About thirty people traversed the bridge to the Sheraton Denver Downtown’s Silver room for the presentation on Resource Access for the 21st Century (RA21), a collaboration between the National Information Standards Organization (NISO) and Scientific, Technical, and Medical Publishers (STM). The presentation took place during the 2018 ALA Midwinter Meeting on Sunday, February 11. Todd Carpenter (director of NISO) presented for the first hour. His presentation slides are available on Slideshare.
Meanwhile at #alamw18 it’s the #ra21 update given by @TAC_NISO. Making scholarly content easier to access off campus through SAML/Shibboleth and an improved WAYF. https://t.co/6PMSXXYFsf pic.twitter.com/1qKmTu7TfB
— Daniel Ayala (@buddhake) February 11, 2018
Prior to RA21, the primary way in which users seeking access to content were authenticated was through their Internet Protocol (IP) Address; the reasoning was that anyone on the network had the authority to access resources licensed by the institution providing internet access. While this worked well in spaces with direct ethernet connections, such as offices and stationary workstations, now people access content from wherever they and their devices are located. Some people may even access content using a cellular network rather than WiFi. Increasingly, a different standard for user authentication is becoming necessary.
Authentication usually happens behind the scenes, so users are not aware of what is going on unless there is a problem. Then, users can rarely troubleshoot on their own. A login page will often ask users to specify their Identity Federation rather than their institution. Does Simmons College (for example) use Identity Commons or Shibboleth? Somebody probably knows, but your average student or faculty member does not. Furthermore, in the current system, there is no data on who uses what kind of resources, whether users find what they need and achieve their goals, and whether authentication is really private and secure.
The goal of RA21 is to provide a user experience similar to that already available on the wider web, such as when users sign in to an account using their social media account for authentication, though with greater protections for privacy than existing authentication providers such as OpenID or Google. Current RA21 pilot programs are using Security Attribute Markup Language (SAML) technology, wherein a third-party identity provider sends information to a publisher in the form of tokens, and a publisher receives some information about the user but not their identity. An institution can decide how thorough or minimal the tokens a publisher gets are, from just “this user may access this resource” all the way to sharing a user’s Social Security number, though the latter is, of course, not recommended. There are currently three pilot programs, one pharmaceutical company and two academic institutions.
The primary principles of RA21 are that the system must improve user experience, allowing users to access content from any location with greater privacy, security, and personalization, and that it must be open, so it cannot use proprietary software and must minimize implementation costs and ongoing maintenance. In 2018, the goals of RA21 are as follows:
- Begin user testing on the pilot programs’ technology.
- Draft recommendations regarding the pilot technology sometime around the summer of 2018.
- Move toward rolling out technology more broadly by end of year and in subsequent years.
- Publish as NISO recommended practice.
- Seek funding to support development to roll out in public.
- Perform education and training with the library community and distribute end user materials widely.
Carpenter clarified in response to an attendee question that NISO will publish RA21 as a recommended practice rather than a standard because the program is still in its early days; it will likely become a standard if the pilots succeed and a wider rollout is successful as well.
During the Q&A several attendees expressed concern, both in person and over Twitter, that RA21 will result in publishers locking down content or moving authentication from the institution to the patron. Carpenter asserted that neither of those concerns is likely to come to fruition, but did confess that not much work has been done on how public libraries would fit into the RA21 world.
Following the Q&A session, Carpenter invited Harish Maringanti (associate dean of IT and Digital Library Services at the University of Utah) and Jeff Kuntzman (head of library IT at the University of Colorado’s Health Sciences Library) to discuss how they managed resource access in their institutions.
While a long way from being an industry standard, the RA21 project addresses many problems institutions currently have with resource access, so it is worth keeping an eye on the pilot programs as they go forward.