De-mystifying e-resource access - what every librarian should know

De-mystifying e-resource access - what every librarian should know

Presentation given as part of the Boston Library Consortium's Expanding Knowledge webinar series, May 17, 2019. Presenters were Emily Singley and Viral Amin.

This presentation is designed to provide a fundamental understanding of how different library e-resource authentication methods work (including EZProxy and Shibboleth) and will also learn where the access environment is heading and how current trends will impact libraries and users in the future. Topics covered include SciHub and RA21.

E462bb245db1502ffa3015e847cda35e?s=128

Emily Singley

May 17, 2019
Tweet

Transcript

  1. De-mystifying e-resource access what every librarian should know

  2. Bill Leiser [CC BY-SA 4.0 (https://creativecommons.org/licenses/by-sa/4.0)] • ◦ • ◦

    • ◦ ◦
  3. Image:

  4. how IP authentication works (on campus “1”)

  5. how IP authentication works (on campus “2”)

  6. how IP authentication works (on campus “3”)

  7. how IP authentication works (off campus)

  8. how IP authentication can break (#1)

  9. how IP authentication can break (#2) Resource Stanza URL: resource.com

  10. how IP authentication can break (#3)

  11. how IP authentication can break #4

  12. authentication Credit: Open Athens presentation What Librarians Should Know about

    Authentication Credit: Rich Wenger, Replacing IP Filtering Challenges for Academic Libraries Pros Cons No identity verification required Requires users to click on special link When on-site, no login is necessary IP addresses are no longer stable and do not accurately indicate user location Has been around a long time Difficult to maintain License breach risks Insecure and easily exploitable
  13. None
  14. Question 1: IP authorization identifies who a user is A.

    True B. False Question 2: IP addresses always accurately give the physical location of a device A. True B. False Question 3: If you click on www.resource.com from off campus, what will happen? A. You will end up on the www.resource.com website B. You will receive an proxy server error C. You won’t be able to access full text D. Both A and C Question 4: IP authorization requires that libraries maintain an accurate file of all resource URLs A. True B. False
  15. None
  16. how Federated Identity Management works

  17. None
  18. None
  19. None
  20. Let’s look at a real example: https://www.hathitrust.org/

  21. None
  22. None
  23. None
  24. None
  25. Some FIM vocabulary: SAML • the protocol used to exchange

    identity data Single Sign On (SSO) • the concept of persistent identity management across applications Shibboleth • open source software used to implement FIM using SAML InCommon Federation • a US federation of institutions that use the same clearinghouse for identification data RA21 • a draft NISO recommendation for consistent implementation of FIM across vendors
  26. Learn about RA21: https://ra21.org/

  27. *depends on implementation Pros Cons Uses institution’s central single sign

    on system Inconsistent experience across different publisher platforms No need to maintain file of resource URLs Often managed by campus IT, not Library Does not rely on unstable IP ranges Privacy concerns if not implemented appropriately Users can start from anywhere Anonymous*
  28. None
  29. Question 1: When you authenticate using FIM, a vendor will

    know: A. Who you are B. Where you are C. What institution you are affiliated with Question 2: When you authenticate using FIM, you login: A. On the vendor page B. On your institution’s login page C. On the InCommon Federation login page Question 3: RA21 is: A. a draft NISO recommendation B. a piece of software used to implement FIM C. a language used to transmit identity data
  30. Why do access methods matter?

  31. Piracy • Users are increasingly accessing resources illegally • Pirated

    access works consistently from anywhere • IP authentication methods have enabled piracy
  32. 835% increase in SciHub downloads in one year at Boston

    College* *Just Newton, Brookline, and Brighton (i.e. probably Boston College) Credit: John O’Connor, presentation at Boston College Library, 2018
  33. Privacy • Vendors are starting to prefer Federated Identity Management

    • Libraries are being pressured to release patron data • Collection development implications - at what point is privacy considered?
  34. Example

  35. Questions to ask vendors: • Do they support Federated Identity

    Management? • Do they want you to release identifiable patron information (name, email, dept)? • If yes, why? • Will they participate in RA21?
  36. Conclusion • The world is moving away from IP authentication

    • We need to be prepared for this new reality • Users’ privacy is at stake if we don’t get it right Jon Rawlinson [CC BY 2.0 (https://creativecommons.org/licenses/by/2.0)]
  37. Thank you! Questions? emily.singley@bc.edu vamin@bentley.edu