Whilst sitting in the tf-emc2 meeting today I have been having some idle thoughts about tiered login, and some of the issues that are still in my mind unanswered in this space. The problem for most service providers is simple – the user has to tell them what type of authentication they wish to use. This is basically what the ‘Where Are You From’ process is doing…”this is where I want to login please” may be more accurate.
People are getting more aware of the need to make this process nicer for our users, and good examples are the Kantara ULX group and the eduID work. A lot of this has boiled down to the ‘NASCAR’ approach of having lots of logos versus the WAYF process of long lists of text. Which works best?
I think it struck me today probably for the first time that educational federations are not the only providers with multi-tiered problems (i.e. you need to select a country / federation THEN an institution). This is equally true of OpenID providers – we really just click on an OpenID logo but when we do, we have to first enter our OpenID URL and then get to a login box at our chosen provider. So, luckily, we aren’t the only ones with a problem 🙂
I was considering this particularly when looking at the Kantara ULX mockup and comments and by a comment made by Brook at the tf-emc2 meeting that he doesn’t like ‘eduID’ as a brand as the institution is the brand. This I actually agree with – I’ve long been pushing the importance of users associating their educational resources as something provided (and paid for!) by the institution. eduID doesn’t seek to break this experience, it just suggests that such a logo might be appropriate as a ‘first tier’ experience rather than listing the logos of all your educational customers which for many of our service providers runs in to the 100s.
On the notes for the Kantara mock-up there is a comment ‘what would a realistic set of identity providers be?’. Well for educational resources…lots! Should we list all of the logos of all of the institutions, and is this really an improvement on a clickable list? Why, for example, do we have to chose from a long list of countries when we are giving our address to sites, and not from a list of country flags? I don’t know the answer to this as I am not by any means an expert on user experience…it is a generally open question 🙂
Brook also suggested a new approach to discovery which may add something new to the pot – I will post a link to it here when the slides from tf-emc2 appear. It might be something for those interested in this area to look at, but needs some development work first to map out what it might look like.
So, what do we do about the ‘tier’ problem? Should we get rid of the top level (OpenID, eduID) and just list out all the potential customers? Are logos better than lists? We obviously got a way to go marrying security and access requirements with an effective user experience…but its a journey that I think is well worth taking.