FAQ

  What is the RA21 project?

  • Resource Access for the 21st Century (RA21) is a joint STM and NISO initiative aimed at optimizing access protocols across key stakeholder groups, including (but not limited to!) publishers, librarians, campuses, vendors, and identity federation operators, with a goal of facilitating a simple user experience for users of scholarly information resources.

What are the goals of RA21?

  • RA21 seeks to explore potential alternatives to IP-based authentication for gaining access to scholarly information resources, and to develop best practices around the implementation of those alternatives.

What is in scope for RA21?

  • In scope is the creation of a set of recommended best practices around identity discovery and authentication, and engaging publishers, librarians, and other interested parties in the implementation of those best practices.

What is out of scope for RA21?

  • While the pilot programs are working with different tools to test out possible best practices, the RA21 project is not about building software tools or recommending specific products. It is also not about designing business models or providing legal advice around privacy.

How is RA21 governed?

  • While initiated by publishers as a task force of STM, the transition of RA21 into a joint STM/NISO initiative has just been finalized, following the completion of the NISO voting procedure on the matter. This change was made because RA21 will only succeed with cooperation from all parties  involved in providing access to scholarly information resources. RA21 is committed to ensuring all stakeholders are represented in governance of the project, and is currently in the process of inviting individuals from libraries, vendors, and the IAM community to join the steering committee..

How do you envision this working?

  • While RA21 is not wedded to any particular technology, all of the pilots defined so far are proposing to follow a federated authentication model, in which authentication of users is handled by the institution, and then confirmation of the user having been authenticated is transmitted to the publisher using a secure protocol such as SAML (Security Assertion Markup Language). This leaves the choice of how to authenticate the users to each institution: some may use their centralized campus directories, others may use library patron databases.

Does RA21 take into account user privacy?

  • User privacy is one of the guiding principles of RA21. The General Data Protection Regulation and the e-privacy regulation proposal arising from the EU provide a strong set of considerations that act as powerful input to the expectations of the project.
  • All of the currently proposed pilots make use of SAML federated authentication technology which has in-built mechanisms for preserving privacy. This puts the institution, and the user, fully in control of what personally identifiable information is disclosed to a resource provider via what are called “attribute release policies”. Typically, academic SAML Identity Providers provide unique, persistent, but opaque identifiers, which provides a way for publishers to personalize services for users without knowing the actual identity of the individual. Optionally, publishers may then ask for additional personal information from users via their normal registration processes, disclosing their privacy policies, in order to provide services which require the publisher to know the identity of the user, such as email alerts.

What is the relevance of RA21 to …

  • Users?

    • The RA21 project hopes to provide users with a seamless, customizable, and secure way to access scholarly information resources. By supporting federated login, users will be able to access content and services licensed by their institution from anywhere, from any device, from any starting point on the web, without having to either create multiple accounts or be restricted to the use of specific portals and proxy services.
    • In contrast to the current situation, users will benefit from a consistent, intuitive user experience across participating resources and platforms.
    • Users will be in charge of their privacy, having the control over what information to share to obtain more personalized services and a better user experience across platforms and devices.
  • Libraries?

    • Librarians currently have to constantly monitor and provide updated IP address information to multiple resource providers to ensure ongoing access for end users. RA21 seeks to remove the need for this time-consuming activity.
    • Off-site access management is currently complex and time consuming for librarians and and difficult for users to understand. RA21 aims to reduce the barriers to off-site access for users, thereby maximizing the use of the resources purchased by libraries.
    • RA21 aims to enable more granular reporting of usage to libraries, while allowing libraries to protect the identities of their users.
    • By having a more traceable access mechanism, librarians and publishers can work together to more easily and more quickly identify instances of illegal or fraudulent activity and undertake targeted resolution.
    • By moving away from IP-based access, libraries will be less subject to network perimeter intrusion and man-in-the-middle attacks on their IP address.
  • Publishers?

    • Publishers will have the opportunity, with a user’s consent, to provide a better, more customized experience.
    • Publishers will have the ability to provide granular and differentiated access for better reporting to governing bodies and customers.
    • Publishers will be able to work with purchasing departments to more carefully manage licensed access and together could quickly target any instances of fraudulent or illegal activity.
    • RA21 aims to increase the ability of publishers to ensure the integrity of content on both institutional and commercial platforms.
  • Identify federation operators?

