[Eril-l] OpenAthens: Pros? Cons?

Hinchliffe, Lisa W ljanicke at illinois.edu
Tue May 8 09:24:30 PDT 2018


There is a huge difference between the vendor platform knowing that "someone from X university is accessing the resource" and "this specific person is accessing the resource." Admittedly, that's how you get the increased network security, tracking of illicit downloading, etc. But, it comes at the cost of everyone's privacy.

(And, btw, once your user consents to the data being passed along and being used by the platforms, it appears they will then possibly start getting direct email communications from the vendors, not realizing they consented to that as well. I say "it appears" because it is a little hard to figure out how I've ended up on some mailing lists but my suspicions is our SAML.)

I encourage everyone to press on what data is being stored and for how long and not be distracted by assurances that said data is secure. Security isn't privacy.

Lisa

--
Lisa Janicke Hinchliffe
Professor/ Coordinator for Information Literacy Services and Instruction
University Library, University of Illinois, 1408 West Gregory Drive, Urbana, Illinois 61801
ljanicke at illinois.edu<mailto:ljanicke at illinois.edu>, 217-333-1323 (v), 217-244-4358 (f)
________________________________
From: Trisha Burr [tburr at macalester.edu]
Sent: Tuesday, May 08, 2018 11:17 AM
To: Hinchliffe, Lisa W
Cc: Melissa Belvadi; Hwang, Amy L; eril-l at lists.eril-l.org
Subject: Re: [Eril-l] OpenAthens: Pros? Cons?

Our library is also looking at the possibility of switching to OpenAthens from EzProxy.

I think the big unknown for myself and others at our institution is the privacy piece. What are the implications of being able to authenticate with a specific person (email address) rather than a general IP range?

I guess I don't really understand yet where this data is being stored, for how long etc. If anyone has specifics about this, I'd be happy to hear more.

Thanks,
Trisha

On Tue, May 8, 2018 at 11:04 AM, Hinchliffe, Lisa W <ljanicke at illinois.edu<mailto:ljanicke at illinois.edu>> wrote:
I'd highly encourage a privacy comparison as well as security.  (If you are interested, I've raised some of my concerns in this piece about RA21/SAML systems (of which OpenAthens is one) - https://scholarlykitchen.sspnet.org/2018/01/16/what-will-you-do-when-they-come-for-your-proxy-server-ra21/).

Lisa
--
Lisa Janicke Hinchliffe
Professor/ Coordinator for Information Literacy Services and Instruction
University Library, University of Illinois, 1408 West Gregory Drive, Urbana, Illinois 61801
ljanicke at illinois.edu<mailto:ljanicke at illinois.edu>, 217-333-1323 (v), 217-244-4358 (f)
________________________________
From: Eril-l [eril-l-bounces at lists.eril-l.org<mailto:eril-l-bounces at lists.eril-l.org>] on behalf of Melissa Belvadi [mbelvadi at upei.ca<mailto:mbelvadi at upei.ca>]
Sent: Tuesday, May 08, 2018 10:28 AM
To: Hwang, Amy L
Cc: eril-l at lists.eril-l.org<mailto:eril-l at lists.eril-l.org>
Subject: Re: [Eril-l] OpenAthens: Pros? Cons?

I am very interested in others' replies to this, as I really want to switch and am working to make the case for OA despite the extra cost - we don't have it yet.

I am going to share with all of you here my own analysis here at UPEI, but feel free to pick it apart and tell me if I've misunderstood anything.
Check at UPEI is a reference to links to our openurl resolver, Moodle is our course management system, and there are a few other references to special UPEI-specific services.
We are a self-hosted ezproxy site, on the current version.


https://openathens.org/for-information-managers/


Cost: [negotiated individually, I can't share our quote, sorry]


Benefits of Open Athens over our current self-hosted ezproxy

  *   User Experience off-campus (which is the whole point of ezproxy, right?):

     *   Users of major non-library-licensed search systems like PubMed and Google Scholar will not need to take lots of extra steps to be "within" our licenses. They just need to login to OA once per session, then any way they find themselves at any publisher site they'll be pre-authenticated - no "check at UPEI" special settings, "otool" special links, etc.

     *   Major publisher sites will invite them to authenticate with OA if they get there directly without coming through our OA login link even the first time within their work session, and that will stick for the remaining OA sites. Andrew has confirmed that most of the vendors on the oa federation list<https://www.openathens.net/resources.php?oaf> will do this, including:  Elsevier, Wiley, Springer, Sage, Oxford, Taylor&Francis, Cambridge, JSTOR,  ACS, EBSCO, Proquest, and Ovid. The one notable exception that does not is Gale (but their content is not easily discoverable in Google/ Scholar or elsewhere anyway); note that if they have a token already from one of them, they won't need to reauthenticate with the others during that session

     *   OA will work even when our entire campus network is done (and the proxy server is unreachable) for those sites with direct OA login; we can have pre-configured emergency username/password "local" accounts that we can give out during total network outages if OA can't even reach our ldap/shibb system; I have done this just for EBSCO a few times, when needed but this would work for ALL of our licensed IP-authenticated resources, not just EBSCO

