[Eril-l] SSO/SAML and attributes vendors want but maybe don't need? data grab?
Electronic Resources in Libraries discussion list
eril-l at lists.eril-l.org
Wed Nov 12 09:44:03 PST 2025
Zhaneille,
Would you mind sharing your specific attribute bundle you share with
vendors? I'm interested in creating a similar bundle in coordination with
our IT department.
Thank you,
Sunshine
--
Sunshine Carter
Director, Collection Strategy & eResource Management | University Libraries
| lib.umn.edu
University of Minnesota | umn.edu | 612-625-5615
she, her, hers
On Tue, Nov 11, 2025 at 7:28 PM Electronic Resources in Libraries
discussion list via Eril-l <eril-l at lists.eril-l.org> wrote:
> As Chandler said, some libraries work with their IAM departments to create
> a default SSO attribute bundle. The US has its own federation, InCommon,
> but I'm not sure how many librarians are aware of it, PLUS not all vendors
> are a part of the federation.
>
> If we collectively decide that we only share a specific attribute bundle a
> la Cornell, then vendors will have to meet those base expectations.
>
> A key part of pushing back against digital surveillance is understanding
> which attributes are anonymous, pseudonymous, or personalized, and being
> able to tell vendor IT that my library can support this attribute, not that
> one.
>
> Best wishes,
> Zhaneille
>
> Zhaneille Green (she/her)
>
> E-Access Librarian
>
> Electronic Resources Access & Discovery
>
> Duke University Libraries
>
> ------------------------------
> *From:* Eril-l <eril-l-bounces at lists.eril-l.org> on behalf of
> eril-l-request at lists.eril-l.org <eril-l-request at lists.eril-l.org>
> *Sent:* Monday, November 10, 2025 4:01 PM
> *To:* eril-l at lists.eril-l.org <eril-l at lists.eril-l.org>
> *Subject:* Eril-l Digest, Vol 132, Issue 7
>
> Send Eril-l mailing list submissions to
> eril-l at lists.eril-l.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>
> https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.eril-l.org%2Flistinfo.cgi%2Feril-l-eril-l.org&data=05%7C02%7Czhaneille.green%40duke.edu%7Ce2dcbdf2d5ff46fb471f08de20a42e75%7Ccb72c54e4a314d9eb14a1ea36dfac94c%7C0%7C0%7C638984086688926539%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=y6JCWLPKpoh82X4o2xl6wf7GQUiBajx1YTW4ZIINphA%3D&reserved=0
> <http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org>
> or, via email, send a message with subject or body 'help' to
> eril-l-request at lists.eril-l.org
>
> You can reach the person managing the list at
> eril-l-owner at lists.eril-l.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Eril-l digest..."
>
>
> Today's Topics:
>
> 1. SSO/SAML and attributes vendors want but maybe don't need?
> data grab? (Electronic Resources in Libraries discussion list)
> 2. Re: SSO/SAML and attributes vendors want but maybe don't
> need? data grab? (Electronic Resources in Libraries discussion list)
> 3. Re: SSO/SAML and attributes vendors want but maybe don't
> need? data grab? (Electronic Resources in Libraries discussion list)
> 4. Primary Research Group has published the Survey of Library
> Science Faculty: Developments in Library Science Curriculum, ISBN
> 979-8-88517-320-9 (Electronic Resources in Libraries discussion list)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 10 Nov 2025 15:37:20 +0000
> From: Electronic Resources in Libraries discussion list
> <eril-l at lists.eril-l.org>
> To: ERIL-L listserv <eril-l at lists.eril-l.org>
> Subject: [Eril-l] SSO/SAML and attributes vendors want but maybe don't
> need? data grab?
> Message-ID:
> <mailman.781.1762789079.464760.eril-l-eril-l.org at lists.eril-l.org>
> Content-Type: text/plain; charset="utf-8"
>
> Hi, all.
>
> I'm still trying to understand what the vendor movements away from IP
> authentication and especially for off-campus users mean, and have gotten
> some help from Gemini.
> UPEI belongs to the Canadian Access Federation (CAF), and we use MS Azure
> as our SSO system for our IdP.
>
> As I understand it, all our vendors need to know about our users is the
> same as what they knew about them when using ezproxy for off-campus access,
> which is that this user has authenticated as a UPEI valid user.
