[Eril-l] OpenAthens: Pros? Cons?
Melissa Belvadi
mbelvadi at upei.ca
Tue May 8 09:26:28 PDT 2018
That is an issue being considered here too. There are lots of different
parts to that. Of course, if you are hosted ezproxy, there isn't much of a
change there in terms of a third party being able to tie all traffic to a
username at your campus.
The other component is if you want to take advantage of the single-signon
aspects with the major publishers. OA has different options, depending on
what mix of functionality and privacy you want to target, but the upshot is
that you can still provide that functionality without those target sites
(eg Wiley, ScienceDirect, EBSCO, etc.) being able to personally identify
the user. That's actually a privacy gain, because users wanting that
functionality without OA have to create their own accounts on each
platform, revealing their name, email address, etc.
Melissa Belvadi
Collections Librarian
University of Prince Edward Island
mbelvadi at upei.ca 902-566-0581
my public calendar
<http://www.google.com/calendar/embed?src=mbelvadi%40upei.ca&ctz=America/Halifax&mode=week>
On Tue, May 8, 2018 at 1:17 PM, Trisha Burr <tburr at macalester.edu> wrote:
> Our library is also looking at the possibility of switching to OpenAthens
> from EzProxy.
>
> I think the big unknown for myself and others at our institution is the
> privacy piece. What are the implications of being able to authenticate with
> a specific person (email address) rather than a general IP range?
>
> I guess I don't really understand yet where this data is being stored, for
> how long etc. If anyone has specifics about this, I'd be happy to hear more.
>
> Thanks,
> Trisha
>
> On Tue, May 8, 2018 at 11:04 AM, Hinchliffe, Lisa W <ljanicke at illinois.edu
> > wrote:
>
>> I'd highly encourage a privacy comparison as well as security. (If you
>> are interested, I've raised some of my concerns in this piece about
>> RA21/SAML systems (of which OpenAthens is one) -
>> https://scholarlykitchen.sspnet.org/2018/01/16/what-will-
>> you-do-when-they-come-for-your-proxy-server-ra21/).
>>
>> Lisa
>>
>> --
>>
>> Lisa Janicke Hinchliffe
>> Professor/ Coordinator for Information Literacy Services and Instruction
>> University Library, University of Illinois, 1408 West Gregory Drive,
>> Urbana, Illinois 61801
>> ljanicke at illinois.edu, 217-333-1323 (v), 217-244-4358 (f)
>>
>> ------------------------------
>> *From:* Eril-l [eril-l-bounces at lists.eril-l.org] on behalf of Melissa
>> Belvadi [mbelvadi at upei.ca]
>> *Sent:* Tuesday, May 08, 2018 10:28 AM
>> *To:* Hwang, Amy L
>> *Cc:* eril-l at lists.eril-l.org
>> *Subject:* Re: [Eril-l] OpenAthens: Pros? Cons?
>>
>> I am very interested in others' replies to this, as I really want to
>> switch and am working to make the case for OA despite the extra cost - we
>> don't have it yet.
>>
>> I am going to share with all of you here my own analysis here at UPEI,
>> but feel free to pick it apart and tell me if I've misunderstood anything.
>> Check at UPEI is a reference to links to our openurl resolver, Moodle is
>> our course management system, and there are a few other references to
>> special UPEI-specific services.
>> We are a self-hosted ezproxy site, on the current version.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> * https://openathens.org/for-information-managers/
>> <https://openathens.org/for-information-managers/> Cost: [negotiated
>> individually, I can't share our quote, sorry] Benefits of Open Athens over
>> our current self-hosted ezproxy - User Experience off-campus (which is the
>> whole point of ezproxy, right?): - Users of major non-library-licensed
>> search systems like PubMed and Google Scholar will not need to take lots of
>> extra steps to be "within" our licenses. They just need to login to OA once
>> per session, then any way they find themselves at any publisher site
>> they'll be pre-authenticated - no "check at UPEI" special settings, "otool"
>> special links, etc. - Major publisher sites will invite them to
>> authenticate with OA if they get there directly without coming through our
>> OA login link even the first time within their work session, and that will
>> stick for the remaining OA sites. Andrew has confirmed that most of the
>> vendors on the oa federation list
>> <https://www.openathens.net/resources.php?oaf> will do this, including:
>> Elsevier, Wiley, Springer, Sage, Oxford, Taylor&Francis, Cambridge, JSTOR,
>> ACS, EBSCO, Proquest, and Ovid. The one notable exception that does not is
>> Gale (but their content is not easily discoverable in Google/ Scholar or
>> elsewhere anyway); note that if they have a token already from one of them,
>> they won't need to reauthenticate with the others during that session - OA
>> will work even when our entire campus network is done (and the proxy server
>> is unreachable) for those sites with direct OA login; we can have
>> pre-configured emergency username/password "local" accounts that we can
>> give out during total network outages if OA can't even reach our ldap/shibb
>> system; I have done this just for EBSCO a few times, when needed but this
>> would work for ALL of our licensed IP-authenticated resources, not just
>> EBSCO - Ezproxy: Faculty who try to make their own links to our resources
>> in Moodle or elsewhere and students discover right at their deadline that
>> they don't work because they lack the prefix - Ezproxy: Library staff have
>> to work harder every time they make one-off links when helping patrons -
>> Ezproxy: Staff maintenance of individual site "stanzas" - Hosted solution
>> superior to internal server for the following reasons: - care and
>> maintenance including security responsibility for the hardware, OS platform
>> - maintenance/upgrades of the service itself (the ezproxy software) -