    • Identity federation operators support the goals of privacy and security for their users. By minimizing account reuse and enabling various tools within the federated identity infrastructure to support security incident response, federations support an overall improvement in security. By supporting the ability to share only that an individual — without identifying who that individual is — was able to authenticate and may be entitled to specific resources, federations support preserving the privacy of the user.
    • RA21 seeks to provide a consistent, understandable user experience across a range of information resources typically used by academic institutions. By easing current complex access flows, and familiarizing users with the concept of federated authentication, federation operators will see more usage, and consequently more return on the investment made in implementing federated authentication infrastructure

How is federated access relevant in the world of open access publishing?

  • Librarians are responsible for providing access to a vast array of information sources, not just journals. Access to books, databases and other online resources and services will also be improved.
  • RA21 can also be implemented in manuscript submission systems, editorial review tools, pre-print servers, etc, easing the difficulties uses have today in managing multiple accounts and passwords for these tools, and potentially allowing usage reporting on the institutional level, supporting the reporting and compliance requirements of institutions.
  • At present, libraries have no way of measuring usage of freely available information resources by their patrons. Depending on the access mechanism selected, it may be possible for librarians to better understand the patterns of usage of their patrons /across all information resources.

How will RA21 deal with users who move from institution to institution over their career? Will they lose access to their saved searches, customizations, etc?

  • RA21 is aiming to solve the organizational association part of the access management problem by allowing users to authenticate using credentials issued by their institution. Separately, resource providers could allow accounts to be linked to multiple sets of individual credentials, potentially including social network credentials, to support portability of personal settings and preferences as the user moves from institution to institution.

What does this mean for the walk-in user at a library?

  • This is definitely an area which will need special attention. Using federated access does not imply using only login credentials. Institutions will be free to use different authentication methods for different classes of users. They could, for example, use smart cards, one-time access codes, certificates installed on library workstations, or even  continue to use the IP address authorization for on-site usage, or may transition to a guest account service. It is up to the library itself to make these decisions.

What’s the timeline for adoption of RA21?

  • RA21 is currently in pilot phase. We will be conducting a number of pilots this year which will culminate in a set of recommended best practices. These will be formalized through the NISO process (http://www.niso.org/publications/rp/). We hope to complete the pilot phase by the end of 2017, or early 2018.

What major publishers have agreed to adopt this model?

  • RA21 is currently in pilot phase. As such, there are no formal best practices to adopt as yet. However, a number of major academic publishers (The American Chemical Society, Elsevier, IEEE, Springer/Nature, Wiley) are actively participating in the pilots.

Is RA21 going to propose using one of the major commercial IAM systems like Google’s account system?

  • RA21 is not proposing to build any specific technology or solution. Rather, it will be developing recommended best practices for information resource providers and institutions to adopt. Some may choose to implement the recommended best practices directly themselves, however we expect many will also chose to use third-party service providers. There are also several vendors in this space, both those specializing in scholarly communications, and those more generally providing “Identity and Access Management” (IAM) technology and there are also well established open source projects such as Shibboleth.

How can I stay informed about RA21?

  • To receive regular news and updates about RA21, please fill in the ‘Contact Us’ form on this website.

How can I participate?

  • Participation is possible on a number of levels:
    • Active participation in the RA21 Academic Pilots is currently still open. Email Heather Flanagan, RA21 Pilot Coordinator (heather@RA21.org ) to express your interest and explore options.
    • Even if you are unable to actively participate in a pilot, it may be possible for your organization to be represented via the RA21 Advisory Board. Please contact Julia Wallace, RA21 Project Director (julia@RA21.org) to explore this possibility.]

What are the terms of participation?

  • RA21’s terms of participation are available on the website. Participants are required to work in an open and constructive manner. Findings, experiences and results are to be shared among all participants during and after the conclusion of a pilot. The collective results from all RA21 pilots are intended to be used to develop best practices which will be made publicly available.

How open is RA21? Will it be developing proprietary techniques or technology?

  • RA21 will not build a specific technical solution or an industry-wide authentication platform, but will seek to test and improve solutions.
  • As a community-based development effort, we seek to make the outcomes of this project freely and publicly available. All participants should read and accept the NISO Intellectual Property Rights Policy <http://www.niso.org/apps/group_public/download.php/13500/NISO_IPR_Policy_2013.pdf>, which calls for the Free, Reasonable and Non-Discriminatory (FRAND) release of intellectual property that is incorporated into the project’s final recommendation.

Why doesn’t RA21 require all tools and software employed in the pilot to be released open source?

  • We do not wish to exclude access management vendors from participating in the pilot, many of whom earn a living from providing access management software and services. However, we will not require the use of any proprietary tools or software in the final recommended best practices, which will be based on and/or extend existing open standards.