Has any though been given to a ukfederation branding? I've had a go at using the shib logo to try and "brand" the experience and our login has had the shib gryphon on it for a year or so. This is an effort to try and get some visual cues to the user to try and tie the "goto site >> redirect >> wayf >> login >> redirect >> back to site" process together by having some kind of consistent graphic on it. I know the issues about site trust and users should be looking at ssl certs to know they are loggin in at a proper site and not a phising scan. Realistically most of users operate at the visual level of "this looks kosher" and will continue to do so no matter how much we tell them not to. A graphic or branding would help. I'de like to stick a "member of the uk federation" branding on our login page. This would go a longer way in educating users that they are part of the ukfederation than any email or web page explanation will ever achieve. I'm going to write the pages and send the emails anyway but the branding would be the successful method. Regards Cal >-----Original Message----- >From: Discussion list for Shibboleth developments [mailto:JISC- >[log in to unmask]] On Behalf Of Sean Dunne >Sent: 06 July 2007 14:34 >To: [log in to unmask] >Subject: Re: user logon experience [was: Federation gateways - using TRLs] > >> >> > With so many possible variants of authentication >> > methods (Classic Athens, AthensDA, UK Federation via >> institutional IdP, UK >> > Federation via Athens-to-Shibboleth gateway, non-UK >> Federation), many >> users >> > would just not know which login button to choose in the >> first scenario. >> > Describing how the user should choose correctly would be a >> nightmare. >> >> Yes, in the abstract. However, isn't any particular user likely >> to be told (locally on site) to "do <this>" to access a particular >> resource? >> > >I think we should try to make things as clear for the users as possible, >and not rely on them having been told to follow a route that they don't >necessarily understand. Would any user understand why they had to change >from using an "Athens" button to a "UK Federation" button when the SP >removed their native Athens interface and their institution started using >the Athens-to-Shibboleth gateway, only to be taken back (eventually) to >the same Athens login page ? > >> > It's likely that we will adopt the solution of a customised >> WAYF for all >> > users for remote login to the MIMAS CrossFire service when >> we release the >> UK >> > Federation route to CrossFire shortly. We will have to keep >> a record of >> > which institutions are using which authentication route so >> that we can >> > present the correct one to the user, but that's not too >> difficult with a >> > service like Crossfire where we have a limited number (about 80) of >> > subscribing institutions. >> >> Are you in the happy position that each institution is guaranteed to >> want to use only one access mechanism at a time? E.g., consider >> an institution where most users are using Athens but they have a >> pilot-stage Shibboleth IdP as well, and they want to be able >> to use both. >> "Knowing" the required access mechanism for the University of X from >> a list implies there is only one. That was one reason we didn't go >> for an Athens-enabled WAYF like this. >> >> Fiona. >> >> > >In that case we could just add e.g. "<institution name> (Shib test)" as >an additional entry in our customsied WAYF. > >Sean