>> connections to the various vendors/publishers always up to date, we don't
>> need to figure them out and keep changing them as the vendors change their
>> websites - maintaining our local copy of the "blacklist" is extra work -
>> removes risk of error in configuration blocks - ezproxy requires manually
>> editing a plain text config file in which a simple typo could cause
>> interruption of service - OA web-based config interface makes
>> adding/removing service providers a matter of gui selection; - greatly
>> simplifies management of local accounts (eg IB students, alumni premiere
>> accounts, emergency accounts) - provides simple web-based gui with granular
>> permissions, so this could be entirely handled by a technician, for
>> instance, not using up Peter's time to maintain/update - Less traffic and
>> likely slightly better performance during normal network conditions as
>> users won't have all of their authenticated traffic bouncing through our
>> campus network/proxy server but will go directly from publisher/vendor site
>> to their own device - note a tradeoff of reliability of our campus
>> network+proxy server in exchange for the reliability of the OA server
>> [question about what OA does if it can't reach our ldap/shib/AD server] -
>> OpenAthens features that Ezproxy can't offer: - Security/Compromised
>> account issues: - Sophisticated algorithms for detecting illegal/abusive
>> use suggesting compromised accounts - very likely to do a much better job
>> than we do of catching problems before our publishers notice anything -
>> Immediate shutdown of individual compromised accounts prevents publisher
>> from having to shut down the entire UPEI institutional account until the
>> single patron's account problem is resolved - will provide analysis for us
>> of which patron account, what the geographic or other suspicious conditions
>> were, saving us time of having to trace the activity through the multiple
>> logs within ezproxy to piece the "story" together - User Experience with
>> vendor platforms: - all of our major platforms will allow immediate access
>> to the personalization features (aka "My Research/My Ebscohost") without
>> having to create separate accounts on each platform. Note that this
>> includes RefWorks (checking on implication for WnC) - User Experience for
>> our "special" accounts: - no special URLs, will be able to use exactly the
>> same links as everyone else - easier maintenance of the accounts themselves
>> will mean faster service for these patrons - Usage Reporting - far more
>> detailed than we can get now, depending on how we configure things with
>> ITSS, we could finally get info about which departments' users are using
>> which resources, which would give us leverage for negotiating more
>> favorable pricing for some subject-specialty databases (we did that with
>> one product but getting the data from ezproxy was a nightmare) as well as
>> providing important data for subject librarians to better focus
>> instruction/dept outreach. We might well be able to afford more specialty
>> products if we had the ability to restrict specific products to specific
>> user groups and promise the publisher that control during price
>> negotiation. *
>>
>> Melissa Belvadi
>> Collections Librarian
>> University of Prince Edward Island
>> mbelvadi at upei.ca 902-566-0581
>> my public calendar
>> <http://www.google.com/calendar/embed?src=mbelvadi%40upei.ca&ctz=America/Halifax&mode=week>
>>
>>
>>
>> On Tue, May 8, 2018 at 12:14 PM, Hwang, Amy L <Amy.Hwang at enc.edu> wrote:
>>
>>> Hello All,
>>>
>>>
>>>
>>> I’m considering switching to OpenAthens for authentication rather than
>>> staying with EZproxy. Has anyone made that switch? I have a couple of
>>> reasons for thinking about switching. The version of EZproxy that my IT
>>> department currently hosts is no longer supported, and they don’t want to
>>> host an updated version of EZproxy. (I would be switching to hosted EZproxy
>>> instead.) It seems to me that although OpenAthens is more expensive, I
>>> wouldn’t have to involve IT as much, and I could get out-of-the-box
>>> statistics that lets me know who is logging in and to what resources. (It
>>> would make it easier to know what to cut if needed.)
>>>
>>>
>>>
>>> Most of the resources my library subscribes to are “big deal”
>>> collections rather than titles accessed from publisher websites. I’ve
>>> looked on some listservs and seen that some libraries use *both*
>>> EZproxy and OpenAthens, but I can’t afford to do that.
>>>
>>>
>>>
>>> Any advice you have for me would be greatly appreciated!
>>>
>>>
>>>
>>> Sincerely,
>>>
>>> Amy Hwang
>>>
>>>
>>>
>>> * Please excuse the cross-posting.*
>>>
>>>
>>>
>>> Amy L. Hwang, MLS | Director of Library Services | Nease Library,
>>> Eastern Nazarene College | 23 E. Elm Ave., Quincy, MA 02170 | 617
>>> <https://maps.google.com/?q=23+E.+Elm+Ave.,+Quincy,+MA+02170+%7C+617&entry=gmail&source=g>-745-3854
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Eril-l mailing list
>>> Eril-l at lists.eril-l.org
>>> http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org
>>>
>>>
>>
>> _______________________________________________
>> Eril-l mailing list
>> Eril-l at lists.eril-l.org
>> http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org
>>
>>
>
>
> --
>
> Trisha Burr
>
> Electronic Resources Librarian
>
> DeWitt Wallace Library
>
> 651-696-6749 | tburr at macalester.edu
>
> 1600 Grand Avenue
> <https://maps.google.com/?q=1600+Grand+Avenue+Saint+Paul,+MN+55105+USA&entry=gmail&source=g>
>
> Saint Paul, MN 55105 USA
> <https://maps.google.com/?q=1600+Grand+Avenue+Saint+Paul,+MN+55105+USA&entry=gmail&source=g>
>
> [image: mac-sec-horizontal-logo-150w.jpg]
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20180508/fa409786/attachment-0001.html>
More information about the Eril-l
mailing list