There has been a lot of discussion on UK lists recently about the ‘discovery problem’ with federated access management. I think this can actually be translated in to three questions:

1. How do users know which ‘log-in link’ to click on when they are presented with a variety of options such as ‘organisational log-in’, ‘athens log-in’, ‘account log-in’ etc. and which credentials do they use?
2. Can users (and Service Providers) cope with the WAYF approach and should this be federation-centric or service provider-centric?
3. How do institutions ‘brand’ the log-in page they present to users and describe the network or institutional log-in, and can we gain consistency in use of this language?

There are a variety of opinions of how this should be done. Below, I’ve recorded my personal thoughts in relation to this, but I’d be very interested to hear from others…

• Identity Providers should use institutional branding on log-in pages where-ever possible, and particularly if the credentials for federated access are the same as a user’s typical organisation log-in.
• If an IdP uses different credentials for federated access management, they may wish to consider using UK federation branding to help differentiate. Some guidelines are available here. It is worth considering whether the UK federation will be the custodian of all federated access transactions before making this decision (i.e. internal federated resources, other collaborative resources etc.).
• Use of a centralised, federation-controlled WAYF is clearly not the most effective way of carrying out discovery and should be used as a ‘last resort’ when Identity Providers or Service Providers have no other ways of managing discovery.
• Users like embedded links in institutional repositories / portals, but more work is needed to make the creation and embedding of structured links easier and more maintainable.
• Service Providers should think long and hard about how they present log-in links to users.

I think there is some work for the access management team here…but there are some really good examples of good discovery in action.

From the Identity Provider perspective, I really like the approach taken by Margaret Flett at UCL, as described in her presentation to CPD25.

From the Service Provider perspective, I like the elegance of the SP-side WAYF created by JSTOR, which combines both Athens access and devolved access in to one process.