Library site CAS SSO decommisioning

[kenoir]

Things we need to understand:

• What will the "login" button on wellcomelibrary.org point at?
• What does the user registration flow look like without CAS SSO.
• Will DLCS/DDS authenticated items be affected?
• Will existing services be affected during any change to remove CAS SSO and for how long (determine with III).
• Will UV 'bookmark' functionality need to be deprecated or shut off in UV config?
• Will social login for digitised content be affected?
• If so, can we provide registered users with a list of their bookmarked items?
• What UI changes need to be made to: - https://account.wellcome.ac.uk/manage/ - https://account.wellcome.ac.uk/manage/register?service=https://wellcomelibrary.org/ - https://account.wellcome.ac.uk/manage/link - https://account.wellcome.ac.uk/manage/view
  • https://catalogue.wellcomelibrary.org/patroninfo/{id}/ (if bookmarks removed)
  • https://wellcomelibrary.org/account/
• Which of the above will no longer be required?

Things we need to do:

• Ensure the search on wellcomelibrary.org takes you to https://search.wellcomelibrary.org/
• Ensure domain name changes & server updates happen together
• Ensure restricted/closed content in UV can still be accessed with library card
• Ensure sign-up link on (https://wellcomelibrary.org/using-the-library/joining-the-library/) doesn't take you to account.wc.

Things we need to communicate:

• All registered users who have saved digitised items in UV, to inform that service will no longer be available, and to offer opportunity to get a list of their saved items. (If necessary at this stage)
• On website with alert, to inform people who have saved digitised items in UV. Create new content page to explain change and privacy benefits.
• Library staff: explain reason for change; highlight any new UI or processes

[pollecuttn]

@kenoir These are what we did when switching to SSO. Things have moved on since 2015 so it's not a case of doing this in reverse order but it should help identify things to think about esp around DNS changes and the impact to Sierra and other library systems https://wellcomecloud.sharepoint.com/:w:/r/sites/it/libsys/Archive/WDL%20systems/Authentication%20-%20keep/2014%20Full%20Single%20Sign%20On/Go%20live/SSO%20go%20live%20steps.docx?d=w9f26b25b05a44c699e6b2df4b52a5e98&csf=1&e=EGfPv6

[jennpb]

Additional considerations added to description.

[kenoir]

@jennpb do you have access to the CMS for https://wellcomelibrary.org/? Could you update the links pointing to account.wc? For pre-registration.

[jennpb]

Yes, I do, and yes, that's easily done.

[tomcrane]

Access control, DLCS, DDS, CAS SSO

The DDS and wl.org web sites are both clients of SSO via the CAS protocol.

Prior to SSO, wl.org performed some account self-management functions that have now been removed. It really now just services bookmarks, and to allow login from (it seems to the user) any part of the *.wl.org site(s).

The DDS and DLCS interaction is more complex. Through attribute release the DDS acquires information about the user's Sierra Patron account, including their role membership (can they see Clinical Images? Can they see Restricted Images?)

That is, for a logged-in user, the DDS knows what roles they are in. So far, so good. But the DLCS is independent of the DDS. It serves assets without knowing anything about the web site that interaction was launched from.

When the DDS (or anything else) registers an image with the DLCS, it can also associate one or more roles with the image record. These are properties of the image in the DLCS. They are just strings, and they fall into two categories:

• Members of the first category must be configured as belonging to that category. These are roles that the DLCS can enforce itself, without help from any other system. The "Clickthrough" role is in this category - the DLCS can enforce Clickthrough without ever having to know who the user is.
• All other Wellcome roles are members of the second category - they require that the DLCS establish its own cookie-based session for the user. In order to do that, the DLCS delegates to a configured Role Provider - which in this case is the DDS.

Assume in this flow the user isn't logged into anything to start with. If they are, some of this will be avoided through short cuts. This flow bridges the IIIF Auth interaction patterns with a third party auth service (in this case, the CAS protocol, but it could be anything).

Implications

...to be discussed.

Links to account.wellcome.ac.uk

There are links to account.wellcome.ac.uk here, too (this is Sierra - these live in an editable template) in Sierra somewhere...

[tomcrane]

Addressing the initial points, there are two separate things to consider.

If we remove the SSO Server completely, there will no way to view clinical or restricted material without further development (to provide the DLCS with an alternative means of role acquisition - knowing whether a user has "healthcare pro" or "library staff" in their roles). The DDS provides this service for the DLCS, via its SSO relationship with account.wellcome.ac.uk (which is configured to release roles (attributes) to DDS - the diagram above).

But we can remove wellcomelibrary.org from the single sign on services - that is, make it an auth-free zone, it's just an all-open web site. It can't participate in SSO, therefore it can't know whether the user is logged in on catalogue.wl.org or search.wl.org, therefore it should probably completely dispense with the login/logout/my lib acct UI in the top right.

I would need to do some initial investigation before I could estimate what this would take.

