On Tue, 12 Jun 2007, Chad La Joie wrote:
> Jon, have you found that your users are capable of understanding ARPs?
> So far the general feedback we've received is that the majority of them
> have a really hard time really understanding what is happening.
Well, firstly I'm in effect my only user (since things are only in
development at the moment) so I can't answer the question as put.
My feeling is that users are unlikely to understand the abstract idea of
an ARP, especially if presented in isolation. So something like "you must
configure your personal ARP policy before accessing Shib-protected
resources" isn't going to work.
However I think that an interface that pops up a message during the Shib
interaction that says something like:
To let you access the Journal of Applied Confusion website
we need to tell it the following things about you:
Affiliation: [log in to unmask]
Anonymous identifier: [log in to unmask]
Inside leg measurement: 820mm
Do you want us to:
a) Do so this one time
b) Do this now and for this site in future
c) Do this now and for _all_ sites in future
would probably make sense to most users. It also lets them choose the
trade off between convenience ("Just tell every site what it wants") and
privacy ("Let me approve every release"). This appears to me to be the
correct and polite thing to do, and seems to sit well with my (not a
lawyer) understanding of at least UK data protection legislation which
seems much more inclined to allow disclosure and transfer of information
with the data subject's consent than otherwise.
As far as I can see, both ArpViewer and Autograph provide this
functionality. ArpViewer is a bit simpler and it's what I'm currently
investigating; Autograph has additional functionality but won't work with
my IdP out of the box, due to Java and Shibboleth version issues (though I
expect they could be resolved).
I'm still interested in hearing from anyone in the UK who is using or
considering using either of these products or anything similar.
Jon.
--
Jon Warbrick
Web/News Development, Computing Service, University of Cambridge
|