>
> According to a sample test I ran, our IdP doesn't send out any specific
> attributes, but it does tell the service provider that this person is a
> valid UPEI person and provides a persistent "name" code that is anonymized.
>
> Below is how Gemini explained it:
> So, while the service provider learned nothing about your personal
> identity (not your name, role, or email), it learned everything it needs to
> know about your institutional context.
> By accepting this SAML assertion, the service provider is implicitly
> saying: "I have received a digitally signed, unforgeable message from the
> official authentication authority for UPEI, and that authority vouches for
> the fact that they have successfully authenticated one of their valid
> users."
> This is the core of federated identity: authentication is handled entirely
> by the home institution. The service provider doesn't need to know who you
> are, only that UPEI has confirmed you are a legitimate member of its
> community.
>
> However, almost all of the library providers I have dealt with so far to
> configure SSO authentication have required us to take extra steps to
> provide them with more specific "attributes" like
> "eduPersonScopedAffiliation", and sometimes even PII (personally
> identifiable information) including first and last name and email address.
>
> The vendor could use that persistent "pseudonym" code allow this specific
> UPEI user to create whatever kind of personalized account services (eg
> saving searches) that vendor's platform has.
>
> So it seems to my suspicious mind that our vendors are taking advantage of
> the move towards SSO to get from us far more user-specific data than they
> actually need to provide the services we are paying for. They didn't have a
> problem for decades with providing their content to users who offered
> nothing more than our Ezproxy server's IP address. But suddenly they "need"
> PII to provide that same access?
>
> Is anyone/any library organization pushing back on this? What can we
> librarians do? Do we have to work with our IT depts to convince them to
> get their SAML/SSO providers (like Microsoft for Azure) to include more
> anonymizing options so we can send fake names and email addresses when our
> vendors demand them?
>
> I would guess that the European institutions have already been able to
> solve this, given the GDPR (which we in North America badly need too). How
> did you do it? What did you say to the vendors? Are there any "magic words"
> to get them to admit they don't need all those attributes they are
> demanding from us?
>
> Melissa Belvadi
> Collections Librarian
> University of Prince Edward Island
> mbelvadi at upei.ca<mailto:mbelvadi at upei.ca <mbelvadi at upei.ca>> 902-566-0581
> ORCID iD: 0000-0002-4433-0189
> my public calendar<
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Foutlook.office365.com%2Fowa%2Fcalendar%2F0fbab27c909e4493be65313bd66d66b6%40upei.ca%2F5fa60af92c6d451c9ddf90c0bb11e00f15552192987609852692%2Fcalendar.html&data=05%7C02%7Czhaneille.green%40duke.edu%7Ce2dcbdf2d5ff46fb471f08de20a42e75%7Ccb72c54e4a314d9eb14a1ea36dfac94c%7C0%7C0%7C638984086688957570%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=gmNwbfzZo4cabRcY8%2BMXjT3zfyj1ki4wIm5V%2FrYebo4%3D&reserved=0
> <https://outlook.office365.com/owa/calendar/0fbab27c909e4493be65313bd66d66b6@upei.ca/5fa60af92c6d451c9ddf90c0bb11e00f15552192987609852692/calendar.html>
> >
> My pronouns are ????/???????
> My emails are sent during the hours that I work and I understand that you
> will respond during the hours that you work.
