(potential) Code of Practice for "systems" using Raven: Difference between revisions
(Assorted re-wording suggestions) |
(tidied up) |
||
Line 1: | Line 1: | ||
Experience shows that it is easy for users to become confused when the Raven protection for a web site doesn't behave the way that they expect. It would be very useful for | Experience shows that it is easy for users to become confused when the Raven protection for a web site doesn't behave the way that they expect. It would be very useful for all concerned if administrators of any system that uses Raven for authentication follow a simple code of practice that means they voluntarily: | ||
1) Include on the [[Raven-enabled services]] page a note the system and of the email/phone/webpage-URL/location of a relavent support contact point. This will allow users and Help Desks elsewhere in the university to contact the correct people if problems arrise. | 1) Include on the [[Raven-enabled services]] page a note the system and of the email/phone/webpage-URL/location of a relavent support contact point. This will allow users and Help Desks elsewhere in the university to contact the correct people if problems arrise. | ||
2) Provide a customised webpage that gives the above to users who have sucessfully RAVEN authenicated but can't access the system (e.g. no account, access not allowed, etc.). | 2) Provide a customised webpage that gives the above appropriate local system-support contact details to users who have sucessfully RAVEN authenicated but can't access the back-end system (e.g. no account, access not allowed, etc.). | ||
3) Have a clear "System Unavailable until XXX due to maintenance" message if authentication suceeds but access to the system is not possible, perhaps | 3) Have a clear "System Unavailable until XXX due to maintenance" message if authentication suceeds but access to the system is not possible, perhaps because a back-end system is not available. |
Latest revision as of 11:57, 23 December 2005
Experience shows that it is easy for users to become confused when the Raven protection for a web site doesn't behave the way that they expect. It would be very useful for all concerned if administrators of any system that uses Raven for authentication follow a simple code of practice that means they voluntarily:
1) Include on the Raven-enabled services page a note the system and of the email/phone/webpage-URL/location of a relavent support contact point. This will allow users and Help Desks elsewhere in the university to contact the correct people if problems arrise.
2) Provide a customised webpage that gives the above appropriate local system-support contact details to users who have sucessfully RAVEN authenicated but can't access the back-end system (e.g. no account, access not allowed, etc.).
3) Have a clear "System Unavailable until XXX due to maintenance" message if authentication suceeds but access to the system is not possible, perhaps because a back-end system is not available.