ra21: resource access for the 21 century...stellenbosch library symposium 15th november 2018 jenny...

Stellenbosch Library Symposium

15th November 2018

Jenny Walker, RA21 Corporate Pilot Project Co-ordinator

RA21: Resource Access for the 21st CenturySimple, Trusted Access—Anywhere, Anytime, on any Device

What is RA21?

• A joint STM and NISO initiative.• RA21 is aimed at optimizing access protocols across key

stakeholder groups, including publishers, librarians, vendors, and identity federation operators.

• RA21 was set up to facilitate a simple user experience (UX) for users of scholarly information resources

• The goal of RA21 is to develop best practices around the implementation of an alternative to IP authentication that improves the UX.

• More than 60 different organizations have been involved in RA21 since its inception in late 2016.

3

AbbVie PharmaceuticalsAmerican Medical Association / JAMAAmerican Chemical SocietyAmerican University American Psychological AssociationAssociation of Research Libraries American Society of Civil EngineersAtypon SystemsBASFBibliotheksservice-ZentrumBrill PublishersBrown UniversityCentre for Agriculture and BioscienceCarnegie Mellon UniversityClarivate AnalyticsCambridge University PressCopyright Clearance CenterDenver UniversityEBSCO Information ServicesEduservElsevier PublishingEmerald Publishing GroupErasumus University RotterdamETHZ

GEANTGlaxoSmithKline PharmaceuticalsHarvardHighwire PressHypothes.isIEEEInformed Strategies LLCInternet2Institute of Physics PublishingJISCJohns Hopkins UniversityKTH Royal Institute of TechnologyLiblynxMITMyUniDysNISONovartisOCLCOpen UniversityORCIDOpitcal Society of AmericaOxford University Press ProquestRinggold

Roche Holding AGGSage PublicationsSilverchair Information SystemsSpringer NatureSTMSUNETSwitchTaylor & Francis GroupThieme Medical PublishersTilburg UniversityUC DavisUniversiti Putra MalaysiaUniversity at BuffaloUniversity of BathUniversity of NottinghamUniversity of SurreyWileyWolters Kluwer Publishing

Corporate Subscriber

Academic Subscriber

Software/Service Provider

Publisher

RA21 Industry Participation

Why RA21?Simple access to content needs to be fixed, especially for off campus use:

• Scholarly content & services are increasingly being accessed from outside of corporate/campus networks

• Off-network access to e-resources has not kept pace with the consumer web (e.g. Google, Facebook, LinkedIn logins across multiple sites).

• Fully entitled end users are turning to alternative resources when off-campus (e.g. SciHub, etc.) because of ease of access.

• RA21 is the first step in the journey towards replacing the now outdated IP based access & authentication model.

4

Jan-1

2

Apr-

12

Jul-1

2

Oct-

12

Jan-1

3

Apr-

13

Jul-1

3

Oct-

13

Jan-1

4

Apr-

14

Jul-1

4

Oct-

14

Jan-1

5

Apr-

15

Jul-1

5

Oct-

15

Jan-1

6

Apr-

16

Jul-1

6

Oct-

16

Jan-1

7

Apr-

17

Jul-1

7

Oct-

17

Mobile Traffic in Visits

In the beginning..

• Early days of the internet

• No portable devices

• Static IP addresses

• Unspoken assumptions

Page 5

The march of technology

• Portable PCs, laptops, tablets, smart phones

• Non-static IP addresses

• Off-campus users

Page 6

Playing games

• Virtualization at multiple levels

• Pretending that nothing had changed

- VPN and proxy servers

Page 7

The bottom line

• The assumption that an IP address = a physical location = an authenticated, authorized user is false.

• IP filtering is about where a user is (which is completely obscured by proxy servers and VPNs), not who the user is.

Page 8

The bottom line

IP filtering

• Conflates IP address with location and identity.

• Creates proprietary portals, the opposite of modern Discovery practices.

• Is a maintenance nightmare.

• Is unsecure and easily exploitable.

- “Without IP filtering, Scihub could not exist”*

* Atypon presentation on Piracy at SSP conference in Boston, June 2017

Page 9

Two areas for action

IMPROVE THE USER EXPERIENCE.

