Upgrade to Pro — share decks privately, control downloads, hide ads and more …

De-mystifying e-resource access - what every librarian should know

Emily Singley
May 17, 2019
Education
1
21

De-mystifying e-resource access - what every librarian should know

Presentation given as part of the Boston Library Consortium's Expanding Knowledge webinar series, May 17, 2019. Presenters were Emily Singley and Viral Amin.

This presentation is designed to provide a fundamental understanding of how different library e-resource authentication methods work (including EZProxy and Shibboleth) and will also learn where the access environment is heading and how current trends will impact libraries and users in the future. Topics covered include SciHub and RA21.

Emily Singley

May 17, 2019
Tweet

More Decks by Emily Singley

See All by Emily Singley
Building privacy infrastructure - an academic library's perspective
emilysingley
0
25
"Why can't I get to the full text?" Accessing library resources during a pandemic
emilysingley
0
75
Why Access Matters: SciHub and the Risk to Libraries
emilysingley
0
100
Discovery System Evaluation - some background information
emilysingley
0
17
Why didn't we think of asking that? Findings from a collaborative study on research behavior
emilysingley
0
64
How does the Library catalog work? De-mystifying Primo
emilysingley
0
120
Finding the gaps: ERM in Alma, Sierra, and WorldShare
emilysingley
0
1.3k
Library Wiki Workshop
emilysingley
0
63
What are Alma and Primo, anyway?
emilysingley
0
81

Other Decks in Education

See All in Education
Introduction - Lecture 1 - Next Generation User Interfaces (4018166FNR)
signer
PRO
0
2.4k
「ChatGPT」って固いな。 ニックネームとかは無いの?
akane69
0
130
Spring 2023 Pre-enrollment Information for UTokyo International Students
utokyoissr2360
0
1.2k
Introduction - Lecture 1 - Advanced Topics in Big Data (4023256FNR)
signer
PRO
1
590
子育てエンジニアたちのLT大会_CTOの小学校受験
fdmiyata
PRO
0
630
Data Representation - Lecture 3 - Information Visualisation (4019538FNR)
signer
PRO
1
1.2k
Statistical Rethinking 2023 - Lecture 03
rmcelreath
1
1.1k
渡辺研Slackの使い方 / Slack Local Rule
kaityo256
PRO
4
3.6k
Interactive Tabletops and Surfaces - Lecture 7 - Next Generation User Interfaces (4018166FNR)
signer
PRO
1
840
会社説明資料
espacio
0
120
【PLATEAU AWARD】PLATEAU CityGML LOD1 を OpenStreetMap にインポートしてみた!Final (発表用)
fullfull
0
120
0201
cbtlibrary
0
140

Featured

See All Featured
Infographics Made Easy
chrislema
236
17k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
32
9k
Done Done
chrislema
178
15k
Facilitating Awesome Meetings
lara
35
4.7k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
224
50k
Art, The Web, and Tiny UX
lynnandtonic
284
18k
BBQ
matthewcrist
75
8.2k
Optimizing for Happiness
mojombo
366
65k
Gamification - CAS2011
davidbonilla
75
4.2k
How STYLIGHT went responsive
nonsquared
89
4.3k
Product Roadmaps are Hard
iamctodd
39
7.9k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
351
21k

Transcript

  1. De-mystifying e-resource
    access
    what every librarian should know

    View Slide

  2. Bill Leiser [CC BY-SA 4.0 (https://creativecommons.org/licenses/by-sa/4.0)]







    View Slide

  3. Image:

    View Slide

  4. how IP authentication works
    (on campus “1”)

    View Slide

  5. how IP authentication works
    (on campus “2”)

    View Slide

  6. how IP authentication works
    (on campus “3”)

    View Slide

  7. how IP authentication works
    (off campus)

    View Slide

  8. how IP authentication
    can break (#1)

    View Slide

  9. how IP authentication
    can break (#2)
    Resource Stanza
    URL: resource.com

    View Slide

  10. how IP authentication
    can break (#3)