• What will the "login" button on wellcomelibrary.org point at? If it's there at all it will point at the new Innovative login page. But because the library web site won't be able to learn about the user's login status on Encore/Catalogue, maybe it shouldn't be there at all.

• What does the user registration flow look like without CAS SSO. Not sure as we can't see this "native authentication" until disabling SSO, but it will be entirely managed within Innovative user interface. The SSO new user UI does more things to create accounts the way we want them than the older Innovative UI did, so we need to find out exactly what this experience is like now in III products and what info it asks for.

• Will DLCS/DDS authenticated items be affected? Yes. Not clickthrough, but the small number of clinical and restricted items. Hence need to maintain SSO until a DDS re-work.

• Will existing services be affected during any change to remove CAS SSO and for how long (determine with III).

• Will UV 'bookmark' functionality need to be deprecated or shut off in UV config? Yes.

• Will social login for digitised content be affected? Not really for viewing, as clickthrough stuff no longer requires any form of account. That is, viewing archive material doesn't need a social login (it did for a while early on), but attempting to bookmark any material does require a social or library login.

• If so, can we provide registered users with a list of their bookmarked items? Yes, we can do this - as a nice HTML page with working snippets, emailed to them

• What UI changes need to be made to: https://account.wellcome.ac.uk/manage/ https://account.wellcome.ac.uk/manage/register?service=https://wellcomelibrary.org/ https://account.wellcome.ac.uk/manage/link https://account.wellcome.ac.uk/manage/view https://catalogue.wellcomelibrary.org/patroninfo/{id}/ (if bookmarks removed) https://wellcomelibrary.org/account/

• Which of the above will no longer be required? Maybe none of them for regular library use, as registration, general account management would happen through Innovative's "my account" rather than Wellcome's account.wellcome.ac.uk. I don't know what the Innovative equivalent looks like.

[louisesimon]

Hi

Responding to a couple of Tom's points above:

Tom: What does the user registration flow look like without CAS SSO?

Some of the workflow can be seen in the Sierra test environment as it doesn't use SSO. III have set-up the III Library CAS post-SSO authentication.

a) Pre-registration - https://test.catalogue.wellcomelibrary.org/selfreg This page (the self-reg form) already exists from pre-SSO days. If you register this way, your details get saved to Sierra, but not to SSO CAS (desired behaviour). I presume this is not a true test though because the SSO CAS is not currently communicating with the test Sierra environment. At present email hasn't been set-up on the test server, so I don't receive email confirmation. I need to check what the complete workflow is for this. And what are the compulsory fields and what is the unique field (email address, I think).

b) Full registration process at Admissions Desk I have tested this from the desk and am able to register and create a library card using the current production environment without SSO CAS (ie it is not using the test Sierra environment):

I have reverted back to pre-SSO procedure which is still in place. In the scenario below, registration begins in ID Works rather than SSO CAS. High overview:

Check Sierra for existing record 1) Search by surname in Sierra:

a) If no record is found proceed to Creating a New Card. b) If there is an existing record on Sierra proceed to Renewal.

Creating a new card

1. In IDWorks complete the template fully from the registration form.
2. Capture the image.
3. Print the card. This automatically generates a new unique barcode, there is no need to choose whether or not to print a new barcode.
4. Printing the card automatically saves the record into Sierra.
5. Retrieve record in Sierra and complete address, email details etc

Renewal 1) Retrieve existing record in Sierra. 2) Update their Sierra record - expiry date, and any changes to address, email etc 3) Retrieve into ID Works (cut and paste the p-number/barcode from Sierra) 4) Print the new card.

ID Works communicates with Sierra via III's Patron Update Web Service - https://libsys.wellcomelibrary.org:843/iii/patronio/services/PatronIO?wsdl

When the card is printed, it saves into Sierra. It is not in CAS.

[tomcrane]

The version of the Library site deployed to https://library-uat.wellcomelibrary.org/ no longer has an authentication module in its HTTP request pipeline.

This means you can't authenticate; the site no longer has a notion of a user, you are always anonymous.

I have made various changes to deal with this, including removing login calls to action.

Another change is to https://library-uat.wellcomelibrary.org/account, which is no longer a protected page - but could instead explain what happened to your bookmarks (the content is managed in the CMS).

I have disabled the Add to bookmarks call to action in the UV.

Testing locally with the DDS pointing at the live storage service, I can verify that this works. However, the library-uat DDS points at the staging storage service, which makes this tricky to test because there aren't that many works in the staging storage. I was testing locally with https://library-uat.wellcomelibrary.org/item/b28079607 but this item is not available in staging storage (it could be pushed there, though).

UAT testing Goobi workflows requires that UAT uses staging storage, but testing the library site without SSO requires that UAT uses production storage, so you can still see everything.

These two variants are supported by the dashboard on various ports, but I'll need to prepare another environment to test this new combination of wl.org without SSO, DDS with SSO, and production storage, unless we don't need Goobi testing for a bit.

Either way, the library site itself (the non-DDS bit) is testable without SSO on https://library-uat.wellcomelibrary.org/.

