JISC Federated Access Management Conference

I recently attended a useful JISC conference entitled Federating the next generation which looked at access management using tools such as Shibboleth and Open Athens to authenticate logins to publisher resources. There was also strong representation from Eduserv Athens – for example their new release of OpenAthens LA 2.0 includes not only a Shibboleth install package but also a single-sign on to Google Apps for each institution domain – free to existing subscribers!

Some librarians reported workflow issues when they switched from Athens to Shibboleth (it seemed for one institution that their IT department had simply installed it on a server and left the library to do all the testing of links!). Other libraries reported a smooth switch over and that they were continuing to use Athens to support non-standard users so adopting a hybrid approach.

Many publishers could not agree on standard login, and some were still not ready; a common solution for libraries was EZProxy which allow off-campus access to products that did not offer either Athens or Shibboleth access.

Successful approaches to identity management were obviously relevant here :  ‘Unless institutions have a much better grasp of who its external users are, its almost impossible for the library to sort out‘  - was one key quote for me. Apparently a Shibboleth server install can be done in 12 mins –according to one speaker – so its not just about how to set it up but how to use it eg who is logging on, what format/syntax of ID they are using, and where they are logging on from: these are the things that will impact the student experience the most, especially as commercial and educational applications of federated identity may converge more in the future. 

JISC have put all the presentations up at http://sites.google.com/site/jiscfam/ and these will be added to the main conference site too in due course.

Thoughts on publishers and where the challenge comes…

A key theme for me that seems to be emerging is the relationship of resources discovery product to the publishers’ content (eg the full-text articles). Solutions to this ‘problem’ – of how to search across publishers’ native databases and harvest content back from them seem to take different forms:  a company like ExLibris will for example still depend on their federated product product (Metalib - either hidden or overt) to search across publishers’ and aggregators’ databases using pre-written connectors, whilst companies like Serial Solutions will by-pass this stage and rely on Open-URL access to publisher’s metadata with a product like Summon, in the same way 360 Link can pick up an article reference from within a third-party A&I database . 

It is interesting that Summon is built using an open-source product  architecture – and ditching the need for a federated search back-end is quite a radical step forward into the cloud.  I’m wondering if this is related to their different approach to authentication: both Summon and Metalib seem to be ’authentication agnostic’ and could work with a variety of authentication systems: but ExLibris seems to prefer the ‘up-front’ password challenge as opposed to Serials Solutions who give you it the other way round: metadata first and only authenticate later.

Is it harder to integrate authentication, as opposed to searching for content, into an institutional login this way round? I don’t yet know as I think it depends what choices we make on identity management. Personally I’m drawn to the ‘up-front’ approach – even though the simplicity of what Serials Solutions are doing is very attractive, I prefer my password challenges at the beginning – rather than at the end of the process. What about others?