* Heather Flanagan <hlf@sphericalcowconsulting.com> [2020-10-09 15:54]:
> I’m not sure if you’re asking a question about what Clarivate is
> doing, if you’re asking if anyone has knowledge of other similar
> patterns, or if this is just an FYI?
What Davide described to me more sounded like, well, almost like a
breach of contract:
Institutions have been releasing limited data to the service provider
("attributes", via "identity federation") to signal to the service
provider that a person should be permitted to access resources under
an institutional license. It is my understanding that has been working
for many years, same as with dozens and hundreds of other services.
Now (or since whenever this was changed) members of those same
instiutions are promoted/forced to register a local account even after
successfully completing the federated login!
So remote access (via federation) is now broken -- it is no longer
sufficient to provide access -- unless one registers Yet Another
Account.
On top of that, experience suggests that a significant percentage of
those subjects will then enter (i.e,, "re-use") their *institutional*
credentials (passwords) when forced to register for a local account at
gunpoint -- a process only made worse by the connection/assotiation
with the familiar/"safe" federated login process that just happened.
Does the above provide sufficient reading-between-the-lines for folks
here to raise some eyebrows?
-peter
_______________________________________________
FIM4L mailing list
FIM4L@lists.daasi.de
https://urldefense.com/v3/__http://lists.daasi.de/listinfo/fim4l__;!!OToaGQ!-ey4Ie7TXVQcH_M-d9qnoPlK27imxssonnUzkvyvhla4pQSTCQTi64P3mna5sqNBj5c$