>
> Make an appointment: Use YouCanBookMe
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmbelvadi.youcanbook.me%2F&data=05%7C02%7Czhaneille.green%40duke.edu%7Ce2dcbdf2d5ff46fb471f08de20a42e75%7Ccb72c54e4a314d9eb14a1ea36dfac94c%7C0%7C0%7C638984086688975524%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=wKeCbTQKc92nxdSfbtco%2BLvCJg2gbWkK0sx1hxPqAI0%3D&reserved=0
> <https://mbelvadi.youcanbook.me/>
> or for other MS365 / Outlook users, including UPEI people:
> [cid:2d397b68-5ac1-4410-9e44-e6b36733a881]<
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Foutlook.office.com%2Fbookwithme%2Fuser%2F0fbab27c909e4493be65313bd66d66b6%40upei.ca%3Fanonymous%26ismsaljsauthenabled%26ep%3DbwmEmailSignature&data=05%7C02%7Czhaneille.green%40duke.edu%7Ce2dcbdf2d5ff46fb471f08de20a42e75%7Ccb72c54e4a314d9eb14a1ea36dfac94c%7C0%7C0%7C638984086688992214%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=xorAc7Mvb%2Fs%2BuQcF%2FUvl0f3D8raudK6nbOIwxym6iGY%3D&reserved=0
> >
> Book time to meet with me<
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Foutlook.office.com%2Fbookwithme%2Fuser%2F0fbab27c909e4493be65313bd66d66b6%40upei.ca%3Fanonymous%26ismsaljsauthenabled%26ep%3DbwmEmailSignature&data=05%7C02%7Czhaneille.green%40duke.edu%7Ce2dcbdf2d5ff46fb471f08de20a42e75%7Ccb72c54e4a314d9eb14a1ea36dfac94c%7C0%7C0%7C638984086689008178%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=6lnSSEgzM2fGnZO5rsJS%2FDm7YvLV6MXuHgBeSEBQBj8%3D&reserved=0
> <https://outlook.office.com/bookwithme/user/0fbab27c909e4493be65313bd66d66b6@upei.ca?anonymous&ismsaljsauthenabled&ep=bwmEmailSignature>
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.eril-l.org%2Fpipermail%2Feril-l-eril-l.org%2Fattachments%2F20251110%2F933c4afc%2Fattachment-0001.htm&data=05%7C02%7Czhaneille.green%40duke.edu%7Ce2dcbdf2d5ff46fb471f08de20a42e75%7Ccb72c54e4a314d9eb14a1ea36dfac94c%7C0%7C0%7C638984086689024305%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=yhgYq%2BUN6c68j5gVA0ZYL5kTw0lRDcaTEy3gSIAY9FY%3D&reserved=0
> <http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20251110/933c4afc/attachment-0001.htm>
> >
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: Outlook-2xolgfbd.png
> Type: image/png
> Size: 528 bytes
> Desc: Outlook-2xolgfbd.png
> URL: <
> https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.eril-l.org%2Fpipermail%2Feril-l-eril-l.org%2Fattachments%2F20251110%2F933c4afc%2Fattachment-0001.png&data=05%7C02%7Czhaneille.green%40duke.edu%7Ce2dcbdf2d5ff46fb471f08de20a42e75%7Ccb72c54e4a314d9eb14a1ea36dfac94c%7C0%7C0%7C638984086689044840%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=vMIeDNkXKiTVqk5MBekzyEIuVXRmxhgZ0EMdoa53qrI%3D&reserved=0
> <http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20251110/933c4afc/attachment-0001.png>
> >
>
> ------------------------------
>
> Message: 2
> Date: Mon, 10 Nov 2025 16:29:04 +0000
> From: Electronic Resources in Libraries discussion list
> <eril-l at lists.eril-l.org>
> To: Electronic Resources in Libraries discussion list
> <eril-l at lists.eril-l.org>
> Subject: Re: [Eril-l] SSO/SAML and attributes vendors want but maybe
> don't need? data grab?
> Message-ID:
> <mailman.814.1762792210.464759.eril-l-eril-l.org at lists.eril-l.org>
> Content-Type: text/plain; charset="utf-8"
>
> Many library workers do not understand that it is the library/university
> that controls the SSO attribute set that is released to the vendor. Our
> Cornell Library default SSO attribute set are these, none of which include
> name:
>
> EduPersonAffiliation
> EduPersonOrgDN
> EduPersonEntitlement
> EduPersonPrimaryaffiliation
> EduPersonScopedAffiliation
> transitID
>
> If vendor says they need personal data we push back and ask them why they
> need it for the service to function. Ideally these negotiations happen
> before the license is signed. We have a good working relationship with
> campus identity management unit. We did a presentation last spring that
> describes some of our efforts to protect readers.
>
> Raub, Emma, Jesse Koennecke, and Adam Chandler. ?Cookies & PII: Baking:
> Values into Library Privacy.? Electronic Resources & Libraries 2025,
> Austin, TX, March 24, 2025.
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhdl.handle.net%2F1813%2F116786&data=05%7C02%7Czhaneille.green%40duke.edu%7Ce2dcbdf2d5ff46fb471f08de20a42e75%7Ccb72c54e4a314d9eb14a1ea36dfac94c%7C0%7C0%7C638984086689065796%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=gk6qolswbAWaWpRgqZjMNjFRWg%2Fkwh3NyESmA2l2%2FlA%3D&reserved=0
> <https://hdl.handle.net/1813/116786>.
