Access and identity management: getting ahead of the curve

Share this on social media:

It’s well acknowledged that the library is no longer the starting point of the research process1.

As research becomes increasingly done on academics’, students’, and staff’s own time, the role of the Systems Librarian – with the responsibility of maintaining and providing access to electronic resources – becomes ever more important. In December 2014, OpenAthens sponsored a survey of librarians’ experiences and perceptions of identity and access management, which raised the concept of being ‘ahead of the curve’ at their home institution with regards to identity and access management. TBI recently went back to some of these librarians to find out what being ahead of this curve looks like to them, and any lessons and experiences which could help other institutions overcome some of those shared obstacles.

The curve, defined
Identity and access management is multifaceted; every institution faces its own challenges that are unique to its situation, from trying to bridge isolated networks with their own security protocols, to working with a multitude of vendor platforms, each with their own configuration complexities.

However, our discussions with 10 librarians from the UK and the USA revealed a single common goal that defines whether an institution can be classed as being ahead of the curve: providing users with a single login that grants access to any resource, irrespective of device or physical location. Needless to say, this comes with significant technical and infrastructure challenges to master, not least of which is a new skillset for library staff: an in-depth knowledge of how to configure their IAM systems and discovery portals, and a firm grasp of terminology that appears occasionally impenetrable for those outside the field, are prerequisites for anyone who needs to set up or maintain access to electronic resources on behalf of their users.

Listservs and virtual groups exist to share this knowledge, but some of our interviewees expressed concerns that potential or current employers could view such conversations as indicating a lack of knowledge amongst staff. Being ahead of curve means not only knowing what needs to be done, then, but also the limitations of one’s own knowledge and who can be approached for advice when inevitable technical hitches occur.

Other interviewees believed that the curve denoted the provision of access to all the resources required by the breadth of their user base, particularly in the case of journal articles where it is a financial impossibility for an institution to subscribe to every title that may be of relevance to their users. With inter-library loan it’s feasible for a library to provide almost every article or book a user might need, albeit with a time delay for document delivery; but even in cases where a wide variety of resources are available, there is the difficult task of bringing them to users’ attention.

Some institutions maintain lists of journals that the library subscribes to, but our interviewees voiced suspicions that these were not frequently referred to as they are outside of users’ normal information seeking workflows – and that access federation logins on publishers’ sites can obfuscate, rather than streamline, access to content, as users frequently assume the prompt implies that their institution holds a subscription, only to be further denied access once they’ve navigated 'Where are You From' (WAYF) systems. Addressing this has been a priority for many identity and access management systems, including OpenAthens’ new ‘Redirector’ feature2.

Crossing over
User confusion such as this is a sign that a system needs more work, and this goes some way to explaining the drive towards single sign on solutions, with some interviewees providing anecdotes of staff struggling with multiple login details as part of their workflow (for example, one login for the institutional network and another for particular library resources). Our librarians also highlighted the challenge of ensuring students are receiving information literacy training – as echoed in the recent NMC Library Horizon Report3 – particularly in healthcare systems libraries where students are typically encountering a very different set of resources and access challenges than at an educational institution.

As a first step to addressing these challenges within the library, a joined-up or centralised authentication system is needed, with a focus on making processes as automated as possible. In one case our interviewees mentioned a turnaround time of two weeks for off-campus account activations due to the extra work involved in verifying a remote user’s identity (without the benefit of on-campus network access as an authentication token), combined with internal staffing levels. Manual oversight of such access is of course required, especially in healthcare scenarios where unauthorized access to sensitive patient information needs to be prevented, but interviewees felt that a more streamlined process could be of benefit to everyone.

The increasing role of mobile devices in research workflows needs to be recognized at an institutional level. While it’s doubtful that many students or researchers make a habit of reading full-length articles on a smartphone, tablet, and laptop computers are increasingly the devices of choice for research4. This requires on-going investment in institutional infrastructure to support mobile devices; users expect easy Wi-Fi access, which will need to be updated on a regular basis by IT teams as faster standards become available, and as greater bandwidth is required by users to cope with the expanding use of mobile computing devices.

The role of mobile devices needs to be recognized by publishers, too. Many of our interviewees mentioned that while their library portals were as mobile-friendly as possible, that consideration is lost when users transition to publishers’ platforms which are very much designed for standard desktops. As mentioned earlier, the implementation of access federation logins also needs work; there is a lack of a standard approach between different publishers, with login prompts appearing in different stages along the user journey and presenting users with a mix of WAYF selection drop-down boxes, fields to type in their institution, or standard username and password prompt, depending on the provider5.

