The Jira instance that several IS&T projects have been using has entered the MIT Touchstone pilot. If a user does not present an MIT certificate when logging in, a user will then have the option of using MIT Touchstone for authentication. (https://jira.mit.edu)
This is the same integration approach that Stellar has used during the initial introduction of the pilot.
This approach does introduce a usability issue. When a user transitions from one Touchstone enabled application to another, since the applications are still handling certificates internally, and prior to providing access to Touchstone, a user doesn’t get a smooth single sign on experience. In general the user will first have to click so that a certificate is not presented, then the user has click on the Touchstone choice. They will not have to re-authenticate, but they do have to click twice to actually reach the web page that they were trying to access.
This usability problem is likely to persist through most of the MIT Touchstone pilot unless we change are approach to the pilot.
One issue is that we don’t want the pilot to be a potential critical failure point for an application, until we have significant operational experience. This means that most pilot applications will continue to handle certificates internally, prior to exposing the user to Touchstone.
The second issue is that during the pilot we must let users of the local accounts an entry point within the application. As the collaboration accounts management system component enters the pilot, we must determine the order of options presented to the users.
We must understand at what point can we make Touchstone the default authentication mechanism for a given application?
0 responses so far ↓
There are no comments yet...Kick things off by filling out the form below.
You must log in to post a comment.