This document discusses federated access management using SAML/Shibboleth single sign-on. It describes how federated access management allows users to securely access digital content and services from their home institution with a single credential. Federations like InCommon and OpenAthens allow institutions and publishers to connect once and then reuse the connection for multiple resources, lowering implementation costs. The document also notes some challenges with SAML/Shibboleth like age and network security, and suggests "user-managed access" as a potential next step beyond SAML.
This talk was provided by Phil Leahy of OpenAthens during the NISO Live Connections event, Digital Libraries: Authentication, Access & Security of Information Resources, held on May 22-23, 2018 in Baltimore, MD.
This talk was provided by Ann West of InCommon during the two-day NISO Live Connections Event, Digital Libraries: Authentication, Access and Security for Information Resources, held on May 22-23, 2018 in Baltimore, MD.
This presentation was provided by Theda Schwing of OhioLink during the NISO Live Connections event, Digital Libraries: Authentication, Access and Security for Information Resources, held on May 22-23, 2018 in Baltimore, MD
This presentation was provided by Don Hamparian of OCLC during the two day NISO Live Connections event, Digital Libraries: Authentication, Access and Security of Information Resources, held on May 22-23, 2018 in Baltimore, MD.
Access Lab 2020: What OpenAthens can do for you: creative applications for th...OpenAthens
Access Lab 2020: What OpenAthens can do for you: creative applications for the academic library
– Scott Anderson & Krista Higham, Millersville University and Amanda Ferrante, product manager, authentication solutions, EBSCO
This talk was provided by Phil Leahy of OpenAthens during the NISO Live Connections event, Digital Libraries: Authentication, Access & Security of Information Resources, held on May 22-23, 2018 in Baltimore, MD.
This talk was provided by Ann West of InCommon during the two-day NISO Live Connections Event, Digital Libraries: Authentication, Access and Security for Information Resources, held on May 22-23, 2018 in Baltimore, MD.
This presentation was provided by Theda Schwing of OhioLink during the NISO Live Connections event, Digital Libraries: Authentication, Access and Security for Information Resources, held on May 22-23, 2018 in Baltimore, MD
This presentation was provided by Don Hamparian of OCLC during the two day NISO Live Connections event, Digital Libraries: Authentication, Access and Security of Information Resources, held on May 22-23, 2018 in Baltimore, MD.
Access Lab 2020: What OpenAthens can do for you: creative applications for th...OpenAthens
Access Lab 2020: What OpenAthens can do for you: creative applications for the academic library
– Scott Anderson & Krista Higham, Millersville University and Amanda Ferrante, product manager, authentication solutions, EBSCO
This presentation was provided by Amy Pawlowski of OhioLink and by Mark Beadles of OARnet during the NISO Live Connections event, Digital Libraries: Authentication, Access & Security of Information Resources, held on May 22-23, 2018 in Baltimore, MD.
This presentation was provided by Tim LLoyd of LibLynx during the NISO Live Connections event, Digital Libraries: Authentication, Access and Security of Information Resources, held on May 22-23, 2018 in Baltimore, MD.
This presentation was provided by Phil Leahy of Eduserv during the NISO webinar, Engineering Access Under the Hood: Identity and Access Management, held on Wednesday, November 1, 2017.
This presentation was provided by Judy Luther of Informed Strategies during the NISO webinar, Engineering Access Under the Hood, held on November 1, 2017
This presentation was provided by Heather Flanagan of RA21.org during the NISO Live Connections Event, Digital Libraries: Authentication, Access and Security for Information Resources, held on May 22-23, 2018 in Baltimore MD.
Service Providers within the UK Access Management FederationJISC.AM
Presentation at the JISC Access Management Transition Programme from Nicole Harris, JISC. This presentation gives an update on the status of Service Providers joining the UK Access Management Federation.
This presentation was provided by Rich Wenger of MIT during the NISO Live Connections event, Digital Libraries: Authentication, Access and Security of Information Resources, held on May 22-23, 2018 in Baltimore, MD.
Access Management for Libraries by John Paschoud & Masha GaribyanJISC.AM
This presentation explores the impact of the move towards federated access management on libraries, including a discussion of the Athens administrator role, changes to library processes and the impact on the end-user.
Phase two of OpenAthens SP evolution including OpenID connect optionEduserv
David Orrell, System Architect and Phil Leahy, Service Relationship Manager, talk about Phase II of the OpenAthens Cloud Service Provider project, and also about how OpenAthens is being used as an identity provider service in the corporate sector.
