Comment Details - National Information Standards Organization

#00121 Comment Details - RP-11-201x_ESPReSSO_for_comment.pdf

Document Information
Title	ESPReSSO: Establishing Suggested Practices Regarding Single Sign-On
File Name	RP-11-201x_ESPReSSO_for_comment.pdf	State	Draft
Date Added	2011-05-22 18:46:54	Revision Number	0
Submitter Name	Cynthia Hodgson	Size	1MB

Comment Information
Summary	Some observations	State (Disposition)	New (Unresolved)
Date Added	2011-06-21 13:45:38	Last Updated	2011-06-21 13:45:38
Submitter Name	Paola Laguzzi	Assigned To	Unassigned
Company Name	Università degli Studi di Torino	Response	None
Interest Category		Category	N/A
Origin	Public Review	Section, Page, Line
Item		Item Description

Submitter Comment
Following the reading of documents " ESPReSSO: Establishing Suggested Practices Regarding Single Sign-On", below some observations: * The login page provided by the IDP should contain information about who it is needed to contact in case of authentication problems. In the document we have found no mention of this aspect; * The Menu Page Institution lists all the SPs that are available to the organization. This is a sort of list of links to various publishers, journals, e-books, etc. ... In general, a page that collects all available SP organization, may also collect other user information such as: the service provider, If possible, who can use the service (in the case of academics, whether the service is aimed at students or staff, or teachers, etc. ...) * In the document we have found no mention of error messaging (e.g. in case the user enters the wrong username or pwd, the error message should be different from the case of a user entering the right credentials but having no authorization to access the service).

Submitter Comment

Following the reading of documents " ESPReSSO: Establishing Suggested Practices Regarding Single Sign-On", below some observations:

* The login page provided by the IDP should contain information about who it is needed to contact in case of authentication problems. In the document we
have found no mention of this aspect;
* The Menu Page Institution lists all the SPs that are available to the organization. This is a sort of list of links to various publishers,
journals, e-books, etc. ... In general, a page that collects all available SP organization, may also collect other user information such as:
** the service provider,
** If possible, who can use the service (in the case of academics, whether the service is aimed at students or staff, or teachers, etc. ...)
* In the document we have found no mention of error messaging (e.g. in case the user enters the wrong username or pwd, the error message should be
different from the case of a user entering the right credentials but having no authorization to access the service).