This presentation was provided by Todd Carpenter in conjunction with Daniel Ayala (Proquest) and Andrew Anderson (LIRN) on June 24, 2018 during the 2018 ALA Annual Conference, located in New Orleans.
Z Score,T Score, Percential Rank and Box Plot Graph
RA21 and Privacy - NISO ALA Annual 2018
1. Let’s Talk About Privacy and RA21
Todd Carpenter, Executive Director, National Information Standards Organization (NISO)
Dan Ayala, CISO & Privacy Officer, ProQuest
Andrew Anderson, President, Library and Information Resources Network, Inc.
NISO RA21 ALA Annual Conference
June 24, 2018
3. Behind the scenes:
Does the user have
access rights?
Yes or No?
Do you have a login?
Yes or No?
Where are you from?
??????
4. An Analogy: Credit card processing
Excuse me. To process this payment you need to tell me: What is the
payment processing clearinghouse your bank uses?
7. RA21 wants to build on the user
experience of the wider web
8. Make the login experience match the user
experience we’re all familiar with
Private Experience Target Institutional Experience
9. How SAML Can Protect Privacy
Publishers receive
attributes about the
user, not the user’s
identity.
10. RA21 Pilots
• Corporate Pilot (Universal Resrource Access “URA”)
•Two Academic Pilots
– Privacy Preserving Persistent WAYF Pilot
– WAYF Cloud Pilot
All seek to address the User Experience for off-campus access
11. Initial Privacy Review of RA21 Pilots
SECURITY & PRIVACY RECOMMENDATIONS Cloud WAYF P3W
Privacy Policy Requirements √ √
Data Protection Impact Analysis Required √ √
Data Retention Policy Required √
Denial of Service Protection √
Browser security (https + access controls) implementations √ √
Database/data protection best practices √
Server hardening - for security threats √ √
Code Scanning - for security threats √ √
Vulnerability Scanning/Penetration Testing √ √
API security protocols √
Audit Logging and review √
Security Monitoring √
Incident Response Plan √
High Availability Infrastructure requirements √ √
Anti-virus software monitoring √ √
GDPR compliance concerns √
12. Privacy Preserving Persistent (P3) WAYF Pilot
•Pilot goals
– To improve current Shibboleth Identity Provider discovery process
• Incorporate additional “WAYF hints” such as email domain and IP address into
federation metadata
• Improve sign-in flow using those WAYF hints via a shared discovery service
• Populate shared discovery service hints from the Service Providers regarding
what Identity Providers are likely to work in an authorization scenario
• Enable cross-provider persistence of WAYF choice using browser local storage
•Pilot participants (confirmed so far)
Project Management
GÉANT
Educational Access Management Federations
Sunet & SWAMiD (Swedish Federation)
The samlbits.org project
eduGAIN
EduServ
Publishers
Elsevier
American Chemical Society
Subscribing institutions
MIT
University of California, Davis
University of Arizona (tbc)
University of Denver (tbc)
Service Providers
ProQuest
Ping
LibLynx
Ebsco
13. Preserving Privacy
Built upon ”SAML-BITS”
technology in production
Technique Challenge
Only domain part of email
address needs to be
transmitted from browser
to publisher platform to
select IDP
Need to define and test a
standardized UI that
makes this clear to users
IdP preference is stored
locally in the browser,
retrieved using centrally
served javascript, not on a
central server
Need to adapt Account
Choose mechanism to
support SAML IdPs vs
OpenID Connect
Authorization Servers
14. It’s Not That Scary: A Short Demo
https://www.youtube.com/watch?v=mkQC64zfNyw&feature=youtu.be
Prototype demo starts at 1:22:01 in the recording
15. CRITICISM OF RA21
• Yes, SciHub is a motivator of RA21, but not the
only motivator.
• This project began with outreach from LIBRARIES!
• There are a variety of
reasons why libraries
would like to improve
access control
• Evil twins? Come on….
16. MORE CRITICISM OF RA21
• Open Access is not the end-all be-all of library
access control issues.
– First, even if every journal article were OA, not all
content provided by libraries will be freely available
– Second, a variety of the services that libraries provide
will still need authentication, regardless of whether
they are free or not
– To presume that RA21 is a fight against open access is
to have a very narrow and dim view of what libraries
do and provide.
17. EVEN MORE CRITICISM OF RA21
• RA21 is a nefarious plot by publishers to hoover
up all sorts of patron data.
– First, SAML data released by identity federations is under the
control of institutions, who can set limits on what data is
released or not, it is NOT controlled by publishers
– Second, RA21 will only be storing user preference information
about which IDP to pass credentials – NOT the credentials
themselves
– Finally, if they wanted, publishers could use other methods to
track user behavior, but are often limited by contracts and laws.
18. Google CASA Project
(Campus Activated Subscriber Access)
• Outside of the scope or RA21, but attempting to address
similar questions
• Led by Google Scholar team with several publisher
vendor partners
• Based on Google user-behavior analysis and cloud data
to navigate user to identity provider
• Core question: If you don’t trust RA21’s privacy
protections, do you trust Google to protect privacy of
patrons more than publishers/IdPs?
19.
20. Want to get involved?
•Visit: https://www.RA21.org
•Mailing lists:
–P3W community list: https://lists.refeds.org/sympa/subscribe/p3w-
community
–WAYF Cloud community list: TBD
•Everyone: Register your interest in participation by emailing:
Julie Wallace: Julia@RA21.org and
Heather Flanigan: Heather@RA21.org
So what are the pilots you ask?
We have a Corporate Pilot as well as two academic pilots:
The P3W pilot - Privacy Preserving Persistent WAYF Pilot - quite the tongue twister
And the WAYF Cloud pilot
All seek to address the experience of access outside an institute and to streamline the UX – the user experience – in order to have a similar experience throughout – users do not like to be confronted again and again with new interfaces to master.
So following this bit of context for an introduction, we can now go into a bit of detail on the pilots themselves.
Two privacy a
So onto the first of the Academic pilots: the Privacy Preserving Persistent (P3) WAYF Pilot. There are several important things we are trying to investigate in this pilot:
All pilots are addressing the UX in one way or another – If we don’t streamline the UX for authentication, we won’t get endusers to adopt the solution
We want to make sure the identity provider discovery is consistent; we have a multiple of science providers participating – the idea is if an enduser selects your identity with one; they won’t have to repeat for the others; but this sharing of information creates a privacy problem, thus we aim for cross-provider persistence of WAYF choice using browser local storage.
There is a rather large set of folks collaborating on this; originally two pilots combined. It is managed by Geant, and has participation of several access management Federations, Sunet, EduServ are two examples, as well as publishers and subscribing institutions MIT UC Davis, and many well known service providers: ProQuest, LibLynx, Ebsco
So to recap – the P3WAYF pilot would like to make clear to users they only require the domain part of their email (some UX challenges there, but we will solve it), and that their IdP preference is stored locally in the browser, retrieved using centrally served javascript, not on central server.
Thank you for your kind attention. We would love to have you involved with any of the pilots.
While we currently have a lot of active leadership and participation from the US and UK, we are actively seeking greater involvement from Europe and Australasia.
There are a couple of ways you can register your interest: Through our mailing list, or emailing our project leaders directly.
We are also happy to answer any questions off line, or connect with me directly
Ann Gabriel
a.gabriel@Elsevier.com