I just can't help looking at these new "visual" programming tools such as
Scratch and the new Flash animation toolkit where you build animations by
putting jigsaw like pieces together. You never see a line of code.

http://scratch.mit.edu/

So I keep thinking about "visual" configuration.

Wouldn't it be nice to have a graphical interface with icons for SPs and
icons for each of your attributes and you could drag and drop your
attributes onto each of the SPs.

SPs want different "views" of your attributes. e.g. Athens want your
userRole and the JISC federation want your eduPerson* ones. However, users
don't have those attributes so they can't release them.

Users have first name, surname, email etc and it's the IdP's job to do a
Babel Fish on them and map them to the current federation "vocabulary".

So a user could drag/drop their First Name and Email icons onto, say,
their Athens icon and the backend would configure the ARP accordingly.

It would be a simple job for an IdP to then pop up a page with the SP's
icon, full of attribute icons and ask you if you wish to "trashcan" any
icons before continuing. i.e. remove them from your backend ARP and
therefore do not release them to that SP.

An interesting little project which I think someone here might take a look
at.

Alistair


-- 
mov eax,1
mov ebx,0
int 80h

> On Tue, 12 Jun 2007, Chad La Joie wrote:
>
>> Jon, have you found that your users are capable of understanding ARPs?
>> So far the general feedback we've received is that the majority of them
>> have a really hard time really understanding what is happening.
>
> Well, firstly I'm in effect my only user (since things are only in
> development at the moment) so I can't answer the question as put.
>
> My feeling is that users are unlikely to understand the abstract idea of
> an ARP, especially if presented in isolation. So something like "you must
> configure your personal ARP policy before accessing Shib-protected
> resources" isn't going to work.
>
> However I think that an interface that pops up a message during the Shib
> interaction that says something like:
>
>     To let you access the Journal of Applied Confusion website
>     we need to tell it the following things about you:
>
>        Affiliation:            [log in to unmask]
>        Anonymous identifier:   [log in to unmask]
>        Inside leg measurement: 820mm
>
>     Do you want us to:
>
>       a) Do so this one time
>       b) Do this now and for this site in future
>       c) Do this now and for _all_ sites in future
>
> would probably make sense to most users. It also lets them choose the
> trade off between convenience ("Just tell every site what it wants") and
> privacy ("Let me approve every release"). This appears to me to be the
> correct and polite thing to do, and seems to sit well with my (not a
> lawyer) understanding of at least UK data protection legislation which
> seems much more inclined to allow disclosure and transfer of information
> with the data subject's consent than otherwise.
>
> As far as I can see, both ArpViewer and Autograph provide this
> functionality. ArpViewer is a bit simpler and it's what I'm currently
> investigating; Autograph has additional functionality but won't work with
> my IdP out of the box, due to Java and Shibboleth version issues (though I
> expect they could be resolved).
>
> I'm still interested in hearing from anyone in the UK who is using or
> considering using either of these products or anything similar.
>
> Jon.
>
> --
> Jon Warbrick
> Web/News Development, Computing Service, University of Cambridge
>