1. Federated Access Management
a triumph of technology over usability?
Andy Powell
@andypowe11

2. Usability 101
“the study of the ease with which
people can employ a particular tool or
other human-made object in order to
achieve a particular goal” (Wikipedia)

3. A framework for usability
• learnability: how easy is it for users to accomplish basic
tasks the first time they encounter the design?
• efficiency: once users have learned the design, how
quickly can they perform tasks?
• memorability: when users return to the design after a
period of not using it, how easily can they re establish
proficiency?
• errors: how many errors do users make, how severe are
these errors, and how easily can they recover from the
errors?
• satisfaction: how pleasant is it to use the design?

4. Improving privacy and security
• usability not just about „ease of use‟
• poor usability may lead to poor security
and/or loss of privacy (where user is
confused about which server they are
interacting with)

5. Discovery, access and use
• with federated access
management, “usability” covers a lot of
ground
• from discovery (Google search vs.
institutional portal)
• …thru access… (the publisher‟s website)
• to use (having the thing on your desktop)

6. Even „access‟ spans multiple players
• the publisher‟s website
• the federation WAYF service (in some
cases)
• the institutional identity provider (IdP)

7. From perspective of the user
• (and the user‟s institution)
• the institutional IdP is always the same
• but every publisher website has different
look and feel (for login)
– some use the WAYF, some don‟t
• not easy for the institution to provide „help‟
documentation that covers all cases

8. From perspective of the publisher
• every user sees the same website
• but each user has different IdP (and
possibly WAYF)
• not easy for the publisher to provide „help‟
documentation that covers everyone

9. And… wider context
• need for global publishers to
accommodate multiple
„academic‟ federations
• need for publishers to handle
non-academic audiences (local
usernames/passwords, pay-per-view, etc.)
• need for publishers to handle social media
(Facebook, Google, Twitter, etc.)

10. 3 examples…
• of current practice

14. Browser interaction
• much of the functionality we‟ve just seen needs
browser support
– cookies
– Javascript
– password retention
• how much of this is consistent across multiple
sites?
• what implications does the new EU cookie
directive have?

15. „Ongoing‟ work…
• the usability of federated access management is an
evolving area…
• back in 2009, JISC commissioned a “Publisher Interface
Study” by Rhys Smith at Cardiff
– improved WAYF
– embedded discovery module for Shibboleth (by Rod Widdowson,
Steading System Software)
• Kantara Universal Login Experience (ULX) Working
Group
• NISO ESPReSSO group – recommendations just out
• Google

17. Conclusions
• usability across federated login is hard
• in distributed systems, usability often has to
emerge over time – we still seem to be waiting!
• variety of practice by today‟s publishers
• variety of exploratory work in progress
• no longer just an „academic‟ problem (c.f.
Google work)
• at Eduserv, we are watching this space

18. Recommendations
• „Athens‟ is a loaded term and we need to
agree how/if/when it should be used
• „Shibboleth‟ and „OpenAthens‟ refer to
technologies and probably should NOT be
used in user-facing text
• we‟d make some simple progress by all
agreeing consistent use of terminology
– „login‟, „institutional account‟, …