Introducing OpenAthens Cloud for content providersOpenAthens
Find out how your organisation can benefit from our new cloud-based OpenAthens Access product, built using next generation authentication technology OpenID Connect.
This presentation was provided by Amy Pawlowski of OhioLink and by Mark Beadles of OARnet during the NISO Live Connections event, Digital Libraries: Authentication, Access & Security of Information Resources, held on May 22-23, 2018 in Baltimore, MD.
This presentation was provided by Tim LLoyd of LibLynx during the NISO Live Connections event, Digital Libraries: Authentication, Access and Security of Information Resources, held on May 22-23, 2018 in Baltimore, MD.
This presentation was provided by Phil Leahy of Eduserv during the NISO webinar, Engineering Access Under the Hood: Identity and Access Management, held on Wednesday, November 1, 2017.
This presentation was provided by Judy Luther of Informed Strategies during the NISO webinar, Engineering Access Under the Hood, held on November 1, 2017
This presentation was provided by Heather Flanagan of RA21.org during the NISO Live Connections Event, Digital Libraries: Authentication, Access and Security for Information Resources, held on May 22-23, 2018 in Baltimore MD.
Service Providers within the UK Access Management FederationJISC.AM
Presentation at the JISC Access Management Transition Programme from Nicole Harris, JISC. This presentation gives an update on the status of Service Providers joining the UK Access Management Federation.
This presentation was provided by Rich Wenger of MIT during the NISO Live Connections event, Digital Libraries: Authentication, Access and Security of Information Resources, held on May 22-23, 2018 in Baltimore, MD.
Access Management for Libraries by John Paschoud & Masha GaribyanJISC.AM
This presentation explores the impact of the move towards federated access management on libraries, including a discussion of the Athens administrator role, changes to library processes and the impact on the end-user.
Phase two of OpenAthens SP evolution including OpenID connect optionEduserv
David Orrell, System Architect and Phil Leahy, Service Relationship Manager, talk about Phase II of the OpenAthens Cloud Service Provider project, and also about how OpenAthens is being used as an identity provider service in the corporate sector.
Introducing OpenAthens Cloud for content providersOpenAthens
Find out how your organisation can benefit from our new cloud-based OpenAthens Access product, built using next generation authentication technology OpenID Connect.
Heard about federated single sign-on but not sure what it is, how it works or what the benefits are? Our Back to Basics webinar explains in a simple, easy to follow presentation.
Webinar - Compliance with the Microsoft Cloud- 2017-04-19TechSoup
Everyone throws around the word compliance but how do you actually achieve that? In this free, 60-minute webinar Sam Chenkin from Tech Impact discusses achievable goals for the nonprofit community to keep their data safe with the Microsoft Cloud. We explore account security like two-factor authentication, data security like encryption, and how to make sure only compliant devices can access your data.
Security and Data Ownership in the Cloud
Andrew K. Pace, Executive Director, Networked Library Services, OCLC; Councilor-at-large, American Library Association
Authentication technologies have come a long way from IP recognition and EZ Proxy but most services have not addressed the poor user experience associated with off-campus access, particularly on mobile and tablet devices. In 2017 the conversation around streamlining remote access has moved on from talk to real solutions.
In this webinar Josh Howlett of Jisc will update us on the RA21 initiative, while Phil Leahy will explore why organisations are moving to managed identity management solutions and how OpenAthens has responded to publisher feedback with its new OpenAthens Cloud product.
Trends in Law Practice Management – Calculating the RisksNicole Garton
Presented by the CBA’s Legal Profession Assistance Conference, the Canadian Lawyers Insurance Association and the National Law Practice Management and Technology Section live via webconference.
The advantages of cloud computing, virtual or online law practices and unbundling of legal services are getting a lot of press – convenience to clients, reduced overhead expenses, remote access, and enhanced access to justice are among the benefits touted. But there are also very real and practical risks, and ethical implications, for each new tool or practice implemented. As these trends infiltrate legal practice in North America, lawyers and law firm leaders need to exercise due diligence to assess the potential risks and benefits.
Our panelists, Nicole Garton-Jones and David Bilinsky will provide a practical overview of these trends in law practice management. In doing so, they’ll provide you with tools to reduce the risk and identify the questions you need to ask yourself, as well as potential third party service providers, your insurers and your law society, when conducting your own risk-benefit analysis.