RESPOND TO THE

SECURITY PROBLEMS.

10

Improving the user experience (UX)

• The point of referral for authentication should be located at the providers’ sites, not in library portals.

• Affiliation defaults should be preserved across browser sessions.

• All devices should be robustly supported.

11

Security needs:

• Focus on who the patron is, not where they are.

• Use institutional credentials.

• Arrest the proliferation of resource-specific useridsand passwords.

• Support Single-Signon SSO across all devices.

12

User Experience

P3W

RA21 Workstreams

13

Two technical pilots explored different implementation approaches

Two cross-cutting workstreams exploring topics common to both approaches

Privacy and Security

Corporate Pilot

WAYF Cloud

Pilot explored the needs of corporate segment

RA21 Current Status

14

Published in July 2018.

Corporate Pilot

WAYF Cloud

Work on pilots has concluded.Corporate Pilot report has been published.Academic Pilot report has been published.

- P3W architecture was selected.

Development continues, further round of testing November 2018

Published in July 2018.

The RA21 way forward

Federated Identity Management, robustly implemented by providers and subscribers

• SAML-based systems - Eg. OpenAthens, SAFIRE etc.

• Federated metadata.• Authentication referral at the point of need.• Use of institutional credentials.• Support for affiliation at multiple

institutions

15

Identity Providers(Home Institutions)

IdentityFederation

(SAFIRE)Federated Identity

Service Providers’ Web Sites

(Publishers)

https://safire.ac.za/safire/publications/sanlic-conference-2017-may-2017/

Why not just use Google?

• All the major social network platforms provide federated identities…

• … so why don’t we just use these?

• They all have one major drawback – they are self asserted

• This means you cannot trust any of the information

• This is often okay, but…

17

donald.trump17@gmail.com

https://safire.ac.za/safire/publications/sanlic-conference-2017-may-2017/

Let’s Focus on User Experience

RA21 UX Challenge• Seeks to implement seamless, convenient access to scholarly content

while still preserving user privacy.

19

Typical Research Discovery Workflow On Campus

Researcher Workflow• But accessing content while off the campus or corporate network is

troublesome.

20

Typical Research Discovery Workflow Off Network

RA21 UX Challenge• Seeks to implement seamless, convenient access to scholarly content

while still preserving user privacy.

21

Typical Research Discovery Workflow Off Campus

Researcher Workflow• RA21 seeks to implement a consistent user experience regardless of

location or device used.

22

Typical Research Discovery Workflow Any Network

User experience off campus network

23

User experience off campus network

24

User experience off campus network

25

User experience off campus network

26

User experience off campus network

27

User experience off campus network

28

User experience off campus network

✓

29

RA21 UX Approach

• Informed by user feedback…..

• Over 50 usability tests with range of users (undergraduates, librarians, faculty, academic and corporate researchers, physicians) from 5 countries have helped validate the core UX hypothesis

33

Personas Workflows Prototypes User Testing

UX Recommendation Building Blocks

Consistent visual cue and call to action signals institutional access

1

UX Recommendation Building Blocks

Flexible and smart search • Search by institution name,

abbreviation or email• Typeahead matching and URL

2

UX Recommendation Building Blocks

Remembered institutionon next access3

Going forward

• RA21 provides a goal to work toward (for libraries and publishers), NOT an abrupt change

• Dual stack support for the foreseeable future

If we do this carefully and well, it should be minimally disruptive to users.

41

RA21 Roadmap

42

Q4 2018

Final UX verification Draft recommendations and open

consultation

(via NISO process)

Q1 2019

Final recommendations published

Recommendation for infrastructure operator

Q1/Q2 2019

STM hands over the lead of the project to NISO for adoption and

implementation

Creation of and involvement in Operational User Communities

For the remainder of 2018 and onwardsOngoing outreach engagement across key stakeholder communities

Visit: https://www.RA21.org

Contact:

43

Chris Shillum c.shillum@elsevier.comRalph Youngen ryoungen@acs.org

Julia Wallace

•Program Director• Julia@RA21.org

Heather Flanagan

•Pilot Coordinator•Heather@RA21.org