Heard about federated single sign-on but not sure what it is, how it works or what the benefits are? Our Back to Basics webinar explains in a simple, easy to follow presentation.
Presentation given at the HEA Social Sciences learning and teaching summit 'Teaching ethics: The ethics of teaching'
A blog post outlining the issues discussed at the summit is available via http://bit.ly/1lndTnX
This talk was provided by Phil Leahy of OpenAthens during the NISO Live Connections event, Digital Libraries: Authentication, Access & Security of Information Resources, held on May 22-23, 2018 in Baltimore, MD.
This presentation was provided by Don Hamparian of OCLC during the two day NISO Live Connections event, Digital Libraries: Authentication, Access and Security of Information Resources, held on May 22-23, 2018 in Baltimore, MD.
Presentation given at the HEA Social Sciences learning and teaching summit 'Teaching ethics: The ethics of teaching'
A blog post outlining the issues discussed at the summit is available via http://bit.ly/1lndTnX
This talk was provided by Phil Leahy of OpenAthens during the NISO Live Connections event, Digital Libraries: Authentication, Access & Security of Information Resources, held on May 22-23, 2018 in Baltimore, MD.
This presentation was provided by Don Hamparian of OCLC during the two day NISO Live Connections event, Digital Libraries: Authentication, Access and Security of Information Resources, held on May 22-23, 2018 in Baltimore, MD.
Presented by Michael Victor, Abenet Yabowork, Jane Poole, Harrison Njamba, Erick Rutto and Peter Ballantyne at the ILRI open access week workshop, ILRI, Nairobi, 23-25 October 2019
NISO Two Day Virtual Conference:
Using the Web as an E-Content Distribution Platform:
Challenges and Opportunities
Oct 21-22, 2014
Maryann Martone, Ph.D., Professor of Neuroscience, University of California, San Diego
How you and your gateway can benefit from the services of the Science Gateway...Katherine Lawrence
January 2017 webinar of the Science Gateways Community Institute. Recording and additional details available at http://sciencegateways.org/upcoming-events/webinars/#previous
How can we mine, analyse and visualise the Social Web?
In this lecture, you will learn about mining social web data for analysis. Data preparation and gathering basic statistics on your data.
SGCI-URSSI-Sustainability in Research ComputingSandra Gesing
Sustainability in research computing has many facets such as funding and career paths for facilitators and research software engineers. The concern about sustainability is addressed in projects like the Science Gateways Community Institute (SGCI) and the conceptualization of the US Research Software Sustainability Institute (URSSI). Many further initiatives and projects are concerned with sustainability and the discussion at the ACI-REF VR Intermediate Workshop led to some consolidation ideas.
Chris Shillum's presentation entitled Overview of the RA21 Project presented at the Coalition for Networked Information (CNI) fall meeting in Washington, DC 12/13/16
“From Discovery to Fulfillment: Improving the User Experience at Every Stage.”Lynn Connaway
Cyr, Chris. 2019. “From Discovery to Fulfillment: Improving the User Experience at Every Stage.” Presented at the Congress of Information Professionals, October 29, 2019, Montreal, Canada.
Library user experience report: Removing barriers in the search for knowledgeOpenAthens
We’re happy to announce the release of our new library user experience report! We worked with consultancy firm Digirati to talk in depth to academic library users across the globe about access to digital content. In this report we review the common challenges that users and researchers face and how they could be resolved.
Our report will be of interest to librarians, publishers and service providers, network operators, governments and anyone working in the area of remote access to digital content.
Read the report: https://www.openathens.net/blog/report-library-user-experience-2023/
Presented by Michael Victor, Abenet Yabowork, Jane Poole, Harrison Njamba, Erick Rutto and Peter Ballantyne at the ILRI open access week workshop, ILRI, Nairobi, 23-25 October 2019
NISO Two Day Virtual Conference:
Using the Web as an E-Content Distribution Platform:
Challenges and Opportunities
Oct 21-22, 2014
Maryann Martone, Ph.D., Professor of Neuroscience, University of California, San Diego
How you and your gateway can benefit from the services of the Science Gateway...Katherine Lawrence
January 2017 webinar of the Science Gateways Community Institute. Recording and additional details available at http://sciencegateways.org/upcoming-events/webinars/#previous
How can we mine, analyse and visualise the Social Web?
In this lecture, you will learn about mining social web data for analysis. Data preparation and gathering basic statistics on your data.