(note to self for later - the branch no-sso-wlorg is configured for the "Ecosystem-Branch" deployment in TeamCity).

[louisesimon]

Hi Tom

You said: "Either way, the library site itself (the non-DDS bit) is testable without SSO on https://library-uat.wellcomelibrary.org/."

I'm presuming that you're referring to testing of the library site elements, not the Sierra elements - ie requesting holds etc? When I go to the webpac from https://library-uat.wellcomelibrary.org/ I get taken to the live webpac.

So, if III have modifed test.catalogue.wellcomelibrary.org to replicate the library CAS authentication (post SSO), how does that get integrated with your library-uat site? Or does it remain separate and we test the Sierra functionality on the Sierra test server?

Secondly, can you clarify for my benefit the authentication of the bookmarks. If we previously had to log into the library website in order to bookmark images from the UV, why is this a problem now with the new encore/SSO environment? Aren't we requiring users to do the same as before the change?

Thanks Louise

[louisesimon]

hi Tom, Robert

What is your availability before Christmas for a catch-up to discuss next steps?

I want to make sure that I'm clear about the test environments (my questions above) and what are the remaining tasks so that we can schedule the changes required with III and Platform Technology (infrastructure).

Thanks Louise

[louisesimon]

Hi all

For info, I'm attaching a high level summary that I created for my D&T team. It includes an overview of the broad pieces of work identified.

Louise SSO problem.docx

[tomcrane]

The work I have done above removes single sign on functionality from the wl.org site in anticipation of its imminent retirement, rather than convert it to use III's CAS-like endpoint instead of the SSO service.

That is, it's looking to shut bookmarks down, not keep them but with a different auth provider. It makes the wl.org site an anonymous site.

Prior to SSO and DLCS, when the wl.org site and DDS did all of user management, access control and asset delivery, they used III's CAS-like protocol (there were a couple of gaps) but also relied on obtaining specific data about the user from Sierra via the Patron API. It was never just III's SSO mechanism. That code was written mostly in 2012.

When SSO arrived that code got stripped out, and the DDS and wl.org sites used a compliant CAS protocol and attribute release mechanism to acquire user information. However, the DDS does still call the Patron API to get specific further information (is the user a healthcare professional? Are they staff?).

Converting it all to use III SSO would only be feasible now if the III service was completely CAS compliant, and supported attribute release with the same patron attributes released by SSO. I would need to do some work to assess this.

We could just change the CAS configuration to point to III again instead of SSO and see what happens but I would need to allocate some time to assess the result. What version of the CAS Protocol is supported by the III endpoint?

[louisesimon]

Hi Tom

Thanks. I'll ask III about which version of the CAS Protocol is supported.

Understood what you say about shutting down the bookmarks to make wl.org an anonymous site going forward. And for clarity, we are talking about the 'Add to bookmarks' feature in the UV, aren't we? Sorry to labour the point, but my question is about these bookmarks on the current live site. One of the concerns about the new Encore/SSO environment was that it would force users to login to look at 'bookmarks'. I presume that we are not talking about these UV bookmarks (as they always did require authentication), but instead we are talking about bookmarked pages like this: https://search.wellcomelibrary.org/iii/encore/record/C__Rb2804734. There are no other 'bookmarks' impacted by the Encore/SSO https change, are there?

It's a terminology thing and I just want to ensure that I understand what the impact of the new set-up has been.

Thanks Louise

[tomcrane]

Ah sorry, yes - I'm talking about UV bookmarks not Sierra bookmarks. The latter were always out of the scope of the wl.org site. Sorry about the confusion.

[louisesimon]

Hi Tom

I am awaiting an update from III about the version of the CAS Protocol (the lead engineer is back in the office on Monday).

In terms of testing, is this where we're at?:

1) https://library-uat.wellcomelibrary.org/ - is currently an anonymous site. So is testing on this site limited to checking page content for anything that needs updating in terms of new procedures etc?

2) Updating content - is that done via the CMS on the UAT site?

3) If you change the CAS configuration to point to III again instead of SSO, what testing will that enable us to do? Will it allow for testing of Sierra functionality (placing holds, saving searches etc) or just DDS (viewing restricted/clinical images, anything else?)?

4) When we go live, how do the changes in https://library-uat.wellcomelibrary.org/ get pushed out? Is the whole site turned into the live site?

5) Question about: "I have disabled the Add to bookmarks call to action in the UV."
When I search on the UAT site and view an online resource in the UV, I still see the "Add to bookmarks" link (which takes me to SSO account login). Is that what you mean?

Thanks Louise

[louisesimon]

Hi Tom

Re: version of the CAS Protocol - I've had this response from III:

"I believe the CAS used by Innovative for the Innovative library login is Apereo CAS 5.3. I'm not sure if this is the inforrmation required, if not let me know."

Let me know if you need something else.