>
> I?m interested in hearing from others about their efforts to resist vendor
> moves to cash in on surveillance capitalism.
>
> Adam
>
> Adam Chandler
> Director, Automation, Assessment, and Post-Cataloging Services
> Library Technical Services
> Cornell University Library
>
>
> From: Eril-l <eril-l-bounces at lists.eril-l.org> On Behalf Of Electronic
> Resources in Libraries discussion list via Eril-l
> Sent: Monday, November 10, 2025 10:37 AM
> To: ERIL-L listserv <eril-l at lists.eril-l.org>
> Subject: [Eril-l] SSO/SAML and attributes vendors want but maybe don't
> need? data grab?
>
> Hi, all.
>
> I'm still trying to understand what the vendor movements away from IP
> authentication and especially for off-campus users mean, and have gotten
> some help from Gemini.
> UPEI belongs to the Canadian Access Federation (CAF), and we use MS Azure
> as our SSO system for our IdP.
>
> As I understand it, all our vendors need to know about our users is the
> same as what they knew about them when using ezproxy for off-campus access,
> which is that this user has authenticated as a UPEI valid user.
>
> According to a sample test I ran, our IdP doesn't send out any specific
> attributes, but it does tell the service provider that this person is a
> valid UPEI person and provides a persistent "name" code that is anonymized.
>
> Below is how Gemini explained it:
> So, while the service provider learned nothing about your personal
> identity (not your name, role, or email), it learned everything it needs to
> know about your institutional context.
> By accepting this SAML assertion, the service provider is implicitly
> saying: "I have received a digitally signed, unforgeable message from the
> official authentication authority for UPEI, and that authority vouches for
> the fact that they have successfully authenticated one of their valid
> users."
> This is the core of federated identity: authentication is handled entirely
> by the home institution. The service provider doesn't need to know who you
> are, only that UPEI has confirmed you are a legitimate member of its
> community.
>
> However, almost all of the library providers I have dealt with so far to
> configure SSO authentication have required us to take extra steps to
> provide them with more specific "attributes" like
> "eduPersonScopedAffiliation", and sometimes even PII (personally
> identifiable information) including first and last name and email address.
>
> The vendor could use that persistent "pseudonym" code allow this specific
> UPEI user to create whatever kind of personalized account services (eg
> saving searches) that vendor's platform has.
>
> So it seems to my suspicious mind that our vendors are taking advantage of
> the move towards SSO to get from us far more user-specific data than they
> actually need to provide the services we are paying for. They didn't have a
> problem for decades with providing their content to users who offered
> nothing more than our Ezproxy server's IP address. But suddenly they "need"
> PII to provide that same access?
>
> Is anyone/any library organization pushing back on this? What can we
> librarians do? Do we have to work with our IT depts to convince them to
> get their SAML/SSO providers (like Microsoft for Azure) to include more
> anonymizing options so we can send fake names and email addresses when our
> vendors demand them?
>
> I would guess that the European institutions have already been able to
> solve this, given the GDPR (which we in North America badly need too). How
> did you do it? What did you say to the vendors? Are there any "magic words"
> to get them to admit they don't need all those attributes they are
> demanding from us?
>
> Melissa Belvadi
> Collections Librarian
> University of Prince Edward Island
> mbelvadi at upei.ca<mailto:mbelvadi at upei.ca <mbelvadi at upei.ca>> 902-566-0581
> ORCID iD: 0000-0002-4433-0189
> my public calendar<
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Foutlook.office365.com%2Fowa%2Fcalendar%2F0fbab27c909e4493be65313bd66d66b6%40upei.ca%2F5fa60af92c6d451c9ddf90c0bb11e00f15552192987609852692%2Fcalendar.html&data=05%7C02%7Czhaneille.green%40duke.edu%7Ce2dcbdf2d5ff46fb471f08de20a42e75%7Ccb72c54e4a314d9eb14a1ea36dfac94c%7C0%7C0%7C638984086689088566%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=2pZ%2BWm3mXP%2FnGY9nnRwDutuBBCZFuMRmZ2dMco21sU4%3D&reserved=0
> <https://outlook.office365.com/owa/calendar/0fbab27c909e4493be65313bd66d66b6@upei.ca/5fa60af92c6d451c9ddf90c0bb11e00f15552192987609852692/calendar.html>
> >
> My pronouns are ????/???????