SGCI-URSSI-Sustainability in Research ComputingSandra Gesing
Sustainability in research computing has many facets such as funding and career paths for facilitators and research software engineers. The concern about sustainability is addressed in projects like the Science Gateways Community Institute (SGCI) and the conceptualization of the US Research Software Sustainability Institute (URSSI). Many further initiatives and projects are concerned with sustainability and the discussion at the ACI-REF VR Intermediate Workshop led to some consolidation ideas.
Chris Shillum's presentation entitled Overview of the RA21 Project presented at the Coalition for Networked Information (CNI) fall meeting in Washington, DC 12/13/16
“From Discovery to Fulfillment: Improving the User Experience at Every Stage.”Lynn Connaway
Cyr, Chris. 2019. “From Discovery to Fulfillment: Improving the User Experience at Every Stage.” Presented at the Congress of Information Professionals, October 29, 2019, Montreal, Canada.
Library user experience report: Removing barriers in the search for knowledgeOpenAthens
We’re happy to announce the release of our new library user experience report! We worked with consultancy firm Digirati to talk in depth to academic library users across the globe about access to digital content. In this report we review the common challenges that users and researchers face and how they could be resolved.
Our report will be of interest to librarians, publishers and service providers, network operators, governments and anyone working in the area of remote access to digital content.
Read the report: https://www.openathens.net/blog/report-library-user-experience-2023/
Access interrupted? How changes in browser technology may impact researchers'...OpenAthens
The major browsers are working on some pretty fundamental changes to how they support access and identity on the web. These changes are driven by concerns around user privacy and meant to stop the unsanctioned tracking of users across the web. However, some browser functionalities that are used to track users, for example third-party cookies or recognition of IP addresses, are also used to support access pathways on the scholarly web – which means that it very likely that current access solutions for scholarly resources on the web will be impacted and will need to adapt to a ‘new normal’ that is currently being designed. In this brief talk, Hylke Koers talks about these developments in general and zoom in on emerging new technologies that offer new opportunities to support federated authentication to scholarly resources in the future.
Speaker: Hylke Koers, CIO, STM Solutions and chair, SeamlessAccess outreach committee
Access Lab 2020: Switching from EzProxy to OpenAthensOpenAthens
Access Lab 2020: Switching from EzProxy to OpenAthens: how and why one small urban university’s library elected to make the change and what it learnt
Joanna Kolendo, e-resources & reference librarian, Chicago State University, US
Access Lab 2020: From raw content assets to personalised, digital productsOpenAthens
Access Lab 2020 plenary: From raw content assets to personalised, digital products – how to modernise your knowledge for the digital age
– Sam Herbert, co-founder, 67 Bricks
Access Lab 2020: Saying ‘no’ the publisher’s personal data gathering – our ex...OpenAthens
Access Lab 2020: Saying ‘no’ the publisher’s personal data gathering – our experiences
Sally Hoadley, Jerome Farrell, Hannah Wise, University of Surrey
Access Lab 2020: Change of identity, loss of personalisation? OpenAthens
Access Lab 2020: Change of identity, loss of personalisation? The challenges and opportunities of personalisation in access management
Peter Reid, digital services librarian, Bath Spa University
Access Lab 2020: What OpenAthens can do for you: creative applications for th...OpenAthens
Access Lab 2020: What OpenAthens can do for you: creative applications for the academic library
– Scott Anderson & Krista Higham, Millersville University and Amanda Ferrante, product manager, authentication solutions, EBSCO
Access Lab 2020: Context aware unified institutional knowledge services: an open architecture for digital libraries to offer a seamless user journey to content
Alvet Miranda, senior manager or South/West Asia, Oceania and Africa, EBSCO
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Knowledge engineering: from people to machines and back
What is federated single sign-on?
1. Back to Basics: What is
federated single sign-on?
25 January 2023
Christos Skoutas, senior business development manager, OpenAthens
2. 2
Housekeeping
1. We are recording
2. Post speaker
questions in the Q&A
3. Post general
queries in the chat
4. Live transcript
is on
3. Back to Basics: What is
federated single sign-on?
25 January 2023
Christos Skoutas, senior business development manager, OpenAthens
4. 4
What we’ll cover
• Introduction
• What technologies are used in the
library/publishing space?
• What is federated single sign-on
technology?