Thanks Louise

[louisesimon]

Hi Tom

Please could you respond to https://github.com/wellcometrust/platform/issues/4016#issuecomment-565356710 when you have a moment.

thanks Louise

[louisesimon]

Hi all

I've checked with TOm and his next availability for a meeting is Mon 21st Jan.

Natalie, Robert - I'll put something in our calendars to meet before then for a quick catch-up and I'll schedule a second meeting with Tom for 21st Jan.

Tom, if you get a chance, please can you respond to https://github.com/wellcometrust/platform/issues/4016#issuecomment-565356710

You asked about the CAS Protocol - I mention above that the response from III was: "I believe the CAS used by Innovative for the Innovative library login is Apereo CAS 5.3." Let me know if that's not the info you require.

Thanks Louise

[louisesimon]

Hi Tom

Sorry, one other thing. Is it possible to quantify the impact of removing the UV bookmarking functionality e.g. how many people (not Wellcome employees) have used it in the last 6 months?

Thanks Louise

[tomcrane]

There have been 147 bookmarks made since December 1st, and 25 in January.

[tomcrane]

That's 23 distinct users since Dec 1st

[louisesimon]

Hi all

I had a meeting with Jenn yesterday about the Bookmarks. Here's a summary and actions/questions.

1) She thinks providing users with links should be 2-step process:

i) Email to all users with bookmarks saying that they’ve saved links in the past. Shutting down service. If you want your links, please contact us. ii) If they affirm, send list of links. She thinks it should be a list of links rather than packaged in a pdf.

2) The timetable for Bookmarks service shutdown is not reliant on giving users a long notification period. We can give them notice (period TBD), but the bookmark data can be kept indefinitely (TBD). i.e. the service can be shut down, but users can still request their links.

3) All users of bookmarks to be contacted (no matter how long inactive). A previous piece of work in 2018 removed the data of users inactive for over 5 years as part of GDPR so some cleansing has already been done. ACTION: Tom C - Please can you provide total number of distinct users and total number of bookmarks?

3a) Is there any way of contacting users who only logged in with social media?
ACTION: questio for Tom C.

4) Communicating message on Library website before shutdown .
ACTION: LS to discuss with Danny as part of comms strategy.

5) Bookmarks page - https://wellcomelibrary.org/account/ Jenn thinks we should remove all references to this page and make it inactive. For users expecting to see the bookmarks option on their 'My Libraryaccount' page, she suggests a "Looking for bookmarks? - Go here" message. ACTION: Natalie: this is a webpac generated page. Can we discuss?

[pollecuttn]

@louisesimon Re 5. above: yes, just put something in my calendar for a time to go over any/all webpac changes

[louisesimon]

hi all

I met with Simon Demissie and Dave Langrish earlier this week. Their concerns are:

1. The user journey with regard to when and where they see the login option. e.g. they start from WL home page with no login option > they do a search from encore and results page shows what in terms of login options?

We come back to the problem already discussed that the UAT site doesn't give integrated user experience of signing with Sierra CAS.

I think i know what the user should see and can provide a kind of mockup, but is there any mileage in doing further development work on the UAT site integrate it with the Sierra CAS?

@tomcrane Further up this thread you say: "We could just change the CAS configuration to point to III again instead of SSO and see what happens but I would need to allocate some time to assess the result. What version of the CAS Protocol is supported by the III endpoint?" III gave this response: CAS used by III for the Innovative library login is Apereo CAS 5.3.

I'd like to go back to Simon with what is feasible in terms of the UAT site. Please let me know if further developement on the UAT to integrated with CAS is a no-go because of resource/cost factors and I'll look at providing a user journey via screen mockups.

2) Registration process - what authentication/confirmation email do they see? ACTION: LS to provide.

3) Generally that communications for the change is spot on to ensure that users stay with us as part of journey towards new Wellcome Collections website. ACTION: LS to arrange meeting with Danny / SOphie on comms strategy.

Needless to say, the pencilled in implementation date of fortnight beginning 10 Feb will need to be postponed.

Louise

[jennpb]

I had a meeting with Jenn yesterday about the Bookmarks. Here's a summary and actions/questions.

She thinks providing users with links should be 2-step process:

i) Email to all users with bookmarks saying that they’ve saved links in the past. Shutting down service. If you want your links, please contact us. ii) If they affirm, send list of links. She thinks it should be a list of links rather than packaged in a pdf.

The reason why links and not PDF: we can't presume to know how the user wanted to use the item. It may be that they want to go back and download images. It may be that they were just using it as a reference.

We should just be able to send them a list of items saved, in the form of: https://wellcomelibrary.org/item/bnumber

The user journey with regard to when and where they see the login option. e.g. they start from WL home page with no login option > they do a search from encore and results page shows what in terms of login options?

Couldn't we just repurpose the existing homepage LOGIN button and send to the libsys login? That would deal with the problem. I'd suggest changing the button label to My library account

[tomcrane]

I'll respond here by Monday AM if that's OK

[tomcrane]

Stats:

3272 bookmarks made by 632 distinct users. Of these, 129 users have made 5 or more bookmarks, and 24 have made 20 or more. The most bookmarky user has made 335 bookmarks. That's @jennpb.