> My emails are sent during the hours that I work and I understand that you
> will respond during the hours that you work.
>
> Make an appointment: Use YouCanBookMe
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmbelvadi.youcanbook.me%2F&data=05%7C02%7Czhaneille.green%40duke.edu%7Ce2dcbdf2d5ff46fb471f08de20a42e75%7Ccb72c54e4a314d9eb14a1ea36dfac94c%7C0%7C0%7C638984086689109806%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=LcvvHFcm%2FiuxqvhyyAeLuMHdqD%2FFD2U9xlKx3Wryj8A%3D&reserved=0
> <https://mbelvadi.youcanbook.me/>
> or for other MS365 / Outlook users, including UPEI people:
> [cid:image001.png at 01DC5233.B6B5A6C0]<
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Foutlook.office.com%2Fbookwithme%2Fuser%2F0fbab27c909e4493be65313bd66d66b6%40upei.ca%3Fanonymous%26ismsaljsauthenabled%26ep%3DbwmEmailSignature&data=05%7C02%7Czhaneille.green%40duke.edu%7Ce2dcbdf2d5ff46fb471f08de20a42e75%7Ccb72c54e4a314d9eb14a1ea36dfac94c%7C0%7C0%7C638984086689125782%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=ysRExjFyXydiWx4FEg1fW2lXZUGy%2FGuPye7g3sil4Mc%3D&reserved=0
> >
> Book time to meet with me<
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Foutlook.office.com%2Fbookwithme%2Fuser%2F0fbab27c909e4493be65313bd66d66b6%40upei.ca%3Fanonymous%26ismsaljsauthenabled%26ep%3DbwmEmailSignature&data=05%7C02%7Czhaneille.green%40duke.edu%7Ce2dcbdf2d5ff46fb471f08de20a42e75%7Ccb72c54e4a314d9eb14a1ea36dfac94c%7C0%7C0%7C638984086689141991%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=WqSDYmpXrVx4NKbOxYwbAiIncIE1fI3nEcIHIxCphP0%3D&reserved=0
> <https://outlook.office.com/bookwithme/user/0fbab27c909e4493be65313bd66d66b6@upei.ca?anonymous&ismsaljsauthenabled&ep=bwmEmailSignature>
> >
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.eril-l.org%2Fpipermail%2Feril-l-eril-l.org%2Fattachments%2F20251110%2F56809055%2Fattachment-0001.htm&data=05%7C02%7Czhaneille.green%40duke.edu%7Ce2dcbdf2d5ff46fb471f08de20a42e75%7Ccb72c54e4a314d9eb14a1ea36dfac94c%7C0%7C0%7C638984086689157681%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=JHJqe77NuuqSXmsDtHGK7p3TatTNmZ9TpOquJwF%2BJ1Q%3D&reserved=0
> <http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20251110/56809055/attachment-0001.htm>
> >
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: image001.png
> Type: image/png
> Size: 528 bytes
> Desc: image001.png
> URL: <
> https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.eril-l.org%2Fpipermail%2Feril-l-eril-l.org%2Fattachments%2F20251110%2F56809055%2Fattachment-0001.png&data=05%7C02%7Czhaneille.green%40duke.edu%7Ce2dcbdf2d5ff46fb471f08de20a42e75%7Ccb72c54e4a314d9eb14a1ea36dfac94c%7C0%7C0%7C638984086689173212%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=YlWhahMp8e1m7JR%2FGdu8kR0e8sZetAP8TMv1K2ypt%2Fo%3D&reserved=0
> <http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20251110/56809055/attachment-0001.png>
> >
>
> ------------------------------
>
> Message: 3
> Date: Mon, 10 Nov 2025 16:48:07 +0000
> From: Electronic Resources in Libraries discussion list
> <eril-l at lists.eril-l.org>
> To: ERIL-L listserv <eril-l at lists.eril-l.org>
> Subject: Re: [Eril-l] SSO/SAML and attributes vendors want but maybe
> don't need? data grab?
