Subject RE: comments on eduID
From <J.Paschoud@xxxxxxxxx>
Date Wed, 21 Oct 2009 09:09:34 +0100

Bob makes several important points that we need to think about
carefully, particularly:
> Since we're from academia, we might say:  we don't care, as 
> long as our users are served.  For many SPs, that may work.  
> But it is my strong feeling that as we go forward many SPs 
> will not want to lock themselves in to a federation approach 
> that is sector-specific.  And when I say "lock in", I mean 
> it:  once eduID is on lots of sites and millions of users 
> have been trained to click on it, it will be around more or 
> less forever.  SPs serving many communities, making a 
> commitment to federated access, will want to use an approach 
> that can work for their whole user base, not one that is 
> intentionally, and irrevocably, limited to only one part of it.

In the UK we know how difficult it's been to dislodge the end-user
perception that some massive database service called "Athens" (or 'in
Athens' in the minds of some users?) had some kind of monopoly
arrangement to host almost all online resources of interest to
academics.  We don't want to be doing that again, in a few years time!

I'm for a single (therefore global) recognisable branding for the sort
of AM process we want users and services to converge on  - if only as a
tangible demonstration of that convergence.  But, like Bob, I'm worried
about us locking-in a perception that this is "only for education".

I don't think I've digested all of Bob's positive suggestions yet, but:
> (b) Take a publisher's user-confusing "login technology page" 
> (oy) and redesign it around the idea that federation will be 
> the main way to login going forward.  See if this can be done 
> without attaching a name to the federation choice.  Try it 
> out on users.  If successful use the before/after to show 
> publishers the way.
> (c) Use a modern UI toolkit to do an attractive dynamic 
> search box for finding an IdP.  Do user studies, do cool 
> demos, give away the code.
> (d) Try out some options for the label on the dynamic search 
> box.  As a starting point let me suggest the venerable:
>    Where are you from?

...highlights that the JISC Publisher Interface Study, whilst making
significant progress, did *not* include enough actual testing with
end-users; nor with a wide enough spectrum of end-users (ones
unconnected with UK academia for example) to be a sound basis for
deciding on a global standard identity.

End-user testing of FAM is hard enough.  It's not something users want
to do (it's generally an obstacle to what they really want to do).  We
scratched the surface in Project FLAME, concluding that "users did not
understand what was going on".  We've just proposed further work to the
JISC AIM Call in a project called Devolved Access Management Usability
(*not* to be acronymised to anything reading as "DAMn Users!"  -
obviously ;->).  

But this requires something on a seriously larger scale (i.e. done in a
way that would be economic across several countries) and REFeds is
probably the best place to start working out how that could be achieved
(Sorry I won't be at the meeting).

John Paschoud
Projects Manager & InfoSystems Engineer
LSE Library

Please access the attached hyperlink for an important electronic communications disclaimer: