Monday, 2 April 2012

Identity before Authentication

Breakout Session - The Importance of Global Identity to Education led by Mark Williams

This session examined the many problems of a users identity, how that identity is established and how the user gains access to the protected resources they were looking for. The key theme was:

You shouldn't need a piece of string to navigate the internet

And yet in many cases the process of getting to a resource can be complicated and time consuming and many users get frustrated and give up.

At this point in the session Mark demonstrated the process of getting to an article through Shibboleth from a URL someone had sent to him in an email.

First click on the URL, select the PDF, get taken to a pay per view screen. Realise that you already have access and so select the tiny institutional login at the bottom of the screen. Skip over the username/password option and finally get to a list of countries, scroll to the bottom of this list, choose UK, enter details, website automatically takes back to the journal homepage and you have to find the article all over again.

He suggested ways that publishers can improve these processes. For example, how does the real-estate on your login screen divide? Is it a large individual login box, as in the example, with a small institutional option off to one side? Test how these choices affect abandonment throughout the process. Make the user journeys as simple as possible for as many users as possible. Remove the need for the string, journal sites should not be a labyrinth.

Publishers need to think about when login should be as well as where. Get sharing options to provide a one click to article experience. And provide clear logged out wording as well as dealing with login failures in clear language: we could not login you in because ...

Mark then went on to discuss the trend for portals and half-jokingly termed it:
One ring to rule them all

But he stressed that publishers cannot expect all users to be channelled into the same pathways, and that there is a need to offer sign-in at any point during the article or resource discovery process. As a way to start standardising this he referenced the recent espresso (Establishing Suggested Practices Regarding Single Sign-On) document published by NISO which provides crib sheets of best practice for publishers to consult during development programs.

Espresso is not just about authentication. It includes discussion around design of landing pages, discovery pages, protected pages, login pages (institution), and recommendations on rewriting open URLs, use of SP and error handling and branding.

Mark then opened the floor to discussions around things we would like from JISC - as a mixed room of publishers, librarians and vendors this proved to be an interesting and lively discussion. Key recommendations from the attendees spread beyond the remit of JISC but were very thought provoking, these included:
  • A glossary of key terms and acronyms
  • Error diagnostics - is the system working or is it me?
  • A widget that is the best practice implementation and is downloadable and customisable for publishers and librarians
  • Geo-location on drop-down menu on login form on JISC
  • Subdivisions within institutions

No comments:

Post a comment