Presentation by Todd Carpenter given at the American Library Association Conference on June 25, 2017 about the Resource Access in the 21st Century (RA21) project. The RA21 project is focused on improving the access control systems for digital content subscribed to by libraries.
2. Late 20th Century: from Print to Digital
•Institution to purchase from the publisher
•Institution to lend to its users
•Single point of entry
•Simple transaction
•Library cards
•Lock the doors at night
•Must return after use
•Prohibitively expensive to make copies of entire
collections
•Imitate print experience
•Optimize for ease of implementation
•IP Authentication
3. 21st Century: digital and remote
•Technology evolved
•Multiple entry points
•Mobile and remote access
•Cumbersome user experience
•Easy to download an entire library
4. RA21 Problem Statement
• Access to STM content and resources is traditionally managed via IP address recognition.
• For the past 20 years, this has provided seamless access for users when on campus
3
5. RA21 Problem Statement
• Access to STM content and resources is traditionally managed via IP address recognition.
• For the past 20 years, this has provided seamless access for users when on campus
• However, with modern expectations of the consumer web, this approach is increasingly problematic:
– Users want seamless access from any device, from any location
– Users increasingly start their searches on 3rd party sites (e.g. Google, PubMed) rather than
publisher platforms or library portals and run into access barriers
– A patchwork of solutions exist to provide off-campus access: proxy servers, VPNs, Shibboleth,
however the user experience is inconsistent and confusing
– Publishers are facing an increasing volume of illegal downloads and piracy, and fraud is difficult
to track and trace because of insufficient information about the end user
– The lack of user data also impedes the development of more user-focused, personalized
services by publishers.
– The increase in privacy and fraud also poses a significant risk to campus information security
4
6. Behind the scenes:
Does the user have
access rights?
Yes or No?
Do you have a login?
Yes or No?
Where are you from?
??????
7. Fundamental Expectations of the
Community
• Researchers
–Seamless access to subscribed resources, from any device, from
any location, from any starting point
–A consistent, intuitive user experience across resources
–Increased privacy of personal data
–Streamlined text and data mining
6
8. Fundamental Expectations of the
Community
• Resource Providers
–Ability to provide individualized and differentiated access for
better reporting to governing bodies and customers
–Ability to offer personalized services to accelerate insight and
discovery
–Ability to ensure the integrity of content on both institutional
and commercial platforms
7
9. Fundamental Expectations of the
Community
• Libraries
–Minimization of administrative burden of providing access to
authorized user communities
–Maximization the use of the resources purchased
–Protection of the privacy of user communities and advocacy for
their security
8
10. RA21 Guiding Principles
The user experience for researchers will be as
seamless as possible, intuitive and consistent across
varied systems, and meet evolving expectations.
9
11. RA21 Guiding Principles
The solution will work effectively regardless of the
user’s starting point, physical location, and preferred
device.
10
12. RA21 Guiding Principles
The solution will be consistent with emerging
privacy regulations, will avoid requiring researchers
to create yet another ID, and will achieve an optimal
balance between security and usability.
11
13. RA21 Guiding Principles
The system will achieve end-to-end traceability,
providing a robust, widely adopted mechanism for
detecting fraud that occurs at institutions, vendor
systems, and publishing platforms.
12
14. RA21 Guiding Principles
The library will not be burdened with administrative
work or expenses related to implementation and
maintenance. The implementation plan should allow
for gradual transition and account for different levels
of technical and organizational maturity in
participating institutions.