> Message-ID:
> <mailman.825.1762793518.464758.eril-l-eril-l.org at lists.eril-l.org>
> Content-Type: text/plain; charset="utf-8"
>
> Hello. This was part of the impetus for my "Licensing Privacy" work. You
> can find all the white papers and related webinars here:
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpublish.illinois.edu%2Flicensingprivacy%2F&data=05%7C02%7Czhaneille.green%40duke.edu%7Ce2dcbdf2d5ff46fb471f08de20a42e75%7Ccb72c54e4a314d9eb14a1ea36dfac94c%7C0%7C0%7C638984086689190239%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=yC00V2g7M0AgRNncS%2BhmHoltHe3Q1zcffw%2BGWH3WHkk%3D&reserved=0
> <https://publish.illinois.edu/licensingprivacy/> Unfortunately, though
> there was a lot of interest, I'm not sure many libraries have privacy at
> the top of their priority stack. Lisa
>
>
> ____
>
>
>
> Lisa Janicke Hinchliffe
>
> Professor & Coordinator for Research Professional Development, University
> Library
>
> Affiliate Faculty, School of Information Sciences, Center for Social &
> Behavioral Science, European Union Center, & Center for Global Studies
>
> Library 434, University of Illinois, 1408 West Gregory Drive, Urbana,
> Illinois 61801
>
> ljanicke at illinois.edu<mailto:ljanicke at illinois.edu>, 217-333-1323 (v),
> 217-244-4358 (f)
>
>
>
> ________________________________
> From: Eril-l <eril-l-bounces at lists.eril-l.org> on behalf of Electronic
> Resources in Libraries discussion list via Eril-l <eril-l at lists.eril-l.org
> >
> Sent: Monday, November 10, 2025 9:37 AM
> To: ERIL-L listserv <eril-l at lists.eril-l.org>
> Subject: [Eril-l] SSO/SAML and attributes vendors want but maybe don't
> need? data grab?
>
> Hi, all.
>
> I'm still trying to understand what the vendor movements away from IP
> authentication and especially for off-campus users mean, and have gotten
> some help from Gemini.
> UPEI belongs to the Canadian Access Federation (CAF), and we use MS Azure
> as our SSO system for our IdP.
>
> As I understand it, all our vendors need to know about our users is the
> same as what they knew about them when using ezproxy for off-campus access,
> which is that this user has authenticated as a UPEI valid user.
>
> According to a sample test I ran, our IdP doesn't send out any specific
> attributes, but it does tell the service provider that this person is a
> valid UPEI person and provides a persistent "name" code that is anonymized.
>
> Below is how Gemini explained it:
> So, while the service provider learned nothing about your personal
> identity (not your name, role, or email), it learned everything it needs to
> know about your institutional context.
> By accepting this SAML assertion, the service provider is implicitly
> saying: "I have received a digitally signed, unforgeable message from the
> official authentication authority for UPEI, and that authority vouches for
> the fact that they have successfully authenticated one of their valid
> users."
> This is the core of federated identity: authentication is handled entirely
> by the home institution. The service provider doesn't need to know who you
> are, only that UPEI has confirmed you are a legitimate member of its
> community.
>
> However, almost all of the library providers I have dealt with so far to
> configure SSO authentication have required us to take extra steps to
> provide them with more specific "attributes" like
> "eduPersonScopedAffiliation", and sometimes even PII (personally
> identifiable information) including first and last name and email address.
>
> The vendor could use that persistent "pseudonym" code allow this specific
> UPEI user to create whatever kind of personalized account services (eg
> saving searches) that vendor's platform has.
>
> So it seems to my suspicious mind that our vendors are taking advantage of
> the move towards SSO to get from us far more user-specific data than they
> actually need to provide the services we are paying for. They didn't have a
> problem for decades with providing their content to users who offered
> nothing more than our Ezproxy server's IP address. But suddenly they "need"
> PII to provide that same access?
>
> Is anyone/any library organization pushing back on this? What can we
> librarians do? Do we have to work with our IT depts to convince them to
> get their SAML/SSO providers (like Microsoft for Azure) to include more
> anonymizing options so we can send fake names and email addresses when our
> vendors demand them?
>
> I would guess that the European institutions have already been able to
> solve this, given the GDPR (which we in North America badly need too). How
> did you do it? What did you say to the vendors? Are there any "magic words"
> to get them to admit they don't need all those attributes they are
> demanding from us?