• What are the benefits of this type of
technology for users/libraries/publishers
• Questions
7. 7
Proxy services
Photo by Devon Divine on Unsplash
• IP access outside the
campus is not available
• Proxy services deal with
off-campus access dilemma
• IP address is passed to the
publishers
8. 8
Covid-19 accelerated remote access to resources
Institutions update their
digital infrastructure to offer
remote learning to their
patrons
Emphasis on
technology to
maximize online and
hybrid learning
Remote access to
library resources
increased massively
9. 9
The problem with IP recognition
Photo by JESHOOTS.COM on Unsplash
• Authentication and
authorization
• User experience
• Maintenance
• Security
10. 10
Increased security risks during Covid-19
pandemic
https://www.theguardian.com/world/2020/nov/22/hackers-try-to-steal-covid-vaccine-secrets-in-intellectual-property-war
https://www.fiercepharma.com/pharma/not-just-astrazeneca-north-korean-hackers-targeted-5-other-covid-drug-developers-wsj
“In recent months, we’ve detected cyberattacks
from three nation-state actors targeting seven
prominent companies directly involved in
researching vaccines and treatments for Covid-19.”
Tom Burt, Corporate Vice President, Customer
Security & Trust, Microsoft
Not just AstraZeneca: Hackers
targeted 5 other COVID-19 drug
developers, vaccine cold chain
suppliers
Wall Street Journal
Academic institutions are not
well-resourced and defended,
and researchers have to be
educated about the risks
The Guardian
Hackers ‘try to steal
Covid vaccine secrets in
intellectual property war’
The Guardian
11. 11
Proxy services: a threat to researchers and
organizations
• Sci-Hub and other bad
actors exploit the sentiment
around open access to
research articles
• >90% of compromise is
through proxy services
Source: Elsevier data: April 2019-June 2020 https://www.youtube.com/watch?v=KqVo2Pj06dE
20. 20
User journey patterns
“Users have kind of pattern…they start in Google to get an idea of the keywords they will need and
the scale of the queries they may want to do and then, they go to more refine resources like
discovery tools, library catalogues, google scholar or specific disciplines databases”
Caroline Gauld, University of Melbourne (https://www.youtube.com/watch?v=SXCi515julE)
“People discover articles through search around 45% of the time. 55% of the time they are doing
something else. However, discovery via search has increased over time”
How Readers Discover Content in Scholarly Publications 2021, Gardner, T & al, Renew
Consultants
“Discovery is not as simple as ‘novice’ vs. ‘expert’(…) A professor in one discipline may, for
example, use Wikipedia or basic Google searches to familiarize themselves with a new topic just as
a new student might”
Resource Discovery@ The University of Oxford, Madsen, C & al, Athenaeum21 Consulting
Research
29. 29
Take aways from today
• Future-proof your
authentication systems
• Secure, resilient and
scalable solution in the
cloud
• Improves user experience
• Saves you time and money
Thank you Jane. Hello everybody and welcome to our webinar. Here is what I would like to cover today. For the people who don’t know me my name is Christos Skoutas and I have been working for OpenAthens for a few years now.
I would like to start the presentation with the main ways users have been accessing e-resources the last few years. Then, I will dive into what federated Single Sign-on is, how it came about, why it is important, and what benefits it brings to libraries, publishers, and users. At the end we will have some time for questions and further discussion.
Now, let’s start with what technologies users have been using to access content? When we say users, we mean students/researchers/professors, anybody who needs access to subscribed content online. What we mean by subscribed content is electronic journals/e-databases/ebooks, etc.
IP (Internet protocol) recognition is the most widely used technology and it goes back to 1974 as we can see here. Then in the 90s we had other technologies like VPNs, Athens (as we were called back then) and EZproxy. In 2002 a protocol called SAML (SAML stands for Security Assertion Mark-up Language) was introduced, and more recently other protocls like OpenID Connect came about.
IP recognition is an access method that was developed in the early 90s when almost all computers were located in the library. Back then we didn’t have any smartphones and very few people worked or studied remotely. IP addresses back then were static.
When technology advanced and mobile devices like laptops/tablets/mobile phones came about, access outside the campus wasn’t available. That’s when proxy services came in to solve that problem.
What IP Proxy services do is that they allow end users to appear to a publisher/content provider as if they were within the physical IP range of the subscribing institution despite the fact they were off campus. Many IP addresses are dynamic and constantly changing over time.
The increased use of laptops/smartphones/tablets made the IP recognition model unable to accommodate remote users. To solve this problem institutions started using proxy servers and VPNs. Proxy servers and VPNs aggregate individual user sessions behind a single institutional IP address. Since this address is within the range registered with the publisher, the aggregated connections are accepted.
Now, on top of the technological changes that happened the last 25 years, Covid accelerated this trend and highlighted the need for reliable systems to allow an increased number of remote users to access library resources. During the last 3 years, offering uninterrupted and secure access to e-resources to users based anywhere has become paramount.
