E-resource Interoperability: Libraries moving to Federated Single Sign-On

Publishers more and more argue libraries for use of SSO to access their resources, instead of the widely used IP-based authentication. Still, many libraries hesitate to move away from IP-based authentication towards SSO with Federated Identity Management, although they could profit in terms of user satisfaction and cost efficiency. Researchers today work from many different locations, increasingly use research services and databases of many kinds. By deploying established standards, interoperability between libraries and user satisfaction will increase.

To summarize the benefits of SSO:

Libraries and publishers:

• better tailored contracts
• better statistics
• better way to lock and unlock persons when abuse occurs

Researchers and students:

• personalisation of services
• better control over personal data sent to providers
• easy and fast access avoiding to create a new account for each service

What is to be expected: Libraries are even pushed to use SSO. Several companies, as there are Gartner and Financial Times, are not allowing IP authentication anymore. This is trending and the world’s greatest publishers are working to improve SSO user experience (project RA21.org) in order to be able to implement it. Publishers like to ask personal information for the personification of their users on their websites. This is a great challenge for libraries because they want to protect their patrons and like to provide them anonymous access in the first place, which might be enriched afterwards with personal information by the user himself. Libraries need each other for making a policy such as a ‘minimal disclosure’ principle of exchanging personal information which should be compliant with the GDPR.

What has been done on the way to SSO:

The EC-funded AARC project reached out to the library community with three pilots:

1. Pilot demonstrating specific configuration of EZproxy which allows to bring library resources without native support of SSO into SSO environment. The pilot is in production in Moravian Library and works seamlessly with EBSCOhost, ProQuest Central, SpringerLink.
2. Pilot addressing the use case of library walkin users that generally do not use personal authentication, but public computers in the library’s network. Using the open source solution Shibboleth, a library can now handle IP-rangebased and more focused contracts with the same technology stack.
3. The second pilot was then enhanced in such a way that IP ranges and respective entitlements can be managed by the library or by a group of libraries via a dedicated web interface.

Another solution developed outside of AARC and in production at a German state library provides for enriching the user attributes it asserts to service providers with certain additional entitlements that depend on the network segment of the user’s client PC. This contribution will introduce in SSO and privacy and security, and describe the solutions mentioned in terms of use cases and advantages for libraries and their users.