>
> Melissa Belvadi
> Collections Librarian
> University of Prince Edward Island
> mbelvadi at upei.ca<mailto:mbelvadi at upei.ca <mbelvadi at upei.ca>> 902-566-0581
> ORCID iD: 0000-0002-4433-0189
> my public calendar<
> https://urldefense.com/v3/__https://outlook.office365.com/owa/calendar/0fbab27c909e4493be65313bd66d66b6@upei.ca/5fa60af92c6d451c9ddf90c0bb11e00f15552192987609852692/calendar.html__;!!DZ3fjg!-VRwLrVGNMHfCm7xFMjw34Hi3lP2qcO-At1crRZlVKanPqvHYPbtVoeuePR3_F0TTPuulaAGWR8ZIJj9AOThqro$
> >
> My pronouns are ????/???????
> My emails are sent during the hours that I work and I understand that you
> will respond during the hours that you work.
>
> Make an appointment: Use YouCanBookMe
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmbelvadi.youcanbook.me%2F&data=05%7C02%7Czhaneille.green%40duke.edu%7Ce2dcbdf2d5ff46fb471f08de20a42e75%7Ccb72c54e4a314d9eb14a1ea36dfac94c%7C0%7C0%7C638984086689207245%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=HeCdtSu34yM6kuiAmqhH2Oh7B0lYivPOKWVlJXWoAJ0%3D&reserved=0<https://urldefense.com/v3/__https://mbelvadi.youcanbook.me/__;!!DZ3fjg!-VRwLrVGNMHfCm7xFMjw34Hi3lP2qcO-At1crRZlVKanPqvHYPbtVoeuePR3_F0TTPuulaAGWR8ZIJj9BGAKrRk$>
> <https://mbelvadi.youcanbook.me/>
> or for other MS365 / Outlook users, including UPEI people:
> [cid:2d397b68-5ac1-4410-9e44-e6b36733a881]<
> https://urldefense.com/v3/__https://outlook.office.com/bookwithme/user/0fbab27c909e4493be65313bd66d66b6@upei.ca?anonymous&ismsaljsauthenabled&ep=bwmEmailSignature__;!!DZ3fjg!-VRwLrVGNMHfCm7xFMjw34Hi3lP2qcO-At1crRZlVKanPqvHYPbtVoeuePR3_F0TTPuulaAGWR8ZIJj9emOOpko$
> >
> Book time to meet with me<
> https://urldefense.com/v3/__https://outlook.office.com/bookwithme/user/0fbab27c909e4493be65313bd66d66b6@upei.ca?anonymous&ismsaljsauthenabled&ep=bwmEmailSignature__;!!DZ3fjg!-VRwLrVGNMHfCm7xFMjw34Hi3lP2qcO-At1crRZlVKanPqvHYPbtVoeuePR3_F0TTPuulaAGWR8ZIJj9emOOpko$
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.eril-l.org%2Fpipermail%2Feril-l-eril-l.org%2Fattachments%2F20251110%2F378342ff%2Fattachment-0001.htm&data=05%7C02%7Czhaneille.green%40duke.edu%7Ce2dcbdf2d5ff46fb471f08de20a42e75%7Ccb72c54e4a314d9eb14a1ea36dfac94c%7C0%7C0%7C638984086689222314%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=Q2M%2BAbg31egBi6%2BMz9BE7xQ4XcmpJgx5SgjlDwKzXso%3D&reserved=0
> <http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20251110/378342ff/attachment-0001.htm>
> >
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: Outlook-2xolgfbd.png
> Type: image/png
> Size: 528 bytes
> Desc: Outlook-2xolgfbd.png
> URL: <
> https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.eril-l.org%2Fpipermail%2Feril-l-eril-l.org%2Fattachments%2F20251110%2F378342ff%2Fattachment-0001.png&data=05%7C02%7Czhaneille.green%40duke.edu%7Ce2dcbdf2d5ff46fb471f08de20a42e75%7Ccb72c54e4a314d9eb14a1ea36dfac94c%7C0%7C0%7C638984086689238198%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=DFM6Np%2BVefJNLF2NgtJkupW7III9qb3Id3PRdQNwyQ4%3D&reserved=0
> <http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20251110/378342ff/attachment-0001.png>
> >
>
> ------------------------------
>
> Message: 4
> Date: Mon, 10 Nov 2025 16:24:55 -0400
> From: Electronic Resources in Libraries discussion list
> <eril-l at lists.eril-l.org>
> To: eril-l at lists.eril-l.org
> Subject: [Eril-l] Primary Research Group has published the Survey of
> Library Science Faculty: Developments in Library Science
> Curriculum,
> ISBN 979-8-88517-320-9
> Message-ID:
> <mailman.830.1762806442.464759.eril-l-eril-l.org at lists.eril-l.org>
> Content-Type: text/plain; charset="utf-8"
>
> This comprehensive study offers an in-depth look at how library science
> programs across the United States are evolving to meet emerging demand for
> new library science courses and curricula.
