Whenever a new subscriber signs up for the Surveys service, the
application must perform configuration tasks to enable the new account.
Tailspin wants to automate as much of this process as possible to
simplify the on-boarding process for new customers and minimize the
costs associated with setting up a new subscriber. The on-boarding
process touches many components of the Surveys application, and this
section describes how the on-boarding process affects those components.
Note:
The on-boarding process touches many components in the Surveys application.
1. Basic Subscription Information
The following table describes the basic information that every subscriber provides when they sign up for the Surveys service.
| Information | Example | Notes |
|---|
| Subscriber Name | Adatum Ltd. | The
commercial name of the subscriber. The application uses this as part of
customization of the subscriber’s pages on the Surveys websites. The
Subscriber can also provide a corporate logo. |
| Subscriber Alias | adatum | A
unique alias used within the application to identify the subscriber.
For example, it forms part of the URL for the subscriber’s web pages.
The application generates a value based on the Subscriber Name, but it
allows the subscriber to override this suggestion. |
| Subscription Type | Trial, Individual, Standard, Premium | The subscription type determines the feature set available to the subscriber and may affect what additional on-boarding information must be collected from the subscriber. |
| Payment Details | Credit card details | Apart
from a trial subscription, all other subscription types are paid
subscriptions. The application uses a third-party solution to handle
credit card payments. |
Apart from credit card
details, all this information is stored in Windows Azure™ storage; it is
used throughout the on-boarding process and while the subscription is
active.
2. Authentication and Authorization Information
Each of these alternatives requires different
information from the subscriber as part of the on-boarding process, and
each alternative is associated with a different subscription type. For
example, the Individual subscription type uses a social identity
provider, such as Windows Live® ID or Google ID, for authentication, and
the Premium subscription type uses the subscriber’s own identity
provider.
2.1. Provisioning a Trust Relationship with the Subscriber’s Identity Provider
One of the features of the
Premium subscription type is integration with the subscriber’s identity
provider. The on-boarding process collects the information needed to
configure the trust relationship between subscriber’s Security Token
Service (STS) and the Tailspin federation provider (FP) STS. The
following table describes this information.
| Information | Example | Notes |
|---|
| Subscriber Federation-Metadata URL | https://login.adatum.net/FederationMetadata/2007-06/FederationMetadata.xml | This should be a public endpoint. An alternative is to enable the subscriber to manually upload this data. |
| Administrator identifier (email or Security Account Manager Account Name) | [email protected] | The Surveys application creates a rule in its FP to map this identifier to the administrator role in the Surveys application. |
| User identifier claim type | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | This is the claim type that the subscriber’s STS will issue to identify a user. |
| Subscriber’s public key | adatum.cer | The subscriber can provide a certificate if they want to encrypt their tokens. |
| Claims transformation rules | Group:Domain Users => Role:Survey Creator | These rules map a subscriber’s claim types to claim types understood by the Surveys application. |
The Surveys application will use this data to add the appropriate configuration information to the Tailspin FP STS. The on-boarding
process will also make the Tailspin FP federation metadata available to
the subscriber because the subscriber may need it to configure the trust relationship in their STS.
| The application does
not yet implement this functionality. Tailspin could decide to use
ADFS, ACS, or a custom STS as its federation provider. As part of the
on-boarding process, the Surveys application will have to
programmatically create the trust relationship between the Tailspin FP
STS and the customer’s identity provider, and programmatically add any
claims transformation rules to the Tailspin STS. |
2.2. Provisioning Authentication and Authorization for Basic Subscribers
Subscribers to the
Standard subscription type cannot integrate the Surveys application with
their own STS. Instead, they can define their own users in the Surveys
application. During the on-boarding process, they provide details for
the administrator account that will have full access to everything in
their account, including billing information. They can later define
additional users who are members of the Survey Creator role, who can
only create surveys and analyze the results.
2.3. Provisioning Authentication and Authorization for Individual Subscribers
Individual subscribers use a
third-party, social identity, such as a Windows Live ID, OpenID, or
Google ID, to authenticate with the Surveys application. During the on-boarding
process, they must provide details of the identity they will use. This
identity has administrator rights for the account and is the only
identity that can be used to access the account.
3. Geo Location Information
During the on-boarding
process, the subscriber selects the geographic location where the
Surveys application will host their account. The list of locations to
choose from is the list of locations where there are currently Windows
Azure data centers. This geographic location identifies the location of
the Subscriber website instance that the subscriber will use and where
the application stores all the data associated with the account. It is
also the default location for hosting the subscriber’s surveys, although
the subscriber can opt to host individual surveys in alternate
geographical locations.
4. Database Information
During the sign-up process,
subscribers can also opt to provision a SQL Azure™ database to store and
analyze their survey data. The application creates this database in the
same geographical locations as the subscribers’ accounts. The
application uses the subscriber alias to generate the database name and
the database user name. The application also generates a random
password. The application saves the database connection string in
Windows Azure storage, together with the other subscriber account data.
Note:
The
SQL Azure database is still owned and paid for by Tailspin. Tailspin
charges subscribers for this service.
