seamlessaccess.org website. 
  • Person that wants to register SP, chooses SP from the list which is being populated from metadata SA is consuming.
  • UI presents the email addresses of the administrative/technical contacts that are registered with that SPs metadata.
  • Person needs to choose one of the email addresses to prove s/he has access to it, and then clicks "send email"
  • Person receives email with a link containing a long string. Click on that link takes s/he to the SP specific registration page on seamlessacccess.org
  • This page shows some of the data about the SP that is parsed from the metadata, with message to correct this data through SPs published metadata if needed. 
  • There are checkboxes to :
    • accept ToU (mandatory)
    • choose which SP contact email to add to the users mail list (optional)
    • choose which SP contact email to add to status notifications (?) (optional)
  •  After registration there is a log created - to be defined what information and in which format, and adding to the lists ? 


Registration of the API key

  • Need to check if SP exists in the log created in the registration flow in the website 
  • ... TO BE DESCRIBED BY LEIF


  • No labels