Please let me know if further development on the UAT to integrated with CAS is a no-go because of resource/cost factors

I think that given the limited lifetime of wl.org, it probably is a no go.

https://wellcomelibrary.org/account/ remove all references to this page and make it inactive.

This was the editorial and template work required in CM7 / wl.org I mentioned. It's not a webpac page - I've done the equivalent for this page on library-uat.wellcomelibrary.org but not in a way you would want any real users to see.

changing the button label to My library account

We can change this when making the template changes above, and anything else that helps avoid confusion. That top-right space used to represent account and login calls to action, but now it doesn't, and needs to look not-broken, for which that text change might be enough.

Agree that PDF not the best way to send people their bookmarks.

The following questions might seem over-complicating the issue but there are several ways in which this could work in practice with varying effort required.

If a list of links, is that just an HTML-body email? Or is it a page hosted on the newly non-access-controlled wl.org with some kind of security-through-obscurity URL like a Google doc? Either way, I assume something like this:

---

Your Bookmarks

Your Folder 1

Bookmark 1

[Thumbnail of selected area, optional] [Link to page and region] The note you made about this bookmark (if you made one)

Bookmark 2

[Thumbnail of selected area, optional] [Link to page and region] The note you made about this bookmark (if you made one)

Your Folder 2

Bookmark 3

[Thumbnail of selected area, optional] [Link to page and region] The note you made about this bookmark (if you made one)

Bookmark 4

[Thumbnail of selected area, optional] [Link to page and region] The note you made about this bookmark (if you made one)

---

These links to wellcomelibrary.org/item/bnumber#page/region are in this case from the site-managed bookmarks but will also work for all the other bookmarks made by people that do the same thing - no matter where they have made them. I assume that there will be a skeleton redirecting app handling wl.org/item page requests, that will take the user to the equivalent view on wc.org...

If I click my bookmark:

https://wellcomelibrary.org/item/b28047345#?c=0&m=0&s=0&cv=160&z=-0.0072%2C0.4929%2C1.1098%2C0.5615

At some point when wl.org is retired, this will get redirected to:

https://wellcomecollection.org/works/km3uczhf/items?canvas=161&sierraId=b28047345&langCode=eng

(which will ignore the specific region, but lands on the right page)

That is, links sent to user for their stored bookmarks, or links anywhere out there on the web, link as now to the UV but can later be redirected to their equivalent wc.org work/canvas page.

Or, the links that get sent to users requesting bookmarks could be made to go straight to the equivalent wc.org page (but archives...)

What's the process of sending the links to those who ask for them?

Is there a dynamic process that generates the HTML email on-the-fly and sends it? Or are you cutting-and-pasting some HTML that was made from the bookmarks in a one-off export and stored somewhere secure? Or both of these - generate the HTML on the fly, for whatever purpose which might include pasting into an email.

Proposal for the non-comms parts of this process, to make this as easy and flexible as possible to service requests from users:

1. I generate an export of all the bookmark data in a form that can be used to generate HTML emails but also can be re-purposed for other uses later if something unforeseen comes up - that is, easy for you do do something else with it.
2. I create a web page not on wl.org but on some other webapp; this is restricted to Wellcome staff; it has access to the bookmark data and will respond with the simplest possible HTML in the format above if given a user's email address.
3. A user requests bookmarks; someone with permission goes to this page, gets the bookmarks for that user's email, and pastes them into a new email message - adding whatever friendly text is required for the context of the enquiry.
4. Option - the web page itself sends the email to the user, with room for a custom message.

[louisesimon]

Thanks, Tom, for this detailed work.

Bookmarks

Proposal for the non-comms parts of this process, to make this as easy and flexible as possible to service requests from users:

I generate an export of all the bookmark data in a form that can be used to generate HTML emails but also can be re-purposed for other uses later if something unforeseen comes up - that is, easy for you do do something else with it.

I create a web page not on wl.org but on some other webapp; this is restricted to Wellcome staff; it has access to the bookmark data and will respond with the simplest possible HTML in the format above if given a user's email address.

A user requests bookmarks; someone with permission goes to this page, gets the bookmarks for that user's email, and pastes them into a new email message - adding whatever friendly text is required for the context of the enquiry.

Option` - the web page itself sends the email to the user, with room for a custom message.

@kenoir @pollecuttn What is your opinion of Tom's proposal. What team would be responsible for doing the leg work of responding when a request for bookmarks is received?

Login Jenn, Tom - are you proposing the Login button on the WL site remains in place but: 1) links to the libsys login (which would only take them to their My Library Account page) 2) That the label changes from 'Login' to 'My Library Account'?

[pollecuttn]

@louisesimon Yes, this is fine. The Platform team will deal with this on an ad hoc basis as/when any requests for this come in.

Ping @jtweed FYI

[louisesimon]

I had a meeting with Simon D, Danny and Sophie yesterday about comms etc.

