[Eril-l] OpenAthens vs campus federated SSO?

Electronic Resources in Libraries discussion list eril-l at lists.eril-l.org
Wed May 22 08:35:30 PDT 2024 

I do not work closely with authentication and have had minimal experience
with federated access. However, when I read "...we have had some vendors
that we never worked with *suddenly being able to authenticate through
Canarie without either the library staff OR our IT staff doing anything at
all* on our end" I wondered how you would restore access if you lost it.
Who would you contact? Having Open Athens seems to mean that you can
contact Open Athens regarding loss of access. I would be suspicious of any
access that appears miraculously and is unmonitored by the library or a
service. It sounds like something hard to manage (especially if you have no
other access like ezproxy set up as a backup) in a crisis or even on a
regular day.

Judith

--
Judith Nagata  (she/her)
Electronic Resources & Serials Librarian
Dinand Library
College of the Holy Cross
Worcester, MA 01610
p: 508-793-2639
e: jnagata at holycross.edu

On Wed, May 22, 2024 at 10:36 AM Electronic Resources in Libraries
discussion list via Eril-l <eril-l at lists.eril-l.org> wrote:

> Thanks for this. I am confused however about your first point. But first I
> probably need to distinguish between the "you" in "you'd still need to
> configure" being us library staff versus our campus IT staff.
> We as in the library staff definitely do NOT have to maintain any kind of
> local idp instance.  And while in the past we've had to involve our IT dept
> to do something (hidden from me) to work with some vendors (I'm guessing
> that whatever they did is what you mean), we have had some vendors that we
> never worked with suddenly being able to authenticate through Canarie
> without either the library staff OR our IT staff doing anything at all on
> our end. In fact, I only discovered some of these were working when I went
> through our list of every vendor from off campus to see what they'd offer
> me, and surprisingly found some doing SSO that I hadn't known about (and I
> would be the person at my library who would know).
>
> Your other points are definitely correct - we'll have to keep maintaining
> our ezproxy server for a long time as we have many smaller vendors who can
> barely manage IP authentication and aren't going to offer SSO any time soon.
> But if we had money for OA, we could instead just switch from self-hosted
> to having OCLC do that work for us, which leads to a secondary question:
>
> For the IP authenticated vendors (setting aside the SAML/federated ones),
> is there anything about OA that is superior to the service that OCLC offers
> if one uses ezproxy hosted by them?
>
> I haven't heard any comments or complaints about the branding issue, but
> I'll pay more attention to that, thanks again!
>
> Melissa Belvadi
> mbelvadi at upei.ca
> Make an appointment: https://mbelvadi.youcanbook.me/
> ------------------------------
> *From:* Eril-l <eril-l-bounces at lists.eril-l.org> on behalf of Electronic
> Resources in Libraries discussion list via Eril-l <eril-l at lists.eril-l.org
> >
> *Sent:* Wednesday, May 22, 2024 11:13 AM
> *To:* eril-l at lists.eril-l.org <eril-l at lists.eril-l.org>
> *Subject:* [Eril-l] OpenAthens vs campus federated SSO?
>
>
> CAUTION: This email originated from outside of UPEI. Do not click links or
> open attachments unless you recognize the sender and know the content is
> safe. If you are uncertain, please forward to phishing at upei.ca and delete
> this email.
>
>
> WARNING: The sender of this email could not be verified and may not match
> the person in the 'FROM' field. Do not click links or open attachments
> unless you recognize the sender and know the content is safe. If you are
> uncertain, please forward to phishing at upei.ca and delete this email.
>
>
> Hi Melissa,
>
> I had the same question when my library was considering the jump to
> federated access.   From my perspective and if I'm understanding correctly,
> three major issues come to mind:
>
> Even though you'd be authenticating via your institution's Shib to Canarie
> you'd still need to configure and maintain a local IdP instance for
> authorization to every SP (vendor or publisher) with whom you want to
> establish a trusted connection.  OpenAthens maintains almost 500 of these
> IdP configurations in its resource catalogue so all you have to do is
> allocate a resource and the connection is established since OpenAthens
> serves as our IdP.  If one isn't available we simply contact EBSCO support
> who creates one for us.
>
> A surprising number of publishers still don't support federated access, so
> for those that still use IP authentication you'd need to continue using
> EZproxy which means you'd have to maintain, support, and pay for dual
> authentication systems.  OpenAthens is a turnkey solution since IP-based
> and federated access are both supported in OpenAthens.
>
> This may be deemed a lesser issue, but typically Shib is maintained by
> your campus' IT shop, so if you're piggybacking on this you'd have to use
> whatever branding they have in place.  You wouldn't be able to maintain
> consistent library branding and imagery across your access points, which is
> important to our patron's user experience.
>
> I hope this helps clarify.  Please feel free to contact me off-list if
> you'd like more detail.  Best of luck!
>
> Regards,
> John
>
> __________________________________
> John Felts
> Head of Information Technology and Collections
> University Libraries / Coastal Carolina University
> 376 University Boulevard
> Conway SC 29526
> 843-349-5040
>
>
> ------------------------------
>
> Message: 4
> Date: Tue, 21 May 2024 17:22:08 +0000
> From: Electronic Resources in Libraries discussion list
>         <eril-l at lists.eril-l.org>
> To: ERIL-L listserv <eril-l at lists.eril-l.org>
> Subject: [Eril-l] OpenAthens vs campus federated SSO?
> Message-ID:
>         <mailman.597.1716312135.1238482.eril-l-eril-l.org at lists.eril-l.org
> >
> Content-Type: text/plain; charset="utf-8"
>
> Hi, all.
> We use ezproxy generally (self-hosted) but as our campus implemented first
> Shibboleth and is now moving this summer to Azure, and associated with the
> big Canadian SAML federation Canarie, we've been finding more and more
> major library content providers supporting that kind of off-campus "login
> via your institution", some of which didn't even contact us to configure
> it, but just got up and running for us from the Canarie service.
>
> In light of that trend, I'm wondering what advantages there still are to
> using Open Athens (which I've been wanting to get for years but didn't have
> the budget or systems support for).
>
> If any of you have Open Athens and your campus also provides SSO through
> that kind of SAML service, can you please tell me what OA is doing for you
> that makes it still worth the cost?
>
> Melissa Belvadi
> Collections Librarian
> University of Prince Edward Island
> mbelvadi at upei.ca<mailto:mbelvadi at upei.ca <mbelvadi at upei.ca>>
> 902-566-0581 ORCID iD: 0000-0002-4433-0189 my public calendar<
> https://outlook.office365.com/owa/calendar/0fbab27c909e4493be65313bd66d66b6@upei.ca/5fa60af92c6d451c9ddf90c0bb11e00f15552192987609852692/calendar.html
> >
> Make an appointment<https://mbelvadi.youcanbook.me/> via YouCanBookMe My
> pronouns are ????/???????
> My emails are sent during the hours that I work and I understand that you
> will respond during the hours that you work.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20240521/41cbb8ce/attachment-0001.htm
> >
>
> ******************************
> _______________________________________________
> Eril-l mailing list
> Eril-l at lists.eril-l.org
> http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org
> _______________________________________________
> Eril-l mailing list
> Eril-l at lists.eril-l.org
> http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20240522/f71b7e75/attachment.htm>

More information about the Eril-l mailing list