On Tue, 10 Mar 2009, John Paschoud wrote:
> ...
> It was certainly the experience of the JISC FLAME Project (final reports
> due out end-March) that neither ShARPe/Autograph (from MAMS), nor
> ArpViewer (from SWITCH, now restyled as uApprove to work with Shib v2)
> actuially provided user interfaces that genuinely enabled end-users to
> give *informed* consent.
I'd agree, at least as far as the 1.3-compatible version of ArpViewer that
we are using is concerned. In nearly two years of operation, no one (and
that includes immediate colleagues) has queried or commented on the 'We
are about to release the following information about you' screen. Users
quickly realise that not approving release amounts to cancelling their
request and so learn to click OK instead. I'm not convinced that this is
'informed consent' either, but id does suggest that people are not nearly
as worried about information disclosure as we might think.
What I want is a plugin for the Internet2 IdP that will show users the
attributes and values that are about to be released, indicating those that
are required and so will prevent the request proceeding if withheld (ePSA,
for example, when accessing a site licenced e-journal), and those that are
optional but which will enhance their experience (e.g. full name and email
address to save them being asked for them by the target site) and then
give them fine-grained choice about what is actually released. The
attributes and values need to be described in understandable terms:
eduPersonTargetID = [log in to unmask]
isn't good enough, and users need to be able to elect not to be asked this
question again, either for this particular SP, or for these values to any
SP, or ever, or perhaps until the attributes or their values change. And
they need easy ways to go back and change their decisions at a later date.
Oh, and I'd like a pony too...
Jon.
--
Jon Warbrick
Web/News Development, Computing Service, University of Cambridge
|