Like Jenn, they are of the opinion that it would be a better user experience for the existing Login button on the Library homepage to go to the libsys login. As noted this would take them to 'My Library Account' page, but it would only be one click to take them to the library home page. They don't even propose changing the Login button name.

@pollecuttn @kenoir @tomcrane What are your thoughts?

[tomcrane]

All other things being equal I prefer @jennpb's suggestion of "My library account" - as the text of the "Login" button will now never change on wl.org (it doesn't know whether you are logged in "over there") but the call to action in that space will change in the Innovative parts. Depends how you look at it though.

[louisesimon]

@tomcrane So just so that I have this clear.

Currently with SSO, the buttons in top right are: 1) Before login: JOIN / LOGIN

2) After login: MY LIBRARY ACCOUNT / MY BOOKMARKS / LOGOUT

Post SSO, if no change made to button text: 1) Before login: JOIN / LOGIN

2) After login: LOGIN / LOGOUT [with the assumption that MY BOOKMARKS would be removed]

Post SSO, if change made to button text: 1) Before login: JOIN / MY LIBRARY ACCOUNT

2) After login: MY LIBRARY ACCOUNT / LOGOUT [with the assumption that MY BOOKMARKS would be removed]

If the user chose to delay logging in until they reached an Encore search page / webpac/ or were prompted to after clicking to request an item, would that make a difference? i.e. would they be logging in via libsys?

Currently, if you login via libsys: https://libsys.wellcomelibrary.org/ , you see:

1) Before login: JOIN / LOGIN

2) After login: MY LIBRARY ACCOUNT / LOGOUT

ie text changes from Login > My Library account

Thanks Louise

[jennpb]

I imagine it would look like this:

Pre-login

Post-login

[louisesimon]

Thanks for confirmation, Jenn.

@kenoir @pollecuttn Your thoughts? I'd need to run this past LE&E too.

And my question about delaying login until webpac, encore or closed stack requests - if that makes a difference to the buttons they see (ie do they ever get to the libsys version of the buttons)?

[pollecuttn]

Happy to go with what Jenn says.

[louisesimon]

Hi all

Update: 1) Simon Demissie is okay with the text change to the Login button being 'My Library Account'. 2) I've met with Simon, Danny and Sophie to discuss comms.
3) Meeting with Natalie next week to make the webpac changes to staging. 4) As stated above, Platform Technology will send out the Bookmark URL links to users who request them.

Next steps 1) Due to illness etc,I'm still awaiting confirmation of how long the notice period will be for people with Bookmarks. Once decided we can schedule the change with III and D&T. I have a comms meeting next week, all being well, but hope to get an answer before then. 2) @tomcrane How much time do you need to schedule the work on the UAT site login/logout buttons (https://github.com/wellcomecollection/platform/issues/4016#issuecomment-582867583)? That is: i) Re-instate on UAT site (currently anonymised). ii) Change text from 'Login' to 'My Library account' iii) Link the button to https://catalogue.wellcomelibrary.org/iii/cas/login iv) The My Bookmarks link that currently appears after logging in should be removed. 3) Schedule changes with Jenn to Library website CMS (already identified) 4) Comms group will formulate text to go out to users of Bookmarks.
@tomcrane Will you be able to output a list of all the names and email addresses for users of Bookmarks? 5) The Bookmarks page and Links page will need to be removed/made inaccessible. Is that one for you, @tomcrane , or Jenn?

Thanks Louise

[louisesimon]

Notice period for Bookmark users Simon Demissie and Danny Birchall have agreed on 3 weeks notice.

Platform Technology's next sprints are: Sprint 11 06/04 - 17/04 Sprint 12 04/05 - 15/5 (there's a firebreak in between)

Simon and co think that sprint 11 is feasible. If we went with the second week of their sprint (wc/ 14 April because of Easter), does that sound feasible to you all?
@tomcrane - how soon would you be able to output the names and addresses of the users with bookmarks?

Brief summary of tasks for Tom, Jenn, Natalie/Robert before go live: 1) @tomcrane Output names and addresses of the users with bookmarks. 2) @tomcrane to reinstate /make changes to the login button as described in no. 2 of https://github.com/wellcomecollection/platform/issues/4016#issuecomment-591865007DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEK65U7Y#issuecomment-591865007 3) @tomcrane or @jennpb ? Make inaccessible/remove the Bookmarks page and Links page inaccessible. Not sure who this would fall under. 4) @jennpb to make changes to Library website via CM7 (limited to a 4 or 5 URL changes). 5) @pollecuttn @kenoir Digital Engagement to draw up process for sending out Bookmark links to users that request them as outlined by Tom https://github.com/wellcomecollection/platform/issues/4016#issuecomment-581915379 5) Anything else?

N.B. I'm creating a comprehensive task list and will circulate, but just wanted to get feedback from you on whether timeframe for above tasks is realistic.

