The world of seamless access to scholarly content has a problem: current methods of access fail the tests of scalability, support for user privacy, and interoperability. In our recent statement regarding the growth of access brokers in the library and publishing markets, RA21 explains that by using open standards and building upon years of best practice in the identity management community, we can create a solution which preserves privacy and ensures security while dramatically improving the experience for users.
RA21 is based on the belief that using federated identity—a system that relies on a home organization such as a university or employing corporation to handle the identity and access management (IAM) needs for their users— is better for the user than the use of a patchwork of VPNs, proxy servers, or access broker services. In order to make federated identity practical, however, the user experience needs significant improvement.
Testing out technologies
In a federated identity scenario, the user journey bridges across two parties: the party providing the service (e.g., a publisher) and the party vouching for the identity of the person attempting to access the service (e.g., a university or corporation). Previous attempts at creating a user experience across these two parties have proven cumbersome because each service provider site has crafted their own way of directing the user back to his/her home institution where a login can be performed. RA21 recognized that by standardising elements of the user interface, and remembering the user’s home institution in a privacy-preserving manner across service providers, a far more streamlined user experience could be created.
RA21 had three pilots, one corporate and two academic, that explored potential technologies that would enable these steps, and reviewed the user experience, security, and privacy characteristics of each technology. The corporate pilot reviewed the possibilities around using an identity federation for the Pharmaceutical Documentation Ring (P-D-R) companies, including the associated user experience and potential for reporting. A short report from that pilot will be made available soon.
The academic pilots worked with new and developing technologies to determine the best model from the perspectives of user experience, user privacy, and overall security. Both pilots developed reference architectures for how to implement a persistent user choice, allowing for an identity discovery service as an optional component in the platforms.
The pilots then went through a stringent security evaluation and comparison such that the project could confidently say “this is the best path forward.” Both the evaluation and the comparison are publicly available on the RA21 website.
With the conclusion of the pilot evaluation, the remaining work of the project focuses on polishing the recommendations for the user experience, writing up the best practices and submitting them to NISO for public comment and publication, and establishing the governance of a future service that would build on RA21 guidelines.
RA21 believes that an open, multistakeholder governance model must be established to take the recommendations forward. The coordinating entity or entities must be neutral, non-profit organizations which represent their stakeholder communities, and must be prepared to work with librarians, publishers, vendors, and federation operators to balance the needs of all sectors. Further discussions regarding the future of the central service will take place later this year.
As for the user experience, you can see the direction of this work in the latest RA21 webinar, the RA21 Project Update and User Experience Report, recorded on 23 August 2018.