1. It seems like this is very library-oriented. We're also using the federated SSO to broker access to a large number of internal services, both for research and administrative uses. Most of the access scenarios and recommendations are the same in the non-Library context, but it would be nice to see an acknowledge that there are these other contexts, and the the SSO can apply more broadly to institutional authentication needs.
2. Among the user interface recommendations, it would be good to see a reminder that these forms and pages need to be designed with accessibility in mind. For example, it is not obvious that branding of the IdP login page that effectively informs sighted users which credentials to use would necessarily also work well for visually impaired users. Though accessibility is orthogonal to the point of the paper, given the current legal activity around accessibility, a gentle reminder to the reader may be appropriate.
3. in Section 4.5.2, Institution Menu Page, what about the case where someone from a different institution uses our menu pages and goes to an SP with our session initiator? They wind up at our IdP login page, with no way to get to their institution's login page. Should there be a way to bail out and go to the SP discovery page? |