Thanks Louise

[tomcrane]

Hi all

My tasks, I think:

a) Disable bookmarking functionality in UV (the UI will no longer offer this option). Do you want to warn people that this will be going, or should we just remove it? This is not the same as removing people's access to their bookmarks, just their means of creating new ones. I can do this at short notice, it's basically a UV configuration change.

b) (addressing points 1 and 5 in preceding comment) Create a simple password-protected webapp for internal deployment that:

• lists names and email addresses of users with bookmarks, so they can be contacted
• for each user, links through to a list of those users' bookmarks, so that if one of those users asks for their bookmarks, the Platform team can paste them into an email and send them.

This task does not have any dependencies and can be done before 14 April. It doesn't affect what site users can see or do.

c) (point 2 in preceding comment) This would just say "MY LIBRARY ACCOUNT" always, as there is no post-login state on the CMS-managed parts of wl.org, it will be an anonymous site.

d) (point 3 in preceding comment, specifically https://wellcomelibrary.org/account/) from https://github.com/wellcomecollection/platform/issues/4016#issuecomment-579373838:

Jenn thinks we should remove all references to this page and make it inactive. For users expecting to see the bookmarks option on their 'My Libraryaccount' page, she suggests a "Looking for bookmarks? - Go here" message.

Even if there are no active links to it, people landing here, or any path under it (e.g., if they have bookmarked their bookmarks) will still need to see something. The unfriendly thing would be the standard site 404 page, the friendlier thing would be some editorial content explaining that there's no account-related stuff here any more. This was the mockup I made on library-uat but it needs some template and copy work, although not much.

e) (point 3 in preceding comment, specifically https://account.wellcome.ac.uk/manage/link)

This page is part of the SSO platform; if it is to be removed that would be done by @danielgrant

f) Later (when wl.org is retired), a redirector that works for anyone who has ever bookmarked, cited or otherwise linked to any digitised content on wl.org. Links made by using the wl.org bookmarking feature will be a tiny tiny subset of all the links to digitised material on wl.org in blog posts, tweets, emails, etc. - but they are still regular links so will be handled by this. See https://github.com/wellcomecollection/platform/issues/4016#issuecomment-581373952, about halfway down, for details. Redirects go to the equivalent view on wc.org.

This needs some wider planning as part of the complete retirement of wl.org, so is a separate issue, but needs to be flagged. No point sending someone their bookmarks if the next day is wl.org retirement day and they don't go anywhere.

[louisesimon]

Hi all

Hope you're all well.

So after yet another hiatus of unprecendented magnitude, let's reconvene. Given the 3-week notice for comms to library users, I would like to make the change in Platform Technology's sprint 12 - 2 weeks beginning 4 May (there is a firebreak before this).

With regard to Tom's response above

a) Disable bookmarking functionality in UV (the UI will no longer offer this option). Do you want to warn people that this will be going, or should we just remove it? This is not the same as removing people's access to their bookmarks, just their means of creating new ones. I can do this at short notice, it's basically a UV configuration change.

Yes, we need to warn people that the bookmarking functionality will be going, which will be part of the 3-weeks' notice. Simon D has confirmed that he is still happy to go ahead with the revised schedule./

b) (addressing points 1 and 5 in preceding comment) Create a simple password-protected webapp for internal deployment that:

• lists names and email addresses of users with bookmarks, so they can be contacted
• for each user, links through to a list of those users' bookmarks, so that if one of those users asks for their bookmarks, the Platform team can paste them into an email and send them.

This task does not have any dependencies and can be done before 14 April. It doesn't affect what site users can see or do.

@pollecuttn Would it be DE who would send out the emails? Simon D and Danny are drafting the text of the email which I can provide you with shortly. @tomcrane When would be able to create the webapp? We have a little more leeway now with time. The latest that the message should go out to users is 13 April, but hopefully before that.

c) (point 2 in preceding comment) This would just say "MY LIBRARY ACCOUNT" always, as there is no post-login state on the CMS-managed parts of wl.org, it will be an anonymous site.

@tomcrane Do you make the change on the UAT site and then push to live?

Even if there are no active links to it, people landing here, or any path under it (e.g., if they have bookmarked their bookmarks) will still need to see something. The unfriendly thing would be the standard site 404 page, the friendlier thing would be some editorial content explaining that there's no account-related stuff here any more. This was the mockup I made on library-uat but it needs some template and copy work, although not much.

d)

Even if there are no active links to it, people landing here, or any path under it (e.g., if they have bookmarked their bookmarks) will still need to see something. The unfriendly thing would be the standard site 404 page, the friendlier thing would be some editorial content explaining that there's no account-related stuff here any more. This was the mockup I made on library-uat but it needs some template and copy work, although not much.

Understood.

f) Later (when wl.org is retired), a redirector that works for anyone who has ever bookmarked, cited or otherwise linked to any digitised content on wl.org.

Understood.

@tomcrane As regards the tasks (account login button, bookmark landing page etc), can you confirm that the current time line gives you enough to schedule this work?

