<< Return to previous view
Chartered Institute of
Library and Information
Professionals
Search form
Advanced
Change Site Section
About RSS
About us
Branches
Information and Advice
Jobs & careers
Membership
Policy and advocacy
Publications
Qualifications and professional development
Special Interest Groups
Training, events & conferences
Home
Site directory
About CILIP
Member resources
Email news bulletins
LISA: Library and Information Science Abstracts
JIS and JOLIS Research Journals
Emerald Journals and Database Resources
Knowledge Management resources
Practical advice on diversity issues in libraries
LIS in politics blog
Personnel and Employment Resources from the Work Foundation
Practical questions and answers on CILIP Communities
Communities
CILIP communities
Branches
Groups
IFLA
Libex
CILIP Network of Expertise
A-Z Index
My profile
Login
Home
>
Publications
>
Update magazine
>
Archive & Indexes
>
Archive 2008
>
May
:
Towards the future: federated access management
PUBLICATIONS
Update magazine
Gazette
Buyers' Guide
Facet Publishing Bookshop
JIS and JOLIS research journals
Library and Information Science Abstracts (LISA)
Emerald journals and database resources
Information Research Watch International
Keeping Within the Law
Enlarge text size
Email a colleague
With Jisc’s funding of the Athens service finishing in July 2008, the transition to federated access management is one of the major changes on the horizon for UK academic libraries. Masha Garibyan looks at some challenges facing institutions that decide to adopt the new system.
Academic institutions around the globe need to manage access to a variety of internal and external online resources and services, such as proprietary journals and databases, the institution’s own resources and data etc. Often, restricted electronic information is made available via disparate systems and widely ranging access mechanisms.
In 2006 the Joint Information Systems Committee (Jisc) announced its plans to adopt a new-generation access management system for the UK higher and further education sectors, based on federated access management technologies.
The UK Joint Information Systems Committee (Jisc) has been supporting access management services for the UK HE/FE communities for many years. For more than 10 years Jisc has funded Athens, a centralised access management service that enables proprietary library resources to be accessed, provided by Eduserv. However, the need for more secure and simplified access to e-resources of all kinds, the support of complex e-learning and e-research collaborations and the need to allow institutions to take greater control over access to resources have led Jisc to investigate new technologies.
Over the last few years a new-generation access management architecture, based on federated technologies such as Shibboleth, has gained increasing international recognition.
The new architecture separates authentication from authorisation (hence, the name ‘federated’). Authentication is controlled by the user’s home institution, while authorisation is based on the user’s role(s) within the institution and controlled by the service provider (e.g. publisher).
A group of institutions and organisations that sign up to an agreed set of policies for exchanging information about users and resources to enable federated access and use of resources and services is called a federation.
In November 2006, Jisc and Becta launched the UK Access Management Federation. Jisc has invited all UK HE/FE institutions to join the UK federation and adopt federated access management technologies.
Jisc will stop funding Athens in July 2008. The Athens service will still be available after July 2008 but on a subscription basis.
Federated access management offers some major advantages. First, it allows users to access not just library resources, but a number of internal and external services while signing on only once. There is no need to administer and remember multiple usernames and passwords, as users can simply use their institutional username and password to access online resources and services they are entitled to. This meets institutional requirements for a single access management system for e-learning, e-research and library-managed resources.
Second, with federated access management it is also possible to enable fine-grain authorisation if it is permitted or required by the service provider. This means that it is possible to restrict access to a particular group of users, e.g. law students.
Third, federated access management technologies are based on international standards, and are already being used by a growing number of countries, e.g. the US, Switzerland, Finland, Australia and Germany. This offers opportunities for institutional collaboration across national borders and greater flexibility of access to online resources.
Joining the UK federation
The UK federation is free to join and now has more than 250 members, including colleges, universities, local authorities, regional broadband consortia, service providers and publishers. Jisc advises all UK academic institutions to join the UK federation, as some online resources will only be available via the UK federation after July 2008.
There are three basic ways in which an institution can participate in the UK federation and adopt the new technology.
1
Some institutions may choose to use open source software and in-house technical support. Jisc support is available for institutions that have chosen this option in a variety of forms, e.g. events, courses and documentation. Some smaller FE and HE institutions have also been able to apply for third party support in setting up federated access management within their college or university. The benefit of this approach is that it offers the institution full control of its access management solution. The cost of this option includes the institutional effort to implement federated software, join the UK federation and enhance institutional directories.
2
Institutions that would like to do an in-house implementation but either don’t have adequate in-house technical support or don’t wish to do the technical work themselves, can buy technical support from a third party provider. There are several to choose from. The benefit of this approach is support in implementing the preferred access management solution, while retaining full institutional control over the process. The costs include support from a third party supplier and institutional effort in liaison with the supplier and UK federation.
3
An institution may choose to subscribe to an outsourced ‘identity provider’ to work with the UK federation on the institution’s behalf, such as OpenAthens. The cost of choosing this option involves annual subscription costs to an external supplier and an internal administration role. This option requires minimum institutional effort.
It is important to note that any institution using commercial support or outsourced identity provision should ensure that ongoing compliance with the UK federation is included in the contract with the provider.
Jisc has recently produced a briefing for UK education institutions that want to adopt federated access management and join the UK federation, either by using paid-for support or by subscribing to an outsourced identity provider.
1
Publishers and service providers
Jisc is working with publishers and service providers to encourage them to join the UK federation. Many major service providers, such as Elsevier, have already joined and many others are planning to do so by July.
