Categories
Federated Services Single-sign on Trust, Identity and Access Blogs

Federated access: why do I need it?

Image shows a woman typing on a laptop next to open journals suggesting she is student
Photo by Caroline Feelgood on Unsplash

One of the many impacts of the post-COVID 19 pandemic in the library space was the increase in demand for remote access to electronic resources. This, however, is not enough.

For libraries to get better engagement and more resource usage from their patrons, there is also the need for a high-quality user experience, where resources can be accessed securely and seamlessly, from any device, whether they’re on or off-site.

While evaluating options, organisations are currently faced with two main choices: IP/proxy recognition and SAML authentication.

Background

Historically, librarians and information managers used IP/proxy recognition so their users would have access to content. As technology evolved, a more refined and secure authentication method was developed: SAML.

SAML stands for Security Assertion Markup Language, and it is an open standard to aid secure single sign-on. Currently, the security issues with IP have been widely discussed, including initiatives such as RA21, which encourages institutions to move away from IP authentication.

Security and privacy

IP addresses are open to various methods of abuse and the lack of transparency makes accurate usage reporting difficult. IP access is location-based and it can be difficult to manage the secure access that resource licenses require, from a computer in the library or from individuals’ devices on the campus network. When a user logs in via IP, the service provider or publisher only knows that they are from that IP.

On the other hand, SAML passes selective information about a user to service providers from their identity provider — without giving out the user’s credentials. This makes SAML not only a more secure authentication method than IP, but it also guarantees the user’s privacy.

Making it easier for the library user

Users that are from institutions relying on IP access will probably not have as great a user experience in comparison to the patrons accessing resources through SAML. IP-based users might have issues accessing specific resources if they are not on campus or utilizing a VPN.

On top of that, IP-based authentication may not provide accurate usage data of resources to the library, even if the user doesn’t have issues in accessing them. In contrast, SAML authentication provides for seamless access to the library’s content from anywhere – ensuring more usage overall as well as accurate usage information.

The University of Melbourne’s discovery manager, Caroline Gauld, commented about her experience moving from IP-based authentication to OpenAthens’ SAML:

“People’s expectation of the internet is that they should remain logged in to their favourite sites. They expect a personal experience, as well as the ability to put something down, come back to it later, and find it there. When the proxy doesn’t recognize them or keep them logged in for a long period of time, users become frustrated with the experience.”

If you’d like to know more about moving from IP/proxy to federated access, you can check out the dedicated resource hub from OpenAthens for more educational content on the subject. You can also get in touch with us via contact@openathens.net

Further to this, you can read our blog post ‘Six problems solved by single sign-on in colleges and universities’

Leave a Reply

Your email address will not be published.