Authentication and authorization. These words, authentication and authorisation can be tricky. Authentication is when someone asks the question tell me who you are. You need to prove your affiliation with the organisation. Then, the publisher will make an authorisation decision based on the information that is sent from the institution to the content provider. Authorisation answers the question what you can access.
The IP recognition model is constructed on the assumption that an IP address reliably indicates a user’s physical location. This was true back in the 90s but it isn’t now. The model assumes a physical location can be relied on to identify a legitimate authorised user. That means the model conflates IP addresses with location and identity. This is the reason I refer to this model as IP recognition and not IP authentication. The system works by recognising an IP address, not by authenticating an individual user.
Regarding User experience. IP recognition requires services like proxy servers or VPNs which require remote users to login to a library portal first, then navigate to online content. This is not a good experience since users cannot access content directly on publishers’ websites.
Maintenance. IP recognition is not easy to maintain. If the subscribing institutions IP address ranges change, then these changes must be coordinated with potentially hundreds of publishers. I experienced this problem first hand when I was working for publishers before joining OpenAthens. There were many times that libraries contacted me to update their IP address urgently because their students didn’t have access due to the changing of IP addresses. Another thing we are hearing from librarians is that it is very time consuming to manage these proxy servers. This doesn’t allow them to spend time for more important things such as helping users with their research, looking to purchase more content or replace the resources they subscribe to, etc.
In terms of Security
IP recognition is highly insecure. IP addresses can be easily spoofed and the institutional networks can be penetrated for illicit downloading. Since IP recognition has no facility for authenticating and authorizing users it’s highly vulnerable for misuse.
We also saw that hacking attempts were increased during Covid the last 3 years since hackers targeted research institutions on a global scale.
Research by one of the biggest publishers found out that more than 90% of compromise is through proxy services. When users find it difficult or complicated to access content they go to places like Sci-Hub. For anyone who doesn’t know what Sci-Hub is, it is an illegal site that gets users to share institution login credentials for access to scholarly research platforms. They steal and openly share login credentials on the dark web and COVID-19 has accelerated the need for increased remote access, increasing security risk
As we saw on the timeline slide earlier there is a protocol called SAML (Security Assertion of Mark-up Language) that was designed for authentication and solves some of the problems the IP recognition causes. But before we talk about SAML and federated authentication I would like to clarify what we mean by single sign-on.
Without a single sign-on system, users need multiple usernames and passwords to access e-journals/e-databases/e-books and other library systems. This is not ideal especially in an online environment where users’ attention span is very short.
Single sign-on solves that problem and offers a much better experience. With one username/password users can access multiple resources as you can see in the diagram above.
As we saw previously SAML started in 2002 and it was designed specifically for authentication –SAML certify users identity.
Also, SAML is a standard that is used to exchange information (what we call attributes in SAML) about users with the resources they are accessing while keeping their login details private. SAML is well-established and widely-deployed and uses industry standards and best-practice to digitally sign and encrypt messages to prevent fraudulent use or interception by attackers. Also, most SAML-based systems, allow granular control over what attributes are exchanged with particular resources. This makes SAML not only a more secure alternative to IP recognition but also a more flexible framework for Single Sign-On for many different scenarios
The concept of federated identity management was invented in the research and academic community more than 20 years ago. Alongside the technology, a model for building a fabric of trust has been established, based around the idea of identity management federations.
To join a federation, which are typically organized geographically, identity providers and service providers must agree to a set of practices and policies.
You have an institution on one side, and a content provider/publisher on the other side.
Federations play an important role in ensuring that standards are being met by Identity Providers and Service Providers alike and that we can trust each other.
Federated access is the concept where registered publishers or service providers and institutions put their metadata in the same place. This way publishers and institutions do not need to establish lots of one-to-one connections that they have to maintain. We talked about SAML being the international standard for authentication, but why we need federations in the first place? Can’t we just use SAML?
Firstly, SAML is not a plug and play technology. You could task 5 developers to build a set of SAML tools and they would not all operate the same way. Federations were created so that everyone involved adheres to the same policy framework, and technical infrastructure and standards. The key thing about SAML in a federated environment is the deploy once reused multiple times model. It is fully scalable.
So, an institution can connect to any publisher that is a member of its federation but more importantly a publisher can deploy once and connect to any participating institution within that same federation.
