[Eril-l] O'Reilly, Federated SSO, and patron identity privacy - question
Karen Kunz
Karen.Kunz at oit.edu
Thu Aug 5 10:59:43 PDT 2021
Hi Melissa,
We've just finished setting this up. In order to get around this our IT department changed the attributes sent from the user name and email to using our unique institution ID number. Then O'Reilly updated our UI so that the ID number does not show on the webpage.
We feel that this does give our students protection as there is no way that O'Reilly could associate the institution ID with a particular student and their particular ID number will not show up when they use the product.
Karen
Karen Kunz, MLS
Technical Services and Systems Librarian
Oregon Institute of Technology
3201 Campus Drive, Klamath Falls, OR 97601
Karen.kunz at oit.edu |<mailto:Karen.kunz at oit.edu%20|> 541.885.1769 | 541.885.1777 (fax)
https://www.oit.edu/library
From: Eril-l <eril-l-bounces at lists.eril-l.org> On Behalf Of Melissa Belvadi
Sent: Thursday, August 5, 2021 10:31 AM
To: eril-l at lists.eril-l.org
Subject: [Eril-l] O'Reilly, Federated SSO, and patron identity privacy - question
Hello, all.
This question is for those of you who subscribe to the O'Reilly HIgher Education ebook package, formerly known as "Safari", and uses the Federated/SSO method of authentication, and whose campuses have strong rules about patron privacy.
It appears to us that the SSO configuration sends O'Reilly our patron's campus username, which makes it trivial for them to identify the human being and link that info to the books that person reads on their platform if they did want to engage in that kind of data mining (they deny it, but some of us are skeptical).
We don't have any absolute rules on our campus about that, but we librarians are definitely not happy about it.
I was wondering, those of you who are at institutions that do have stronger rules about patron privacy matters and who use this configuration, can you tell me what you did to deal with it? Did you find a way to avoid sending O'Reilly that personally-identifiable username?
Thanks!
Melissa Belvadi
Collections Librarian
University of Prince Edward Island
mbelvadi at upei.ca<mailto:mbelvadi at upei.ca> 902-566-0581
ORCID iD: 0000-0002-4433-0189
my public calendar<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Foutlook.office365.com%2Fowa%2Fcalendar%2F0fbab27c909e4493be65313bd66d66b6%40upei.ca%2F5fa60af92c6d451c9ddf90c0bb11e00f15552192987609852692%2Fcalendar.html&data=04%7C01%7Ckaren.kunz%40oit.edu%7C3cb04057eaab4df1fe7708d958371d4a%7Cf4db50f235d14e0694e2167755273558%7C0%7C1%7C637637816002805247%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=HyyrxjNDE43EJOWL11czQxttelg2EUiTl79KNM12U%2Bc%3D&reserved=0>
Make an appointment<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmbelvadi.youcanbook.me%2F&data=04%7C01%7Ckaren.kunz%40oit.edu%7C3cb04057eaab4df1fe7708d958371d4a%7Cf4db50f235d14e0694e2167755273558%7C0%7C1%7C637637816002815211%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=LeAnWCTXxrubMCNO39hfyGr0mVmKcgmvTY4YW5J1%2BlI%3D&reserved=0> via YouCanBookMe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20210805/4282bc0d/attachment.html>
More information about the Eril-l
mailing list