Solutions seeking problems are not rare, but one is Single Sign-On, including as it is implemented at UWA - for a set of sites that are related but served by different platforms and administrated by different people.
The basic idea is that good passwords (like Bu6aenaiOod7cai0) can be hard to remember for intellectual weaklings. If you have a bunch of disparate websites which people need to access, you can make it easier by letting them use the same password to log on. SSO does this by redirecting users to a special page which logs them into all these systems at the same time. This is a massive technical oversimplification, but it's the user's impression that actually matters here.
Unfortunately, the SSO bit is not what solves the problem of remembering lots of different good passwords. Shared or centralised authentication does that just fine, which is why most systems and networks at UWA use the "Pheme" password.
As far as I can tell, SSO solves the problems of "I get tired of typing my password in" or "I can't remember how to enter my password". If your users are complaining of the first problem, you should probably reduce the complexity of your web presence. If your users are complaining of the second problem, they may not be ready for computers.
I mentioned this to a few people at the Uni's website office (who weren't directly involved with the SSO project, but thought it was pretty ace), and immediately discovered the kicked puppy look. SSO is pretty sexy stuff for Web developers, and it allows people to talk about exciting things like identity and trust rather than boring things like IE6 positioning bugs. Unfortunately, it's harder to do properly and costs more money, and I'm not convinced the benefits are worth it, because it doesn't solve problems people have. Am I missing something? Is there some glaringly-obvious UI hole that SSO fills?
Another problem from a user-experience perspective is that SSO might help train people to responding to phishing, because they get used to the idea that when they log in they are sent to a page that looks completely different and is on a different web address with a long and complex URI. Phishing has been the subject of much discussion within the OpenID community, which is an SSO tool for the wider Internet.
What's also annoying is that I'm pretty sure someone already made this exact argument, but I can't remember where I read it. There's a reasonable critique of SSO for the wider Internet as opposed to closely-related sites in a two-part TechNet Magazine article, on Identity is Hard and Ways to make SSO good (my titles), though it gets a bit technical.
There are, predictably, technical and political problems with the idea of site-local SSO, as well as in the implementation - don't use UWA's on an insecure network! - but it's the core idea that it solves a problem nobody has that bugs me the most.
2 comments
James :: Tuesday, July 14th
Tried the new webmail yet?
ren :: Tuesday, July 21st
and why the f*%& doesn't it actually let me sign into the MOST USEFUL of ALL university platforms, WebCT?!!?!?!?! it's the same damn password goddammit!!!
dadams, what is WRONG with the university, please tell me, please explain. i love my university, but why oh why does it do such STUPID THINGS.
