You may have heard of a project called RA21 that aims to simplify online access to library resources, but how it actually does this is less well understood. The technical jargon and acronyms often confuse what is actually a pretty simple concept.
In this brief video, and with the help of some stick figures, we demystify RA21 and what it means for publishers and libraries.
Hi, many of you may have heard of a project called RA21 that’s trying to simplify online access to library resources. But how it actually does this is less well understood. The technical jargon and acronyms often confuse what is actually a pretty simple concept.
My name is Tim Lloyd and, with the help of some stick figures, I’m going to demystify RA21 in this short video.
One more note before we start. RA21 builds on an existing user authentication process called Federated Single Sign-On. If you’re unfamiliar with that term, you may recognize the name Shibboleth instead - Shibboleth is an open source software commonly used to implement Federated Single Sign-On. Because it’s easy to confuse RA21 with Federated Single Sign-On, I’ll make the distinction between them clear.
Let’s start with a simple analogy:
Bob runs a conference booth that provides books to anyone who studies at a subscribing institution. Amy comes up to the booth and says "Hi, can I have a book?"
Bob says, "Sure” and asks her if she’s at a subscribing institution
Amy says that she’s a student at ABC College
However, Bob doesn’t know Amy so he needs to verify that she’s registered with ABC College.
Luckily, he has a phone book where he can look up someone who can help him. In the case of ABC College, the person to talk to is Carol.
Bob calls Carol to ask if she can confirm that the person at his booth is a student at ABC College
Carol asks him to pass the phone to the student so she can talk to her directly
Carol talks to Amy and is able to confirm that she’s a valid student
Amy passes the phone back to Bob so that Carol can confirm to him that she’s a student at ABC College
Now, Bob would ideally like to know the student’s name so that he can learn more about her interests and recommend other books to her in future
However, ABC College’s policy is not to release student names and so Carol can’t provide Bob with any additional information on the student.
Bob has now verified that the student in front of him is at ABC College
Bob gives Amy her book, and also gives her a bright green badge to wear that says "I'm with ABC College" - Bob tells her that if the other booths see that badge, it'll save some time as she won't need to tell every booth which institution she studies at.
This simple scenario is actually very close to how Federated Single Sign-On works!
Bob is the 'service provider’ that needs to check a visitor’s institutional affiliation before providing access to services.
His phone book is a federation - a trusted list that details how to talk to a set of vetted institutions and vendors. Examples of federations include InCommon in the United States, and the UK Access Management Federation.
Carol is the 'identity provider' - the institution’s Single Sign-On service that confirms a visitor’s identity.
An,d while our characters in this scenario speak English, in reality Bob, Carol and the Federation communicate using a language called SAML.
Finally, the badge that Bob gives to Amy is what RA21 is really about - making it easier for Amy to deal with other service providers.
It's also important to note that Carol was in control of the Amy identity, and opted not to tell Bob Amy’s name. This might have been institutional policy, or Carol might have asked Amy if she wanted to share it. Either way, all Bob got was confirmation that Amy was definitely affiliated with ABC College and, as Bob trusts the phone book, he trusts Carol is the right person to confirm that.
Okay, so hopefully you’ve now got a basic understanding of how Federated Single Sign-On works and, more importantly, how RA21 greatly simplifies the process of authenticating a user as they access online content and services provided by their library.
The last question is what do you need to participate? Well, there are really just 2 key elements.
The first is RA21-enabled vendors. By this we mean vendors that are able to give and read the green badge that Bob gave to Amy in our example. Or, in more technical terms, a cookie that simply describes the institution that she belonged to (and no other information).
RA21 will provide a centralized infrastructure to support this process that will be managed by a consortium of non-profit organizations representing the various stakeholders in the process, including libraries and federation operators.
If you are a publisher or other service provider to institutions, please visit RA21.org to learn more.
If you are a library, please encourage your vendors to learn more about RA21 and participate.
The second thing is Federated Single Sign-On. If you already support Federated Single Sign-On, either as a publisher or as an institution, then congratulations. Your users will automatically benefit from more seamless access as RA21 starts to become adopted across the industry. If not, please encourage your IT department to explore how Federated Single Sign-On can simplify access to online resources in a secure and privacy-preserving way.
You will find more information about RA21 at their website, RA 21 dot org.
Alternatively, feel free to contact me if you have questions about RA21 and/or Federated Single Sign-On. LibLynx helps both publishers and libraries to manage identity and access to online resources, and we’d be delighted to talk. Thanks!