The Jisc Model Licence and NESLi2 Model Licence now ask service providers to adopt federated access management technologies and join the UK federation. All user groups defined in the Jisc Model Licences map directly to attributes used within the UK federation to ensure consistency of definitions across the UK educational community.
Jisc has recently invited smaller publishers to apply for third party technical support to help them adopt federated access management.
There is also every advantage in institutions contacting publishers directly, as direct expressions of interest from clients is a great help in encouraging publishers to join.
Change to transition arrangements
In July 2006 Jisc commissioned Eduserv to develop the Federation Gateway Services to enable interoperability between Athens and the UK federation. The gateways were intended as a temporary solution, while more publishers and service providers joined the federation. Regretfully, in January 2008 Jisc was unable to reach an agreement with Eduserv over the funding of the Gateway Services past July 2008.
Jisc has asked all UK academic libraries to send the Jisc Access Management Team a full list of all the resources and services they subscribe to and authentication methods used to access those resources, so that institutions can receive individual advice on the federation status of the resources they subscribe to.
There is a full list of the priority service providers and their federation status on the team’s blog,2 to help institutions monitor service provider progress. There is also a new discussion list for library staff (
Jisc-shibboleth-libraries@jiscmail.ac.uk
).
3
In view of the recent changes, Jisc has advised institutions that have adopted or plan to adopt federated access management to seek alternative access arrangements (e.g. ‘shibbolised’ EZProxy) for those resources that will not become federation-compliant by July 2008. Jisc has also been exploring alternative transitional arrangements and has been keeping the community informed with regular updates.
Federated access management
With federated access management, IT services staff are likely to take the overall responsibility for access management, while library staff concentrate on the library side of things, such as maintaining links, user education etc. This means that IT services and library staff have to work closely together to ensure a smooth and successful transition.
The first important step is to review the library’s situation. What resources does the library subscribe to? What are the licensing conditions for each resource, in regard to user groups and access permissions? What authentication methods are being used to access the resources (e.g. Athens, UK federation, IP address, IP proxy server etc)? How is all this information being stored and managed?
The easiest way to collate all this information is to use a database, such as Excel. The information can be appropriately updated, as service providers join the UK federation, and it will help the library manage user information. If the institution hasn’t yet decided on the preferred federated access management solution, this information can also be used as part of the institutional audit to inform the decision.
As with any project, planning is key to successful library implementation of federated access management. Likely action points for the library are to:
- consider the best access route for each resource
- plan a strategy for resources that are not members of the UK federation
- contact all federation-complaint service providers to ensure that the library is gaining access via the UK federation where appropriate
- appoint a dedicated contact for user queries
- review end-user information
- plan for library staff or other ‘friendly’ users to test information and links prepared for end-users
- plan staff awareness raising/training, if required.
It is also important to decide in advance how the plan is going to be implemented, in liaison with the IT department. The easiest way to do this is by drawing up a project plan, specifying timescales and resources, key stakeholders, contingency plans etc.
Concentrating on the user experience
Institutions often use more than one way to refer to an institutional login, e.g. ‘your institutional username and password’, ‘your institutional log-in’, ‘your network log-in’ etc. It is important that end-users understand what information they are required to enter when asked for a username and password. Jisc recommends that all institutions and service providers ask users to enter their ‘institutional log-in’ when asked for a username and password.
There has been some concern among academic libraries that the existing personalisation features (e.g. saved searches or email alerts), based on the old Athens login, will be lost when the library moves to federated access management.
Increasingly, publishers and service providers provide personalisation services for their federated access management users. An added advantage of using federated access management is that it allows service providers to personalise their service without being able to identify the actual user, which helps the institution to meet its responsibilities under data protection legislation.
If a user has already been using personalisation features, as an Athens user, it may be necessary for them to re-register these preferences after they first access a resource with a federated login. However, many service providers make personalisation features technology independent, so this may not apply to all Athens resources. Also, some resources, e.g. Zetoc, have enabled facilities for migrating existing Athens-enabled personalisation preferences.
Many libraries are taking the approach of embedding deep links into library portals and other web pages to make resource discovery easier for the end-user. Some service providers make it easier for libraries by providing an alternative ‘embedded link’, e.g. ScienceDirect.
It is always worth asking the service provider first but it is also possible to construct embedded URLs locally, and many libraries have already done so. For example, Simon McLeish of the LSE Library has written some instructions on how to construct embedded links.
Into the future
The moves to federated access management have propelled academic libraries into the forefront of matters related to identity management, ensuring seamless access to an ever widening range of online resources and services, both within and outside institutional and national boundaries.
They also call on libraries to work closely and strategically with IT departments to ensure that the benefits of federated access management are realised by users. The challenges in all this are significant, of course, but the opportunities are even greater.
References
1
Federation advice and support, including dedicated library implementation pages and the new Federated Access Management: Guide for Academic Libraries briefing paper, are available from the Jisc website (
www.jisc.ac.uk/federation
).
2
Jisc Access Management blog:
http://access.jiscinvolve.org/
3
Jiscmail lists (join at
www.jiscmail.ac.uk
)
Announcements:
Jisc-shibboleth-announce@jiscmail.ac.uk
Masha Garibyan (
m.garibyan@lse.ac.uk
) works at the London School of Economics & Political Science (LSE) as part of the LSE Library Projects Team. She also works for the Jisc Access Management Programme.
For further information please contact the Jisc Access Management Team (
Jisc-access-management@jiscmail.ac.uk
).
Updated: 28 April 2008