Embed Size (px)
Citation preview
Stellenbosch Library Symposium
15th November 2018
Jenny Walker, RA21 Corporate Pilot Project Co-ordinator
RA21: Resource Access for the 21st CenturySimple, Trusted Access—Anywhere, Anytime, on any Device
What is RA21?
• A joint STM and NISO initiative.• RA21 is aimed at optimizing access protocols across key
stakeholder groups, including publishers, librarians, vendors, and identity federation operators.
• RA21 was set up to facilitate a simple user experience (UX) for users of scholarly information resources
• The goal of RA21 is to develop best practices around the implementation of an alternative to IP authentication that improves the UX.
• More than 60 different organizations have been involved in RA21 since its inception in late 2016.
3
AbbVie PharmaceuticalsAmerican Medical Association / JAMAAmerican Chemical SocietyAmerican University American Psychological AssociationAssociation of Research Libraries American Society of Civil EngineersAtypon SystemsBASFBibliotheksservice-ZentrumBrill PublishersBrown UniversityCentre for Agriculture and BioscienceCarnegie Mellon UniversityClarivate AnalyticsCambridge University PressCopyright Clearance CenterDenver UniversityEBSCO Information ServicesEduservElsevier PublishingEmerald Publishing GroupErasumus University RotterdamETHZ
GEANTGlaxoSmithKline PharmaceuticalsHarvardHighwire PressHypothes.isIEEEInformed Strategies LLCInternet2Institute of Physics PublishingJISCJohns Hopkins UniversityKTH Royal Institute of TechnologyLiblynxMITMyUniDysNISONovartisOCLCOpen UniversityORCIDOpitcal Society of AmericaOxford University Press ProquestRinggold
Roche Holding AGGSage PublicationsSilverchair Information SystemsSpringer NatureSTMSUNETSwitchTaylor & Francis GroupThieme Medical PublishersTilburg UniversityUC DavisUniversiti Putra MalaysiaUniversity at BuffaloUniversity of BathUniversity of NottinghamUniversity of SurreyWileyWolters Kluwer Publishing
Corporate Subscriber
Academic Subscriber
Software/Service Provider
Publisher
RA21 Industry Participation
Why RA21?Simple access to content needs to be fixed, especially for off campus use:
• Scholarly content & services are increasingly being accessed from outside of corporate/campus networks
• Off-network access to e-resources has not kept pace with the consumer web (e.g. Google, Facebook, LinkedIn logins across multiple sites).
• Fully entitled end users are turning to alternative resources when off-campus (e.g. SciHub, etc.) because of ease of access.
• RA21 is the first step in the journey towards replacing the now outdated IP based access & authentication model.
4
Jan-1
2
Apr-
12
Jul-1
2
Oct-
12
Jan-1
3
Apr-
13
Jul-1
3
Oct-
13
Jan-1
4
Apr-
14
Jul-1
4
Oct-
14
Jan-1
5
Apr-
15
Jul-1
5
Oct-
15
Jan-1
6
Apr-
16
Jul-1
6
Oct-
16
Jan-1
7
Apr-
17
Jul-1
7
Oct-
17
Mobile Traffic in Visits
In the beginning..
• Early days of the internet
• No portable devices
• Static IP addresses
• Unspoken assumptions
Page 5
The march of technology
• Portable PCs, laptops, tablets, smart phones
• Non-static IP addresses
• Off-campus users
Page 6
Playing games
• Virtualization at multiple levels
• Pretending that nothing had changed
- VPN and proxy servers
Page 7
The bottom line
• The assumption that an IP address = a physical location = an authenticated, authorized user is false.
• IP filtering is about where a user is (which is completely obscured by proxy servers and VPNs), not who the user is.
Page 8
The bottom line
IP filtering
• Conflates IP address with location and identity.
• Creates proprietary portals, the opposite of modern Discovery practices.
• Is a maintenance nightmare.
• Is unsecure and easily exploitable.
- “Without IP filtering, Scihub could not exist”*
* Atypon presentation on Piracy at SSP conference in Boston, June 2017
Page 9
Two areas for action
IMPROVE THE USER EXPERIENCE.
