Publishers, researchers and libraries have relied on IP addresses to authorize content access for many years; but in today’s distributed environment, more effective solutions are needed to facilitate a seamless, intuitive and consistent user experience.
Single sign-on can significantly reduce the administrative burden on institutions and remove barriers to resource access.
For the consumers of scholarly resources, easy access is critical regardless of workflow, device or location. The underlying assumptions that led to the implementation of IP access are no longer valid; devices are not tied to one location and the user does not typically start their research at the company or institutional portal.
Introducing Resource Access for the 21st Century (RA21)
Publishers, libraries and other interested parties (like CCC) have come together in a recent initiative, Resource Access for the 21st Century (RA21), to work towards improved user access to subscribed content across a range of content platforms. RA21 is a joint initiative of STM and NISO.
Three RA21 pilot programs underway
Three pilot programs are currently underway—one focused on the business environment and two on the academic environment.
All three RA21 pilots propose the use of Federated Identity Management (FID) based on Security Assertion Markup Language (SAML) technology. SAML is an established standard for exchanging user authentication and authorization data.
A key aspect of this approach is the focus on the user’s identity rather than on their location. Regardless of whether the user starts their search at a publisher site or in Google Scholar, they are authenticated only when they need to access subscribed content. When users attempt to access a resource, it is their organization that authenticates them; and it does so by vouching for the user’s identity, whose personal information and credentials remains by default with their organization, thus preserving privacy. Single sign-on, through this use of only one username and password to access resources across different platforms, applications and locations, can significantly reduce the administrative burden on institutions and remove barriers to access.
Get more information on these pilot programs here.
The Corporate Pilot
The corporate pilot is now well underway and involves five pharmaceutical companies, all members of the Pharma Documentation Ring (P-D-R) and four large STM publishers. In May 2016, the P-D-R set out their requirements for authentication systems beyond IP. The corporate pilot seeks to address these and to demonstrate how the use of P-D-R companies’ corporate login credentials can be leveraged to provide the same type of seamless access to scholarly resources that today’s IP address authentication provides.
This pilot focuses on providing seamless access to publisher resources by authorized users using desktop or mobile devices outside the corporate network. These are the users who typically experience immense frustration from the long-winded login processes currently in place; we need to find a way of making that experience outside the corporate network as easy as it is from within it.
What’s in store for the future of RA21?
RA21 will not build a specific technical solution or industry-wide authentication platform. Rather, it aims to recommend new authentication solutions and explain the measures that stakeholders should undertake to implement them.
The pilots are due to be complete before the end of the year; after which work will begin on recommendations for best practices. If you are interested in receiving updates on RA21 developments, please complete the contact form.