Register here: http://www.cba.org/pd/details_en.aspx?id=na_onfeb212
What Do Records Managers Need to Know About Open Source, Open Standards, Open...Cheryl McKinnon
What do records and information managers need to know about the Web's Three Os? Open Source, Open Standards and Open Data? ARMA Ottawa IM Days - Nov 28, 2012
OpenAthens Service Provider in the cloud: development update Eduserv
OpenAthens is developing its Service Provider software so it does not need to be installed on our customers' applications or platforms. The objective is to enable federated single sign on without exposing customers to many of the complexities of SAML. Access management will be controlled via an API into a hosted service using OpenID connect which is a modern, standards based authentication protocol.
The aims of this short webinar are:
- To update customers to the streamlining of our SP dashboard and our federation manager to improve the customer experience.
- Introduce the architectural framework that will underpin the extension of our service.
- Answer questions and receive feedback on the work from our key customers.
OA in the Library Collection: The Challenge of Identifying and Managing Open ...NASIG
Librarians, researchers, and the general public have largely embraced the concept of open access (OA). Yet, incorporating OA resources into existing discovery and tracking systems is often a complicated process. Open access material can be delivered through a variety of publishing or archival mechanisms, creating certain challenges, particularly for those managing e-resources. Although an increasing proportion of research output is becoming open access each year, organization and discovery of these resources remains imperfect.
The debate between the relative merits of Green and Gold OA is regularly discussed in academic circles but less attention is devoted towards Hybrid OA and the challenges inherent in this model. Most major publishers offer open access through one or more of these models, but open access metadata standards seem to be lacking among these content providers. The presenters will discuss some of these challenges identified in the literature and through other mechanisms, including data gathered by NISO and an original survey. By identifying these issues, the scholarly communication community can work together to improve discovery for end users.
Chris Bulock
Electronic Resources Librarian, SIUE Lovejoy Library
Chris is an Electronic Resources Librarian and NASIG member from the St. Louis area. His research and work are focused on improving the library user's experience. Chris is the recipient of the 2012 HARRASSOWITZ Charleston Conference Scholarship.
Nathan Hosburgh
Discovery & Systems Librarian, Rollins College
Nate Hosburgh is currently the Discovery & Systems Librarian at Rollins College in Winter Park, Florida as part of a revamped Collections & Systems department that includes ILL, collection development, acquisitions, systems, and technical services. Previously, he held positions managing e-resources at Montana State University and managing interlibrary loan & document delivery at Florida Institute of Technology in Melbourne
Webinar: Preserving user privacy and protecting online contentOpenAthens
Adam Snook, OpenAthens product manager, discusses preserving user privacy and protecting online content. Adam also explains RA21 and what federated single sign-on is.
D2L Brightspace Vendor Integrations: Technology and TerminologyD2L Barry
Presentation at 2019 D2L Connection at Normandale CC on April 5, 2019
D2L Brightspace Vendor Integrations: Technology and Terminology- Jonathan Werth, Minnesota State Colleges and Universities System Office
Similar to What can SAML / Shibboleth do for your institution? (20)
Library user experience report: Removing barriers in the search for knowledgeOpenAthens
We’re happy to announce the release of our new library user experience report! We worked with consultancy firm Digirati to talk in depth to academic library users across the globe about access to digital content. In this report we review the common challenges that users and researchers face and how they could be resolved.
Our report will be of interest to librarians, publishers and service providers, network operators, governments and anyone working in the area of remote access to digital content.
Read the report: https://www.openathens.net/blog/report-library-user-experience-2023/
Access interrupted? How changes in browser technology may impact researchers'...OpenAthens
The major browsers are working on some pretty fundamental changes to how they support access and identity on the web. These changes are driven by concerns around user privacy and meant to stop the unsanctioned tracking of users across the web. However, some browser functionalities that are used to track users, for example third-party cookies or recognition of IP addresses, are also used to support access pathways on the scholarly web – which means that it very likely that current access solutions for scholarly resources on the web will be impacted and will need to adapt to a ‘new normal’ that is currently being designed. In this brief talk, Hylke Koers talks about these developments in general and zoom in on emerging new technologies that offer new opportunities to support federated authentication to scholarly resources in the future.