I am drafting a list of go live tasks and will circulate it shortly for comment.

Thanks Louise

[pollecuttn]

@louisesimon I've not been in any of the comms discussions so I don't know the answer to this. Someone in those comms discussions should be able to tell you, and I'd expect anyone involved in writing the comms to also be sending them out.

[louisesimon]

Hi @pollecuttn So the reason I was asking you was because it was agreed earlier that DE would send out the bookmark URLs to users who requested them. They would need access to Tom's Webapp to do this. It is the technical one-off process of sending out the initial emails to all users that I am now asking about. Would this be a task for DE as they would have access to the bookmark app? LE&E are providing the text to be inserted in whatever technical process is being used to send out the emails.

[pollecuttn]

@louisesimon Do you mean from your conversation with Jenn https://github.com/wellcomecollection/platform/issues/4016#issuecomment-579373838 ?

If so, it sounds like the email would be from her.

[jennpb]

No no no, please! I don't have anything to do with sending out emails to the public. I thought this was being handled as part of the Comms plan (which I'm not part of), so someone who is not me should have a plan for communicating with the users.

[louisesimon]

Hi all

No. I don't mean that. Ok, sorry not to be clear.

In Tom's response, he said that he is creating a webapp that will contain all the users and emails of those with bookmarks. My question is who will actually do the technical bit of using the app to send the initial emails?

Comms group have agreed the notice period and will word the email. We haven't yet agreed the process of sending out the initial emails because the technical mechanism wasn't in place.

If you think that it isn't one for DE, then LE&E or l will have to use the webapp. It just felt that as DE had already agreed that they would be responding to requests for users to send out URL links (and they would have to use the webapp), then it would make sense for them to do the initial sending out of emails.

Happy to discuss.

Louise

Get Outlook for Androidhttps://aka.ms/ghei36

---

From: jennpb notifications@github.com Sent: Thursday, March 26, 2020 4:52:08 PM To: wellcomecollection/platform platform@noreply.github.com Cc: Louise Simon l.simon@wellcome.ac.uk; Mention mention@noreply.github.com Subject: Re: [wellcomecollection/platform] Library site CAS SSO decommisioning (#4016)

No no no, please! I don't have anything to do with sending out emails to the public. I thought this was being handled as part of the Comms plan (which I'm not part of), so someone who is not me should have a plan for communicating with the users.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fwellcomecollection%2Fplatform%2Fissues%2F4016%23issuecomment-604544053&data=02%7C01%7Cl.simon%40wellcome.ac.uk%7C77059b01780440d039e708d7d1a6064d%7C3b7a675a1fc84983a100cc52b7647737%7C0%7C0%7C637208383303042886&sdata=CS2Dt7NYKZjrK5bNmdB9MIIkfIcmhNijnKmpVtJkzas%3D&reserved=0, or unsubscribehttps://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAAMOSFJZPHBPAWUIZN25OC3RJOB3RANCNFSM4JHLWY3Q&data=02%7C01%7Cl.simon%40wellcome.ac.uk%7C77059b01780440d039e708d7d1a6064d%7C3b7a675a1fc84983a100cc52b7647737%7C0%7C0%7C637208383303052869&sdata=K48KQfkkXK%2BbwPJbstd93LvQAB2q%2F0U2O%2BrLSrXFBAQ%3D&reserved=0.

[louisesimon]

Re: my comment above, when I refer to the 'initial emails', I mean the email that will inform users that the Bookmark function is to be removed

[tomcrane]

@louisesimon I think I'll need a couple of days clear to do all these tasks and prep for tasks that are dependent on others. I'll need to get back to you on scheduling, our schedules are being rearranged a lot at the moment. At time of writing it was assumed that the app mentioned would be deployed somewhere internal to Wellcome's network, does everyone WFH change that?

[louisesimon]

Hi @tomcrane THanks. I'll wait to hear from re: schedule. The latest we could leave the sending out of the emails to Bookmarks users would be Mon 13 April. Do you think you'd be able to schedule the webapp by then? THe other pieces of work(e.g. login button etc) can be pushed back (deadline 4 May, but ideally before then for testing etc).

As regards deploying the webapp onto the Wellcome internal network, I don't think that would be a problem, but could you give me a brief description of what you have planned and I'll run it past out Platform Tech team.

Thanks Louise

[pollecuttn]

@louisesimon Monday 13 April is Easter Monday (a bank holiday)

[louisesimon]

@louisesimon Monday 13 April is Easter Monday (a bank holiday)

Thanks, Natalie. @tomcrane Deadline would be Tuesday 14 April for the webapp, but if we could have it by Thurs 9the, that would be great.

Thanks Louise

[louisesimon]

Hi @tomcrane

I commented:

As regards deploying the webapp onto the Wellcome internal network, I don't think that would be a problem, but could you give me a brief description of what you have planned and I'll run it past out Platform Tech team.

If you could give me a response so I can take up with Platform Tec, that would be great. Also can you confirm if deadline of 9th April is doable?