RA21 Project's impact on User Management

The STM Association – a trade association for academic and professional publishers – has started a project called RA21: Resource Access in the 21st Century. The project is a renewed approach to moving past network address recognition and proxy agents as a way of authenticating access to licensed content. I describe the RA21 effort in general on the Index Data blog, and I wanted to call out here some of the intersections with FOLIO.

RA21 is not building new technology. Rather, it seeks to get wider adoption of Shibboleth for all users – not just so called “off campus” users. With this push, there may be an increasing importance for FOLIO to leverage Shibboleth as a single sign-on mechanism for FOLIO apps. I’m not sure I see a role for FOLIO as a Shibboleth Identity Provider – that is, the mechanism by which users would “sign into” a remote website – but the RA21 work points to a need to have some identity provider on campus. It has been suggested that EZproxy has enough data that it could be an institution’s identity provider, so having FOLIO as an identity-provider-of-last-resort for institutions without one is possible. Part of RA21’s push is to help campuses bring up identity providers, so we may want to look at that.

More relevant to FOLIO, I think, is the desire to leverage Shibboleth to pass not only an assurance that the user is authorized to the licensed content but also attributes that can be a part of usage reports that come back to the libraries. I don’t think there is a way for COUNTER reports to express these attributes, so this might be a place where FOLIO can provide a platform for experimentation with changes to the standard.

This is an interesting idea, and I think has merit pursuing. I know we would like to have more granular usage statistics, while still protecting the privacy of the individual user. One thing that I wonder about is how this authentication works for walk-in users who may register with the library (or in some cases, may not), but under the current system have access to the resources from within the library although they have no institutional affiliation?

That is a good question, Kristin. It wasn’t brought up in the short meeting we had last week. It might be under consideration by others, but I’ll make sure that question gets injected into the conversation. Thanks!