Speaker: Hylke Koers, CIO, STM Solutions and chair, SeamlessAccess outreach committee
Access Lab 2020: Switching from EzProxy to OpenAthensOpenAthens
Access Lab 2020: Switching from EzProxy to OpenAthens: how and why one small urban university’s library elected to make the change and what it learnt
Joanna Kolendo, e-resources & reference librarian, Chicago State University, US
Access Lab 2020: From raw content assets to personalised, digital productsOpenAthens
Access Lab 2020 plenary: From raw content assets to personalised, digital products – how to modernise your knowledge for the digital age
– Sam Herbert, co-founder, 67 Bricks
Access Lab 2020: Saying ‘no’ the publisher’s personal data gathering – our ex...OpenAthens
Access Lab 2020: Saying ‘no’ the publisher’s personal data gathering – our experiences
Sally Hoadley, Jerome Farrell, Hannah Wise, University of Surrey
Access Lab 2020: Change of identity, loss of personalisation? OpenAthens
Access Lab 2020: Change of identity, loss of personalisation? The challenges and opportunities of personalisation in access management
Peter Reid, digital services librarian, Bath Spa University
Access Lab 2020: Context aware unified institutional knowledge services: an open architecture for digital libraries to offer a seamless user journey to content
Alvet Miranda, senior manager or South/West Asia, Oceania and Africa, EBSCO
OpenAthens Conference 2019: Three models for UX design OpenAthens
Dan Ramsden, creative director for user experience architecture, BBC.
Dan shares three models for how he thinks about and practices user centred design. He begins by sharing how Jesse James Garrett’s ‘Elements of User Experience’ got him started in the world of UX. He then talks about the ‘double diamond’ model of divergent and convergent design thinking, as well as his own interpretation – Dan’s Fish. He shares stories of how the BBC put the audience at the heart of everything they do. And talks about the dangers of creating ‘unintentional information architecture’. Every design decision is an opportunity to make things easier or more difficult for your users. Dan shares his thinking on how we can be more intentional and user centred as we design and create software systems and the experiences they enable.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
2. openathens.orgopenathens.org
Coming up
• The access management toolkit
• What is federated access management?
• Why is a federation involved?
• InCommon, the OpenAthens Federation and more
• Challenges and limitations
• What’s next?
4. openathens.orgopenathens.org
What is federated access management?
• Secure access to digital content and services via single
sign-on
• Authentication federated to the home organisation
• Individual accountability
• Permission- or role-based authorisation
• SAML encrypts and digitally signs all transactions
5. openathens.orgopenathens.org
How federated access management works
Standard processes to enable access to:
• Desktop or cloud office applications
• Network drives (filestores etc.)
• VLE and/or LMS
• Discovery tools
• Printer
• …and subscribed digital content
6. openathens.orgopenathens.org
InCommon, the OpenAthens Federation and more
• Academic/research federations nationally
• OpenAthens Federation for everyone else
• Funding is the key
• Benefits
• Common technical framework (with minor policy
differences)
• Wider distribution of implementation costs
7. openathens.orgopenathens.org
Why is a federation involved?
• SAML is not ‘plug’n’play’ technology
• Technical infrastructure and policy framework
• Integrate once, re-use for multiple products/ services
• Institutions can connect to any participating publisher
• Publishers can connect to any participating Institution
10. openathens.orgopenathens.org
Challenges and limitations
• SAML and Shibboleth are over 15 years old
• Access to IT resources
• Robust identity management processes
• Myths about SAML
• Network security
• Privacy
• Finding a scalable, truly cross-sector solution
12. openathens.orgopenathens.org
What’s next?
“It is time for a major commitment from the scholarly information ecosystem of
libraries, publishers, university IT, and intermediaries… to develop a single user
account for all scholarly e-resources. This account would not only provide
authentication via a researcher’s institutional credentials but also would be the
vehicle through which a variety of additional data-driven services could be provided
on an opt-in basis. The account itself as well as the data it contains would be under
the control of the researcher, and it would therefore travel with the researcher when
changing institutional affiliations.”
Meeting Researchers Where They Start: Roger Schonfeld, March 26, 2015
https://doi.org/10.18665/sr.241038
Security through obscurity: “Security experts have rejected this view as far back as 1851”
https://en.wikipedia.org/wiki/Security_through_obscurity
Institutional U/Ps have been shared as long as they have been available – SciHub is only the latest evidence of that.
Users automatically onboarded when their network account is created
Consistent, personalised user experience, creating more opportunities to discover, access and engage with content.
Easier to comply with restricted content licences
A users home organisation verifies their identity at log in and passes encrypted attribute data to the service provider who then authorises access to their content.
As the limits of IP recognition are increasingly exposed from both a usability and security point of view, so more secure standards such as SAML-based SSO are emerging as the best way to ensure services are protected against misuse. SAML brings a number of benefits.
