-
Feature
-
Resolution: Done
-
Standard
-
None
-
None
-
None
-
None
-
5
-
Sprint 238
Problem:
OpenId is deprecated and we need to start moving towards different solutions for logging users into the different gateway instances.
Another problem is we don't know our user's preferences for how they would prefer to login to our systems.
Acceptance Criteria:
Create a Google Form Survey as soon as possible to capture information.
Allow responses without authentication (ie, a Google account should not be needed)
Research what makes a good survey.
Describe potential changes, deprecation of OpenID
Seek input on login/provider options.
Consider limiting questions to ~5.
Develop a prototype and seek friendly input (GS, IS, SM, MM)
Iterate from there to refine.
Consider keeping survey "open" for 2+ months.
Add link to survey on CDG/ESG OpenID login page with "we need your input on future direction..."
Explain why we're changing our login mechanism.
Explain that we would prefer to integrate with outside IDPs (google, twitter, github, etc...) because we feel that they are safer.
Explain that the survey is anonymous (unless they provide their email address for questions).
Add links to login page(s) to survey saying that openid is deprecated, and we want their anonymous feedback to determine our future authentication direction.
Ask questions like the following on the survey:
- How would you prefer to login to our system? Online IDP like google, twitter, github? Username/Email Address and Password? Other?
- Which Identity providers do you use? Google, twitter, Github, ORCID, Globus (others)?
- Which Identity providers do you trust? Google, twitter, Github, Others.
- Is it important to you to keep your past account activity (openid) associated with a new account? More or less the question is if folks want to keep their history or not...
- Question/Comment/Concern section with optional email address and we'll reply to any questions as needed.
Note: Shoot for 5 questions or less with easy choices.
Consider: The questions above could be multiple select?
Consider sending the survey to Gary, Ilana, DSET, etc...
Do we need to include discussions with the ucar security folks?
OpenId is deprecated and we need to start moving towards different solutions for logging users into the different gateway instances.
Another problem is we don't know our user's preferences for how they would prefer to login to our systems.
Acceptance Criteria:
Create a Google Form Survey as soon as possible to capture information.
Allow responses without authentication (ie, a Google account should not be needed)
Research what makes a good survey.
Describe potential changes, deprecation of OpenID
Seek input on login/provider options.
Consider limiting questions to ~5.
Develop a prototype and seek friendly input (GS, IS, SM, MM)
Iterate from there to refine.
Consider keeping survey "open" for 2+ months.
Add link to survey on CDG/ESG OpenID login page with "we need your input on future direction..."
Explain why we're changing our login mechanism.
Explain that we would prefer to integrate with outside IDPs (google, twitter, github, etc...) because we feel that they are safer.
Explain that the survey is anonymous (unless they provide their email address for questions).
Add links to login page(s) to survey saying that openid is deprecated, and we want their anonymous feedback to determine our future authentication direction.
Ask questions like the following on the survey:
- How would you prefer to login to our system? Online IDP like google, twitter, github? Username/Email Address and Password? Other?
- Which Identity providers do you use? Google, twitter, Github, ORCID, Globus (others)?
- Which Identity providers do you trust? Google, twitter, Github, Others.
- Is it important to you to keep your past account activity (openid) associated with a new account? More or less the question is if folks want to keep their history or not...
- Question/Comment/Concern section with optional email address and we'll reply to any questions as needed.
Note: Shoot for 5 questions or less with easy choices.
Consider: The questions above could be multiple select?
Consider sending the survey to Gary, Ilana, DSET, etc...
Do we need to include discussions with the ucar security folks?
- relates to
-
-
- Done
-