* Heather Flanagan hlf@sphericalcowconsulting.com [2020-10-09 15:54]:
I’m not sure if you’re asking a question about what Clarivate is doing, if you’re asking if anyone has knowledge of other similar patterns, or if this is just an FYI?
What Davide described to me more sounded like, well, almost like a breach of contract:
Institutions have been releasing limited data to the service provider ("attributes", via "identity federation") to signal to the service provider that a person should be permitted to access resources under an institutional license. It is my understanding that has been working for many years, same as with dozens and hundreds of other services.
Now (or since whenever this was changed) members of those same instiutions are promoted/forced to register a local account even after successfully completing the federated login! So remote access (via federation) is now broken -- it is no longer sufficient to provide access -- unless one registers Yet Another Account.
On top of that, experience suggests that a significant percentage of those subjects will then enter (i.e,, "re-use") their *institutional* credentials (passwords) when forced to register for a local account at gunpoint -- a process only made worse by the connection/assotiation with the familiar/"safe" federated login process that just happened.
Does the above provide sufficient reading-between-the-lines for folks here to raise some eyebrows?
-peter