Comment Details - National Information Standards Organization

Comment #00121 - Some observations - RP-11-201x_ESPReSSO_for_comment.pdf

<< Previous Comment in Document | Next Comment in Document >> Document Details

Comment 121

New (Unresolved)

ESPReSSO: Establishing Suggested Practices Regarding Single Sign-On (Revision 0)

Comment Submitted by Paola Laguzzi 2011-06-21 13:45:38	Following the reading of documents " ESPReSSO: Establishing Suggested Practices Regarding Single Sign-On", below some observations: * The login page provided by the IDP should contain information about who it is needed to contact in case of authentication problems. In the document we have found no mention of this aspect; * The Menu Page Institution lists all the SPs that are available to the organization. This is a sort of list of links to various publishers, journals, e-books, etc. ... In general, a page that collects all available SP organization, may also collect other user information such as: the service provider, If possible, who can use the service (in the case of academics, whether the service is aimed at students or staff, or teachers, etc. ...) * In the document we have found no mention of error messaging (e.g. in case the user enters the wrong username or pwd, the error message should be different from the case of a user entering the right credentials but having no authorization to access the service).

Comment Submitted by
Paola Laguzzi
2011-06-21 13:45:38

Following the reading of documents " ESPReSSO: Establishing Suggested Practices Regarding Single Sign-On", below some observations:

* The login page provided by the IDP should contain information about who it is needed to contact in case of authentication problems. In the document we
have found no mention of this aspect;
* The Menu Page Institution lists all the SPs that are available to the organization. This is a sort of list of links to various publishers,
journals, e-books, etc. ... In general, a page that collects all available SP organization, may also collect other user information such as:
** the service provider,
** If possible, who can use the service (in the case of academics, whether the service is aimed at students or staff, or teachers, etc. ...)
* In the document we have found no mention of error messaging (e.g. in case the user enters the wrong username or pwd, the error message should be
different from the case of a user entering the right credentials but having no authorization to access the service).

Submitter Proposed Solution

Submitter Proposed Solution

Title	ESPReSSO: Establishing Suggested Practices Regarding Single Sign-On
File Name	RP-11-201x_ESPReSSO_for_comment.pdf	State	Draft
Date Added	2011-05-22 18:46:54	Revision Number	0
Submitter Name	Cynthia Hodgson	Size	1MB

Summary	Some observations	State (Disposition)	New (Unresolved)
Date Added	2011-06-21 13:45:38	Last Updated	2011-06-21 13:45:38
Submitter Name	Paola Laguzzi	Assigned To	Unassigned
Company Name	Università degli Studi di Torino	Response	None
Interest Category		Category	N/A
Origin	Public Review	Section, Page, Line
Item		Item Description

Comment #00121 - Some observations - RP-11-201x_ESPReSSO_for_comment.pdf

Document Information

Comment Information