>
> *What?s Inside the Report?*
>
> Drawing on survey data from library science faculty at institutions of all
> ranks and sizes, the report explores current trends, challenges, and
> innovations in library science education. Readers will find:
>
> - Faculty perspectives on curriculum modernization, technology
> integration, and the balance between theory and practice.
> - Quantitative and qualitative insights into the ease of developing new
> courses, the demand for artificial intelligence (AI) content, and
> alignment
> with job market needs.
> - Breakdowns by institution type, enrollment, academic title, and more.
>
> *Five Key Findings from the Survey*
>
> 1. *Strong Demand for AI in Curricula*
> Nearly 80% of faculty support offering a basic course in artificial
> intelligence, with a sizable minority already implementing such courses.
> However, 64% believe current AI coverage is insufficient, signaling a major
> area for growth.
>
> 2. *Job Market Alignment Is a Priority*
> About 73% of respondents agree that library science curricula should more
> closely reflect professional requirements and job market demands,
> especially among mid-ranked programs and faculty teaching two courses.
>
> 3. *Skills Gaps in Programming and Management*
> Programming and management skills are notably under-emphasized, with 44% of
> faculty indicating that programming is not taught enough and a similar
> share expressing concern about management training.
>
> 4. *Experiential Learning and Technology Integration*
> Faculty across all tiers advocate for more hands-on, practice-based
> learning and greater integration of emerging technologies such as AI,
> blockchain, and cloud computing. Calls for curricular flexibility and
> modernization are widespread.
>
> 5. *Equity and Inclusion Content Is Polarized*
> While nearly half of respondents feel equity issues are covered ?about
> right,? views diverge sharply by institution type and political
> orientation, with some calling for more emphasis and others for less.
>
> *Availability*
>
> To view an excerpt and table of contents, follow this link:
>
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprimaryresearch.com%2FAddCart.aspx%3FReportID%3D866&data=05%7C02%7Czhaneille.green%40duke.edu%7Ce2dcbdf2d5ff46fb471f08de20a42e75%7Ccb72c54e4a314d9eb14a1ea36dfac94c%7C0%7C0%7C638984086689256467%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=e47wp9fBZo6OFWA4hxoszj%2BsiklWBBMsbehN0uv0I8Y%3D&reserved=0
> <https://primaryresearch.com/AddCart.aspx?ReportID=866>.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.eril-l.org%2Fpipermail%2Feril-l-eril-l.org%2Fattachments%2F20251110%2F90ed828a%2Fattachment-0001.htm&data=05%7C02%7Czhaneille.green%40duke.edu%7Ce2dcbdf2d5ff46fb471f08de20a42e75%7Ccb72c54e4a314d9eb14a1ea36dfac94c%7C0%7C0%7C638984086689271833%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=Xnw6EayT8lYhJHs%2FSrIdN%2FLa%2B3iA9EP2%2FW%2FXf8XRzxg%3D&reserved=0
> <http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20251110/90ed828a/attachment-0001.htm>
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> Eril-l mailing list
> Eril-l at lists.eril-l.org
> https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%
> 2Flists.eril-l.org
> %2Flistinfo.cgi%2Feril-l-eril-l.org&data=05%7C02%7Czhaneille.green%
> 40duke.edu
> %7Ce2dcbdf2d5ff46fb471f08de20a42e75%7Ccb72c54e4a314d9eb14a1ea36dfac94c%7C0%7C0%7C638984086689286669%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=kxiBbqKVWj2sHE0GMBmX7vP068DqdmaALhm%2F%2FcGwSF4%3D&reserved=0
>
>
> ------------------------------
>
> End of Eril-l Digest, Vol 132, Issue 7
> **************************************
> _______________________________________________
> Eril-l mailing list
> Eril-l at lists.eril-l.org
> http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20251112/2e882271/attachment.htm>
More information about the Eril-l
mailing list