  *   Ezproxy: Faculty who try to make their own links to our resources in Moodle or elsewhere and students discover right at their deadline that they don't work because they lack the prefix

  *   Ezproxy: Library staff have to work harder every time they make one-off links when helping patrons

  *   Ezproxy: Staff maintenance of individual site "stanzas"

  *   Hosted solution superior to internal server for the following reasons:

     *   care and maintenance including security responsibility for the hardware, OS platform

     *   maintenance/upgrades of the service itself (the ezproxy software)

     *   connections to the various vendors/publishers always up to date, we don't need to figure them out and keep changing them as the vendors change their websites

     *   maintaining our local copy of the "blacklist" is extra work

     *   removes risk of error in configuration blocks - ezproxy requires manually editing a plain text config file in which a simple typo could cause interruption of service - OA web-based config interface makes adding/removing service providers a matter of gui selection;

     *   greatly simplifies management of local accounts (eg IB students, alumni premiere accounts, emergency accounts) - provides simple web-based gui with granular permissions, so this could be entirely handled by a technician, for instance, not using up Peter's time to maintain/update

     *   Less traffic and likely slightly better performance during normal network conditions as users won't have all of their authenticated traffic bouncing through our campus network/proxy server but will go directly from publisher/vendor site to their own device - note a tradeoff of reliability of our campus network+proxy server in exchange for the reliability of the OA server [question about what OA does if it can't reach our ldap/shib/AD server]


  *   OpenAthens features that Ezproxy can't offer:

     *   Security/Compromised account issues:

        *   Sophisticated algorithms for detecting illegal/abusive use suggesting compromised accounts - very likely to do a much better job than we do of catching problems before our publishers notice anything

        *   Immediate shutdown of individual compromised accounts prevents publisher from having to shut down the entire UPEI institutional account until the single patron's account problem is resolved

        *   will provide analysis for us of which patron account, what the geographic or other suspicious conditions were, saving us time of having to trace the activity through the multiple logs within ezproxy to piece the "story" together

     *   User Experience with vendor platforms:

        *   all of our major platforms will allow immediate access to the personalization features (aka "My Research/My Ebscohost") without having to create separate accounts on each platform. Note that this includes RefWorks (checking on implication for WnC)

     *   User Experience for our "special" accounts:

        *   no special URLs, will be able to use exactly the same links as everyone else

        *   easier maintenance of the accounts themselves will mean faster service for these patrons

     *   Usage Reporting - far more detailed than we can get now, depending on how we configure things with ITSS, we could finally get info about which departments' users are using which resources, which would give us leverage for negotiating more favorable pricing for some subject-specialty databases (we did that with one product but getting the data from ezproxy was a nightmare) as well as providing important data for subject librarians to better focus instruction/dept outreach.  We might well be able to afford more specialty products if we had the ability to restrict specific products to specific user groups and promise the publisher that control during price negotiation.



Melissa Belvadi
Collections Librarian
University of Prince Edward Island
mbelvadi at upei.ca<mailto:mbelvadi at upei.ca> 902-566-0581
my public calendar<http://www.google.com/calendar/embed?src=mbelvadi%40upei.ca&ctz=America/Halifax&mode=week>



On Tue, May 8, 2018 at 12:14 PM, Hwang, Amy L <Amy.Hwang at enc.edu<mailto:Amy.Hwang at enc.edu>> wrote:
Hello All,

I’m considering switching to OpenAthens for authentication rather than staying with EZproxy. Has anyone made that switch? I have a couple of reasons for thinking about switching. The version of EZproxy that my IT department currently hosts is no longer supported, and they don’t want to host an updated version of EZproxy. (I would be switching to hosted EZproxy instead.) It seems to me that although OpenAthens is more expensive, I wouldn’t have to involve IT as much, and I could get out-of-the-box statistics that lets me know who is logging in and to what resources. (It would make it easier to know what to cut if needed.)

Most of the resources my library subscribes to are “big deal” collections rather than titles accessed from publisher websites. I’ve looked on some listservs and seen that some libraries use both EZproxy and OpenAthens, but I can’t afford to do that.

Any advice you have for me would be greatly appreciated!

Sincerely,
Amy Hwang

* Please excuse the cross-posting.*

Amy L. Hwang, MLS | Director of Library Services | Nease Library, Eastern Nazarene College | 23 E. Elm Ave., Quincy, MA 02170 | 617-745-3854


_______________________________________________
Eril-l mailing list
Eril-l at lists.eril-l.org<mailto:Eril-l at lists.eril-l.org>
http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org



_______________________________________________
Eril-l mailing list
Eril-l at lists.eril-l.org<mailto:Eril-l at lists.eril-l.org>
http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org




--

Trisha Burr

Electronic Resources Librarian

DeWitt Wallace Library

651-696-6749 | tburr at macalester.edu<mailto:tburr at macalester.edu>

1600 Grand Avenue

Saint Paul, MN 55105 USA


[mac-sec-horizontal-logo-150w.jpg]



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20180508/f9e3cf37/attachment-0001.html>


More information about the Eril-l mailing list