RESPOND TO THE
SECURITY PROBLEMS.
10
Improving the user experience (UX)
• The point of referral for authentication should be located at the providers’ sites, not in library portals.
• Affiliation defaults should be preserved across browser sessions.
• All devices should be robustly supported.
11
Security needs:
• Focus on who the patron is, not where they are.
• Use institutional credentials.
• Arrest the proliferation of resource-specific useridsand passwords.
• Support Single-Signon SSO across all devices.
12
User Experience
P3W
RA21 Workstreams
13
Two technical pilots explored different implementation approaches
Two cross-cutting workstreams exploring topics common to both approaches
Privacy and Security
Corporate Pilot
WAYF Cloud
Pilot explored the needs of corporate segment
RA21 Current Status
14
Published in July 2018.
Corporate Pilot
WAYF Cloud
Work on pilots has concluded.Corporate Pilot report has been published.Academic Pilot report has been published.
- P3W architecture was selected.
Development continues, further round of testing November 2018
Published in July 2018.
The RA21 way forward
Federated Identity Management, robustly implemented by providers and subscribers
• SAML-based systems - Eg. OpenAthens, SAFIRE etc.
• Federated metadata.• Authentication referral at the point of need.• Use of institutional credentials.• Support for affiliation at multiple
institutions
15
Identity Providers(Home Institutions)
IdentityFederation
(SAFIRE)Federated Identity
Service Providers’ Web Sites
(Publishers)
https://safire.ac.za/safire/publications/sanlic-conference-2017-may-2017/
Why not just use Google?
• All the major social network platforms provide federated identities…
• … so why don’t we just use these?
• They all have one major drawback – they are self asserted
• This means you cannot trust any of the information
• This is often okay, but…
17
https://safire.ac.za/safire/publications/sanlic-conference-2017-may-2017/
Let’s Focus on User Experience
RA21 UX Challenge• Seeks to implement seamless, convenient access to scholarly content
while still preserving user privacy.
19
Typical Research Discovery Workflow On Campus
Researcher Workflow• But accessing content while off the campus or corporate network is
troublesome.
20
Typical Research Discovery Workflow Off Network
RA21 UX Challenge• Seeks to implement seamless, convenient access to scholarly content
while still preserving user privacy.
21
Typical Research Discovery Workflow Off Campus
Researcher Workflow• RA21 seeks to implement a consistent user experience regardless of
location or device used.
22
Typical Research Discovery Workflow Any Network
User experience off campus network
23
User experience off campus network
24
User experience off campus network
25
User experience off campus network
26
User experience off campus network
27
User experience off campus network
28
User experience off campus network
✓
29
RA21 UX Approach
• Informed by user feedback…..
• Over 50 usability tests with range of users (undergraduates, librarians, faculty, academic and corporate researchers, physicians) from 5 countries have helped validate the core UX hypothesis
33
Personas Workflows Prototypes User Testing
UX Recommendation Building Blocks
Consistent visual cue and call to action signals institutional access
1
UX Recommendation Building Blocks
Flexible and smart search • Search by institution name,
abbreviation or email• Typeahead matching and URL
2
UX Recommendation Building Blocks
Remembered institutionon next access3
Going forward
• RA21 provides a goal to work toward (for libraries and publishers), NOT an abrupt change
• Dual stack support for the foreseeable future
If we do this carefully and well, it should be minimally disruptive to users.
41
RA21 Roadmap
42
Q4 2018
Final UX verification Draft recommendations and open
consultation
(via NISO process)
Q1 2019
Final recommendations published
Recommendation for infrastructure operator
Q1/Q2 2019
STM hands over the lead of the project to NISO for adoption and
implementation
Creation of and involvement in Operational User Communities
For the remainder of 2018 and onwardsOngoing outreach engagement across key stakeholder communities
Visit: https://www.RA21.org
Contact:
43
Chris Shillum [email protected] Youngen [email protected]
Julia Wallace
•Program Director• [email protected]
Heather Flanagan
•Pilot Coordinator•[email protected]