Where we’re heading
Even in institutions that define themselves as currently being ahead of the curve, there is still something of a disconnect – while most provide seamless access to resources as long as users begin their journey from the library portal site, this is not a good fit with current research workflows, which typically begin with a search engine or database such as PubMed6. Realising the ideal – completely seamless access to all resources – requires automatic authentication, regardless of the user’s location. While proxy servers and VPN solutions are part of the answer there’s still some distance to go – particularly in indicating clearly to users what they can and cannot access at any given time.

There is very much a sense of distance left to travel, and awareness that current systems are only ever “good enough” for a fixed period of time, with a need to regular review solutions and expand or even supplant entire systems as technical advances allow libraries to get closer to realising seamless access for users.

But this requires an equal investment on service providers’ parts, too. Several of our interviewees expressed a level of frustration that although their institution can establish faceted user groups (for example, distance learners, members of the public, and emeritus faculty) – service providers are unwilling or unable to provide the level of technical granularity that would support these user groups. Such groups fall outside of the traditional definition of 'authorised user' that encompasses full-time faculty and students, yet should still be permitted access to some resources to which the institution subscribes.

Climbing the curve
In order to achieve this optimal outcome – seamless access for users in as many cases as possible – there are a few first steps that any institution can take.
Our librarians were unanimous in their call for better communication, both within the organization and across different institutions. Primary among this is conducting research with users, finding out how and when they need access to different resources, and ensuring that access management is in place to answer as many of their use cases as possible. Providing self-help resources for students and faculty was also listed as an important way of managing the number of user queries, with a focus on providing illustrated configuration guides for the most popular operating systems and devices. Several interviewees also indicated that they run workshops at the start of the academic year for students to bring in their devices, whereupon library staff help set them up with access rights to the resources they will need for the coming year.

Sharing knowledge and expertise is paramount to success, with all our librarians stressing the importance of networking with peers and finding those who have struggled with similar problems. Much discussion about access and identity management can be found on listservs and on social media (Twitter in particular was identified as a good way to connect with librarians who might be able to help solve configuration issues), but full and frank discussion might be better held in person at user groups and experts meetings.

There was also a call for greater collaboration within the industry. Interviewees noted that publishers need to provide better support, and not – as one librarian highlighted – sequester the expertise required to solve a configuration problem behind a ‘first line’ of customer service agents (or failing to ensure knowledge is transferred as staff move positions or companies). Ideally, publishers should provide configuration guides for major identity and access management systems, which would enable librarians to solve problems without having to resort to customer service calls; publishers should also better support federated access protocols to allow for more granular treatment of special use-cases (for example, overseas / distance learners). Finally, our interviewees specified that improving indications of what users currently have access to on publishers’ sites is a priority.

One potential solution was highlighted by Katherine Rose in her recent UKSG eNews editorial, The challenge of seamless authentication7. This represents a significant step towards the ideal user scenario, but needs considerable investment in infrastructure and buy-in from publishers in order to maintain its central database of titles. In the meantime, librarians will need to continue to listen to their users, work with their institutional colleagues to maintain and fully exploit their current systems, and look to their peers for innovative solutions and knowledge transfer.

About the author
David Armstrong is Senior Marketing Manager at TBI Communications (www.tbicommunications.com), the specialist communications agency for the scholarly and professional publishing sector.

References
1. Schonfield, R., “Meeting researchers where they start”, Ithaka S+R, March 2015. Accessed 10th July 2015
2. Jon Bentley, Eduserv blog, 19th May 2015. Accessed 20th July 2015
3. NMC Library Horizon Report, 2014 Library Edition. Accessed 10th July 2015
4. Ibid
5. Athena Hoeppner. 'Shibble-Me-This: One Librarian's Foray into Shibboleth for Better Access.' Internet Librarian 2014, Monterey, CA, 27 October 2014. Accessed 10th July 2015
6. Schonfield, R., 'Meeting researchers where they start', Ithaka S+R, March 2015. Accessed 10th July 2015
7. The Challenges of Seamless Authentication, Katherine Rose, UKSG eNews issue 345. Accessed 10th July 2015