13
15. Pilot program
• Pilot program through Q3 2017
– Broad spectrum of stakeholders
– Address a variety of use cases
– Includes both academic and corporate efforts
• Self organized, registered and tracked under the larger umbrella of RA21
• Feedback and results shared with the community
• Ultimate goals
– Move away from IP authentication – lack of scale
– Balance with the concept of privacy (General Data Protection Regulation 2018)
– Create a set of best practice recommendations for identity discovery
Important to have multiple pilots so we can address the problem from multiple
angles
14
16. • Three Pilots
• The Academic (Shared ‘Where are you from’ (WAYF)) Pilot
• Privacy Preserving Persistent WAYF Pilot
• Client-based WAYF Pilot
• All seek to address the User Experience for off-campus access
Academic Pilots – RA21
17. • Shared WAYF pilot objectives
– To provide seamless access across content providers
– Uses a universal session state
– Provide easy integration points – for maximum
participation
– Look to form a potential industry standard for user
based authentication
Shared WAYF Pilot
18. • Privacy Preserving Persistent WAYF (P3W) pilot
objectives
• To improve current Identity Provider process
– By providing additional ‘WAYF hints’
• Improve sign-in flows
• Enable cross-provider persistence of WAYF choice
P3W Pilot
19. • Client-based WAYF objectives
– Improve Identity Provider (IdP) discovery
processes
• Use a shared discovery service that uses both browser
information and shared metadata hints to narrow down
IdP options for the user
– Determine the best way to populate the metadata
registry with hints from the Service Providers
regarding what IdPs are likely to work in an
authorization scenario
Client-based WAYF
20. • A number of publishers and institutions have signed up to
participate
• Currently at early-stages of development, but looking to
progress swiftly
• Libraries are critical to engaging the user and collecting
feedback
• Publishers will need to be prepared
• Campuses and identity federations will need to be prepared
Academic Pilots Progress
21. • URA pilot participants
– Pharma Documentation Ring (P-D-R) member companies
– Scholarly publishers
– IAM vendors
• URA pilot
– same issues, different perspective
Corporate Pilot - URA
22. Want to join ?
• Visit: www.RA21.org
• Express your interest in participation by emailing: Julia@RA21.org and
heather@RA21.org or tcarpenter@niso.org
21
24. Thank you!
Todd A. Carpenter
Executive Director
NISO
tcarpenter@niso.org
Notas del editor
[endif]Academic (Shared WAYF*) Pilot Project
The Academic (Shared WAYF) Pilot seeks to validate the use of user-based authentication via federated SSO (single sign- on) technologies to provide seamless access to scholarly resources for authorized users at academic organizations. The pilot seeks to demonstrate how the use of academic authentication credentials can be leveraged across publishers to provide the same type of seamless access to scholarly resources that today’s IP address authentication provides.
*Where Are You From
[if !supportLists]2. [endif]RA21 Privacy Preserving Persistent WAYF Pilot Proposal
The RA21 Privacy Preserving Persistent WAYF (P3W) pilot seeks to validate the use of SAML-based federated authentication technologies to provide seamless access to scholarly resources for authorized users at participating institutions. The pilot seeks to demonstrate how institutional login credentials can be leveraged to provide a similar level of seamless access to scholarly resources that today’s IP address authentication provides through significantly streamlined Where Are Your From (WAYF) UX (user experience) flows whilst preserving the privacy of the end user by using a browser-based mechanism to store their preferred choice of Identity Provider.
[if !supportLists]3. [endif]RA21 samlbits Pilot
The pilot project will focus on access to publisher resources by authorised users using desktop or mobile devices both within and outside the campus network by enabling a smart, shared discovery service so that users can authenticate to their institution, receiving authorization to access publisher material online, without having to select from too many options to find their Identity Provider.
The specific goals of the Client-based WAYF pilot are as follows:
[if !supportLists]1. [endif]To improve current Identity Provider (IdP) discovery processes by using a shared discovery service that uses both browser information and shared metadata hints to narrow down Identity Provider options for the user.
[if !supportLists]2. [endif]To determine the best way to populate the metadata registry with hints from the Service Providers regarding what Identity Providers are likely to work in an authorization scenario.
Additional pilots may be added as well to help us more clearly determine best practice in the space of identity discovery and user experience.