    View Slide

  11. how IP authentication can break #4

    View Slide

  12. authentication
    Credit: Open Athens presentation What Librarians Should Know about Authentication
    Credit: Rich Wenger, Replacing IP Filtering Challenges for Academic Libraries
    Pros Cons
    No identity verification required Requires users to click on special link
    When on-site, no login is necessary IP addresses are no longer stable and do
    not accurately indicate user location
    Has been around a long time Difficult to maintain
    License breach risks
    Insecure and easily exploitable

    View Slide

  13. View Slide

  14. Question 1: IP authorization identifies who a user is
    A. True
    B. False
    Question 2: IP addresses always accurately give the physical location of a device
    A. True
    B. False
    Question 3: If you click on www.resource.com from off campus, what will happen?
    A. You will end up on the www.resource.com website
    B. You will receive an proxy server error
    C. You won’t be able to access full text
    D. Both A and C
    Question 4: IP authorization requires that libraries maintain an accurate file of all resource URLs
    A. True
    B. False

    View Slide

  15. View Slide

  16. how Federated Identity Management works

    View Slide

  17. View Slide

  18. View Slide

  19. View Slide

  20. Let’s look at a real example:
    https://www.hathitrust.org/

    View Slide

  21. View Slide

  22. View Slide

  23. View Slide

  24. View Slide

  25. Some FIM vocabulary:
    SAML
    ● the protocol used to exchange identity data
    Single Sign On (SSO)
    ● the concept of persistent identity management across applications
    Shibboleth
    ● open source software used to implement FIM using SAML
    InCommon Federation
    ● a US federation of institutions that use the same clearinghouse for identification data
    RA21
    ● a draft NISO recommendation for consistent implementation of FIM across vendors

    View Slide

  26. Learn about RA21:
    https://ra21.org/

    View Slide

  27. *depends on implementation
    Pros Cons
    Uses institution’s central single sign on
    system
    Inconsistent experience across different
    publisher platforms
    No need to maintain file of resource URLs Often managed by campus IT, not Library
    Does not rely on unstable IP ranges Privacy concerns if not implemented
    appropriately
    Users can start from anywhere
    Anonymous*

    View Slide

  28. View Slide

  29. Question 1: When you authenticate using FIM, a vendor will know:
    A. Who you are
    B. Where you are
    C. What institution you are affiliated with
    Question 2: When you authenticate using FIM, you login:
    A. On the vendor page
    B. On your institution’s login page
    C. On the InCommon Federation login page
    Question 3: RA21 is:
    A. a draft NISO recommendation
    B. a piece of software used to implement FIM
    C. a language used to transmit identity data

    View Slide

  30. Why do access methods matter?

    View Slide

  31. Piracy
    ● Users are increasingly accessing resources illegally
    ● Pirated access works consistently from anywhere
    ● IP authentication methods have enabled piracy

    View Slide

  32. 835% increase in SciHub downloads in one year
    at Boston College*
    *Just Newton, Brookline, and Brighton (i.e. probably Boston College)
    Credit: John O’Connor, presentation at Boston College Library, 2018

    View Slide

  33. Privacy
    ● Vendors are starting to prefer Federated
    Identity Management
    ● Libraries are being pressured to release
    patron data
    ● Collection development implications - at
    what point is privacy considered?

    View Slide

  34. Example

    View Slide

  35. Questions to ask vendors:
    ● Do they support Federated Identity
    Management?
    ● Do they want you to release
    identifiable patron information (name,
    email, dept)?
    ● If yes, why?
    ● Will they participate in RA21?

    View Slide

  36. Conclusion
    ● The world is moving away from IP authentication
    ● We need to be prepared for this new reality
    ● Users’ privacy is at stake if we don’t get it right
    Jon Rawlinson [CC BY 2.0 (https://creativecommons.org/licenses/by/2.0)]

    View Slide

  37. Thank you!
    Questions?
    [email protected]
    [email protected]

    View Slide