We noticed that demand from libraries around the world for a secure and modern single sign-on system has increased substantially the last few years. Federated authentication came to the front since it meets lots of libraries and publishers’ criteria. Let’s have a closer look at the specific benefits of federated single sign-on. I would like to start with how the user experience looks like.
Federated single sign-on offers a more seamless access especially for remote users.
Things have changed especially the last few years. Access to library resources from anywhere and on any device has become imperative. Also, products and services such as Google/Netflix/Amazon/Facebook have redefined users’ expectations.
Research shows that users nowadays start their journey on Google or Google scholar rather than from the library’s portal. That creates all sort of problems especially if libraries rely on IP recognition to allow access to their subscribed e-resources.
With federated single sign-on users are able to start their search on google or Google scholar and access the content they are looking for with a few clicks. The screenshot here shows that particular scenario. The user looks for an article on Google scholar.
When they find that article they click on the link that can take them to the publisher’s website.
And on the publisher’s website they can access that article via their institutional login button as we can see. It’s a very easy process and one that users are familiar with since it resembles similar patterns when users try to access other services on internet. With IP recognition the user has to start their journey on the library’s portal, which is not ideal since we saw previously that a substantial percentage of users start their research on Google or Google scholar. The increase of remote users due to the pandemic the last 3 years highlighted this functionality and the benefit federated Single Sign-on brings to the end users.
Moving on I would like to delve into how federated single sign-on can benefit libraries. Talking to librarians from different parts of the world we can see that they face challenges when they are looking into what access systems they need to implement. Offering their users the best experience when they access library e-resources is very important. We saw in the previous slide how this is achieved by using a federated single sign-on system.
Another challenge librarians face is the maintenance of IP addresses/proxy servers. Very often we hear that libraries have one person working full-time to manage their proxy server. I was in India back in September and a librarian from an academic institution was telling me that because their IT department changed their IP addresses she had to contact all the publishers they subscribed to every year so that they update their system with the new IP addresses. She said that this was very time consuming and not a good use of her time.
In terms of efficiency and cost, SAML is a more stable technology and the most modern authentication system available. The ongoing maintenance required is low while a proxy system requires regular, ongoing maintenance as resources change and proxy configurations need updating.
Now, some people may wonder that’s fine, but why can’t we use one to one SAML connections?
I included a diagram here to show how it looks when institutions use 1:1 connections.
1:1 connections require more technical involvement to set up and maintain. Libraries that are non-technical/or lack the resources/man power, they need the support of their IT team to set up and maintain direct SAML connections.
The concept of federated authentication reduces the need for one to one connections. In practical terms what happens for example with OpenAthens federation is that we manage all the connections in the Federation so if something needs to be updated (say a security certificate from a publisher) then we’re able to work with the publisher to have that work completed, with the minimal amount of impact. A single change is made centrally and all Federation members benefit, rather than each library managing their own connections and fixing things independently.
Regarding security, IP addresses are easier to spoof while SAML provides a strong set of security tools & policies. With SAML, unauthorised activity is identified early, and user account is blocked. Also, access for other users is not impacted in contrast with IP recognition in which publishers block IPs and users, and an entire university could be without access for hours or even days. We had examples of universities that had incidents every week when they were using a proxy solution and that was one of the reasons they moved to OpenAthens.
Federated authentication also preserves user privacy by using persistent opaque identifiers which can only be decoded by the subscribing institution.
We talked how a federated Single Sign-on system can help users and libraries. But what about publishers? Publishers have been adopting federated authentication the last few years for a few reasons:
Firstly, publishers want users to be able to get to their content from anywhere on any device seamlessly. Another thing publishers like about federated authentication is that it’s more secure than IP and more suited to protect their content.
Now, you may ask, that’s ok but why we don’t use SAML one to one connections or what we call bilateral connections? The reason is that 1-1 connections lead to higher overheads. They require more technical involvement to set up and maintain direct SAML connections as we mentioned previously. Publishers need to liaise with the library and IT team with every library customer that needs a 1:1 SAML connection. This task is technical and very time consuming. Any changes to certificates or metadata can disrupt services for library customers. And any disruption to service could result in poor relationship with library customer and their patrons.
I would like to end the presentation with some of the things I would like you to take from this talk today. Federated authentication is the best technology we have at the moment and it looks like it will be with us for the next few years. Publishers and libraries all around the world are moving away from IP recognition and the pandemic accelerated this trend the last 3 years.
Federated single sign-on is based on a robust reliable infrastructure that improves the user experience within a highly secure environment.
Thank you very much and I think we have some time for questions. Jane, do we have any questions