a new slant on the discovery problem
Wed, Jul 7, 2010
For a long time now, users of e-resources that offer Shibboleth access have been confronted with the discovery problem. That first hurdle one must jump to get anywhere near the resource. The supplier must ask you, “Where Are You From?” but because you can’t speak to a web site and say “University of Blah”, you’re presented with the WAYF service, where you get to scroll endlessly through hundreds or thousands of institutional identity providers, if you don’t know the exact name of your institution as it is known to, for example, the UK Federation.
I’ve been a great fan of WAYFless URLs and probably a bit of a zealot in this area as there really is no need to force a user through a WAYF if the supplier supports WAYFless URLs. Such a URL takes the user directly to their institutional identity provider’s login page, otherwise known as their Identity Provider (IdP). Two click access. One on the link, one on the login button. Voila, discovery problem solved. However, not all suppliers have WAYFless URLs and they mostly all have their own versions of a WAYF service, which is confusing to the user and more than a bit annoying. The supplier has a resource the users wants, the user knows where they’re from and yet the supplier insists the user must trawl their awful WAYF.
But I failed to mention an even earlier barrier to entry to Shibboleth enabled resources. What on earth do you call the login link? Most suppliers call it anything they like. Shibboleth Login, Academic Login, Institutional Login, This Access, That Subscription and each with a different logo. It’s just a mess and that’s where the JISC federated access branding study is coming from. Andy Powell over at eFoundations doesn’t really see a case for this but it’s a long time bugbear of all users of federated resources. Just what on earth link do you follow when you get to the front page of a site? There’s no consistency and that just leads to confusion for users. Normally, you associate branding with marketing and targeting segments and spam and making dosh but in this case, it’s really about making life easier for the user. Facebook users have it easy. There is one logo and one set of terminology. Federated access jargon and appearance is apparently infinite. Indeed, I rambled on about this at McShib back in 2007: McShibb_Edinburgh_141207 [PDF]
Andy also doesn’t like the idea of library portals and I must say I tend to agree, a bit. I don’t like portals. A portal designed to host certain types of resource will eventually become a repository for everything under the sun. Users end up bookmarking portal resources and sending out the bookmarks to their students who use the session specific bookmarks and can’t get in or, in some cases and I have seen this, getting in as the bookmarker as the session is both functionally broken and still there. But there are cases where portals are useful. When an institution wants to host links using WAYFless URLs is a prime example. Perhaps not a portal in the normal sense of the word. For instance we use the library catalogue where the MARC records hold either WAYFless SAML or ezproxy URLs. Users might not want to use the system but if they do, their federated journey is much smoother than that of a user bobbing on the high seas of Google Ocean.
For that is where the discovery problem is still a real issue. Although you can host thousands of “pre-discovered” URLs in your library catalogue, users will find resources they’re entitled to use via Google and they’ll end up at the front page of the supplier with no idea what to do next. At this point, we’re back in the stone age with a plethora of logos and jargon all offering access and none offering any clues to their use. This is where the JISC Service Provider Interface Study comes in. It’s an attempt to straighten the Leaning Tower of Babel and make self discovered resources easier to access.
So there still isn’t a solution to the discovery problem but Andy has been working on a demo that might look interesting if I didn’t know what was coming. At the moment it has three login options, one of which is immediately applicable to the JISC interface study. “Institutional account”. Wot’s that then? I’m only putting myself in a user’s shoes as I must often do when developing things like this. I’ve been in the SAML game since the early days of JISC involvement, developing Guanxi as an alternative Shibboleth/SAML implementation, so I do have a lot of experience with this sort of thing. The other problem I see is the one XAuth is meant to solve. Eventually, the popup box is going to explode with hundreds of icons and one liners hawking their access wares in the social bazaar and it’ll become as unusable as the WAYF it’s meant to replace. Also, it presupposes a user knows what their institution is called by the entity with which they are interacting. In this case, the UK Federation in its metadata guise. Although having said that, it prolly won’t be that great a problem if a decent search is implemented. The main problem I see is it’s attempting to solve the discovery problem in a way that produced the egg from which the XAuth chicken hatched. Now, I’m no fan of XAuth, in fact I detest going to websites that display a blurb at the top crowing “Welcome Google friend”, as XAuth has sniffed my Google cookies. I’m no friend of your’s, pal! So I went to the XAuth site and turned it off, whatever that actually means.
It’s early days yet and I’d recommend reading Andy’s post as it has lots of links I won’t duplicate here but I’ll be keeping an eye on it to see what develops. Might even offer to help out if the opportunity arises.