It allows organisations to send information to content providers securely. By default, SAML digitally signs and encrypts all data sent in each direction. This helps to:
prevent fraudulent use or interception
keep all user information private, including their login details
SAML also gives organisations granular control over what attributes are exchanged with particular resources. So an organisation could pass a forename, surname and email to one publisher, but restrict all the others to seeing only their job role, or subject specialisation.
And of course that means it enables personalisation. Without personalisation, none of the benefits of a modern digital service are available, i.e. more engagement, attracting users to return, learning more about their needs and tailoring products accordingly.
That level of detail helps everyone. It helps content providers segment their products and direct it at particular users, and by providing greater transparency of how collections are being used, it helps an organisation make more informed purchase decisions.
And in these days of greater compliance requirements, SAML helps content providers and their customers conform to best practices which meet contractual expectations around securing access to information resources.
But most importantly, it provides a superior end-user experience regardless of whether they are accessing resources from within an institution’s network or on the go.
Here’s a typical scenario: when a new user enrols at a university or starts work at a new job, that organisation will have a process which automatically grants access to the internal and external resources they need to participate in their course or do their job.
That process applies the appropriate permissions and controls to ensure they can only access what they entitled to and will typically include access to their nearest printer, the network drives for access to the documents they need and increasingly, their organisation’s subscription content – all with a single username and password.
Your institutions' licence fees pay for everything a publisher uses, from paper clips to cleaning services to access management solutions. If driving users from multiple customers to a single access point is cheaper for service providers, it ought to be cheaper for institutions
The InCommon Federation is the U.S. education and research identity federation, providing a common framework for trusted shared management of access to online resources.
SAML 2.0 offers many different options on passing attributes, how to use PKI (certificates) and other implementation details
Most access management federations have broadly similar policies
Implementation differences are usually minor but each has to be coded for
So here is what we often see of how SAML is deployed between content providers and their customers. When a subscription is put in place, a content provider might say “we can connect via SAML if you like”.
[Publisher speaks to Customer One]
[Publisher speaks to Customer Two]
[and so on and so on]
[Customer One speaks to Publisher Two]
What you end up with is a series of parallel, single-use connections which can’t be re-used and which have to be individually managed. This is not an efficient model.
But every single one of those conversations requires a developer, not just for the publisher's platform but at the customer end too. If the organisation has limited technical resources, which is often the case with SAML, that task will be outside their technical comfort zone and they can struggle to complete the integration. That makes it both a difficult and expensive option for everyone. It’s already expensive for publishers simply because a developer is involved.
But even then, using SAML doesn’t guarantee a consistent and repeatable setup. I was copied into an email conversation between a content provider and their customer where over the course of a couple of weeks, five different user ID formats were considered for use in the SAML transaction.
Then I saw quotes such as:
“it doesn’t look like the NameID matches what we have on file”
“The difference was SAML ACS URL wasn’t capitalized. They have to match exactly”
After all of that, the user IDs had to be uploaded into the content provider’s platform before anyone could use it. So onboarding new users requires additional technical tasks.
I would ask two questions of those publishers:
Why are you asking your customers to perform technical setups for which the majority won’t have the expertise?
Shouldn’t you be allowing your developers to support and develop your core business, rather using than a technology with its own management overhead?
Let me be clear: this is federated access management, because authentication is federated to the subscribing organisation and they manage their own user records. However, as I previously said it is a series of parallel, single-use connections which can’t be re-used and have to be individually managed. That is not efficient.
But could a content provider's developers complete an integration task once, and then re-use that multiple times? The answer to that is: Yes.
The OpenAthens Federation allows content providers to integrate once, and re-use this for multiple customers.
SAML is heavyweight technology
Ongoing maintenance required
Specialist knowledge is in short supply
OIDC already seen as an alternative by some
Hospitals tend to have extremely locked down IT environments, some hospitals more than others…The hospital IT department does not care about the library. Hospitals already hooking their ADFS identity management layer into OAFed.
Federated access management works best when everything is hooked in but org-wide IDM strategy can be intimidating
OIDC or other emerging web services/APIs
Roger Schonfeld and others have been advocating this for some time – but the privacy issues remain
Concept of interoperability now well-established
OIDC or other emerging web services/APIs
Roger Schonfeld and others have been advocating this for some time – but the privacy issues remain
Concept of interoperability now well-established
Free ebook! Written by Kristina Botyriute, OpenAthens Lead Technical Pre-Sales Consultant, to help information professionals confidently address authentication issues and challenges.
The difference between authentication and authorisation
Web based authentication
IP address recognition
What SAML is and how it works
OpenID Connect
Basic troubleshooting