Federated Identity Management for Libraries

Jos Westerbeke, Erasmus University Rotterdam

Access to licensed e-resources is almost always provided based on IP address authentication. However, big publishers tend to move away from IP based access and libraries are facing publishers who want to use Single Sign-On (SSO) configurations. Libraries, then, need to setup SSO in the right way to protect the privacy of its patrons. Several librarians and technical specialists launched the Federated Identity Management for Libraries initiative (FIM4L, http://fim4l.org) to address the lack of a common best practise. A recommendation document is written about how to establish federated SSO for libraries while protecting privacy. It describes the attributes which can be released by the library and recommends two main options: An anonymous and a pseudonymous authentication. These recommendations would be useful for librarians and publishers too, to use FIM and set up federated SSO.

Extra questions

These questions were asked during the session chat but not answered during the session.

Q: What are the most common problems found when talking with the providers (by Jordi Pallarès LLorens)

A: When a library has talks with a provider regarding the implementation of federated SSO, whereby IP access is not an option, following questions/problems could arise: - Privacy: which user attributes are to be exchanged. Some require email address for example. Libraries are often not able to convince providers not to use it, or the provider would like to use their default (bad) configuration. - Contracts are formed by account managers who often do not understand the technical issues when not opted for default IP address access. It costs a lot of time to get the right persons. On both sides. But it al heavily depends on which provider you have to deal with. The biggest publishers already offer good configurations.