1. RA21 Update
Todd Carpenter, Executive Director
National Information Standards Organization (NISO)
NISO Update ALA Midwinter Conference
January 26, 2019
2. The need for RA21
Simple access to content
needs to be fixed,
especially for off campus use:
•Scholarly content & services are increasingly being accessed from
outside of corporate/campus networks
•Publisher pathways for providing off-network access have not kept
pace with our experience on the consumer web (e.g. Google,
Facebook, LinkedIn logins across multiple sites).
•When accessing publisher platforms off-network, fully entitled end
users are turning to alternative resources (e.g. SciHub, etc.) because of
ease of access.
•RA21 has been established as the first step in the journey towards
replacing the now outdated IP based access & authentication model. 2
Ja…
Ap…
Jul…
Oc…
Ja…
Ap…
Jul…
Oc…
Ja…
Ap…
Jul…
Oc…
Ja…
Ap…
Jul…
Oc…
Ja…
Ap…
Jul…
Oc…
Ja…
Ap…
Jul…
Oc…
Mobile Traffic in Visits
3. RA21 Goals
Recommend new solutions for access strategies beyond IP
recognition in joint collaboration with software vendors, libraries,
federation operators, publishers and service providers
• Test and improve solutions by organizing pilots in a variety of
environments
•Establish best practices and publish via the NISO Recommended
Practice process – in process, UX demo today
•Prepare for post-project phase by identifying potential parties to
operate any necessary centralized infrastructure – in process
3
4. •Individuals from more than 60 different organizations have
been involved in RA21 since its inception in late 2016.
4
AbbVie Pharmaceuticals
American Medical Association /
JAMA
American Chemical Society
American University
American Psychological Association
Association of Research Libraries
American Society of Civil Engineers
Atypon Systems
BASF
Bibliotheksservice-Zentrum
Brill Publishers
Brown University
Centre for Agriculture and Bioscience
Carnegie Mellon University
Clarivate Analytics
Cambridge University Press
Copyright Clearance Center
Denver University
EBSCO Information Services
Eduserv
Elsevier Publishing
Emerald Publishing Group
Erasumus University Rotterdam
ETHZ
GEANT
GlaxoSmithKline Pharmaceuticals
Harvard
Highwire Press
Hypothes.is
IEEE
Informed Strategies LLC
Internet2
Institute of Physics Publishing
JISC
Johns Hopkins University
KTH Royal Institute of Technology
Liblynx
MIT
MyUniDys
NISO
Novartis
OCLC
Open University
ORCID
Opitcal Society of America
Oxford University Press
Proquest
Ringgold
Roche Holding AGG
Sage Publications
Silverchair Information Systems
Springer Nature
STM
SUNET
Switch
Taylor & Francis Group
Thieme Medical Publishers
Tilburg University
UC Davis
Universiti Putra Malaysia
University at Buffalo
University of Bath
University of Nottingham
University of Surrey
Wiley
Wolters Kluwer Publishing
Corporate Subscriber
Academic Subscriber
Software/Service Provider
Publisher
RA21 Industry Participation
5. So why RA21?
The current Identity
Provider discovery
workflow is very
difficult for users to
navigate
5
7. How SAML Can Protect Privacy
Publishers receive
attributes about the
user, not the user’s
identity.
8. Draft RA21 Attribute Release and Privacy
Recommendations
8
Limitations on attribute
release. Release as
little data as possible –
Pseudonymous with
affiliation data.
IF THERE IS
CONSENT BY THE
USER, additional
attribute release may be
permitted. Although, this
is may also governed by
institutional data-use
policies.
Institutions control
data attribute release.
Adoption of REFEDS
Attribute Release and
Privacy Policy.
Developed over three years
with a great deal of CISO
and legal counsel review.
Legal requirements based
on GDPR.
Something which most
content providers are using
as a basis for their data use
and reuse practices.
Key difference and objection
between GDPR and NISO
Privacy Principles are the
audit requirement.
1 2 3
9. UX Recommendation Building Blocks
9
Consistent visual cue
and call to action
signals institutional
access
Flexible and smart search
• Search by institution name,
abbreviation or email
• Typeahead matching and URL
Remembered institution
on next access
1 2 3
10. RA21 UX Goals
1
0
A user only encounters
a discovery process
once (per browser).
The user’s institution is
persisted in browser local
storage and subsequently
rendered in the RA21 button
across all participating
publishers.
1 2
11. RA21 Roadmap
1
1
Now through
Q1 2019
• Finalize user
experience
• Document
recommen-
dations
• Follow NISO
Recommended
Practice public
review process
Through End
Q2 2019
• Establish
governance
structure for
central
infrastructure
and enable the
service
• Publishing of
NISO RA21 RP
Second half of
2019
• Publishers begin to
deploy RA21
recommended
practices
12. Implementation: Roll-out Strategy
•Initial focus will be on
adopting RA21
recommendations as broadly
as possible as a supplement
to IP for remote access (off
campus)
•Also suggested as the
primary/only access method
for organizations that can’t
use IP (e.g. corporate
customers using cloud ISPs
such as zScaler
1
2
• This will allow us to
monitor and measure
success rates through
the CTA and discovery
progress
• And build a case for
RA21 as the primary
access method for all
customers
The set of attributes released to a service provider via SAML is formally under the control of each IdP and various SAML federations set their own norms around expected attributes. However a convention was established over a decade ago for library information resources. Many resource providers expect the following:
· An anonymous entitlement attribute indicating that the user is entitled to access resources licensed common library terms (https://www.internet2.edu/products-services/trust-identity/mace-registries/urnmace-namespace/urn-mace-dir-registry/urn-mace-dir-entitlement/)
· An optional, opaque pairwise identifier for the user which enables personalized features on the information provider site to be accessed using the user’s home institution sign-in credentials
RA21 is (proposing/recommending/suggesting/investigating) the formalization of this convention via the establishment of a new Entity Category for library information resources (https://wiki.refeds.org/display/ENT/Entity-Categories+Home)