<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Open Sans";
panose-1:2 11 6 6 3 5 4 2 2 4;}
@font-face
{font-family:"Helvetica Neue";}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.gmailsignatureprefix
{mso-style-name:gmail_signature_prefix;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Open Sans",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:540636596;
mso-list-template-ids:-1587120798;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-GB" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Open Sans",sans-serif;mso-fareast-language:EN-US">Judith,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Open Sans",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Open Sans",sans-serif;mso-fareast-language:EN-US">Some publishers have implemented Seamless Access. Essentially the publisher will issue a cookie token which will provide short term access in future
after pairing the user with their institution. It is similar to Google CASA. Whether one has implemented OpenAthens, Shibboleth or another form of SSO, one should keep some form of OpenURL linking that will invoke an institutional SSO session. Generally, this
is easier with EZproxy than SAML. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Open Sans",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-bottom:7.5pt;background:white"><span style="font-size:12.0pt;font-family:"Open Sans",sans-serif;color:#333333">Kind regards</span><span style="font-family:"Open Sans",sans-serif;color:#333333">,</span><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:#333333"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:7.5pt;background:white"><b><span style="font-size:12.0pt;font-family:"Open Sans",sans-serif;color:#00325B">Dom Benson</span></b><span style="font-size:12.0pt;font-family:"Open Sans",sans-serif;color:#333333"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:7.5pt;background:white"><span style="font-size:12.0pt;font-family:"Open Sans",sans-serif;color:#00325B;background:white">Research Outputs Visibility Manager, </span><span style="font-size:12.0pt;font-family:"Open Sans",sans-serif;color:black;background:white"><a href="https://www.brunel.ac.uk/life/library/ORR" title="https://www.brunel.ac.uk/life/library/ORR">Open
Research & Rights Office</a></span><span style="font-size:12.0pt;font-family:"Open Sans",sans-serif;color:#333333"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:7.5pt;background:white"><span style="font-size:12.0pt;font-family:"Open Sans",sans-serif;color:#BE0F34;background:white">Library Services, Student & Academic Services Directorate</span><span style="font-size:12.0pt;font-family:"Open Sans",sans-serif;color:#333333"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:7.5pt;background:white"><span style="font-size:12.0pt;font-family:"Open Sans",sans-serif;color:#00325B">Brunel University London</span><span style="font-family:"Arial",sans-serif;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Open Sans",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Open Sans",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> Eril-l <eril-l-bounces@lists.eril-l.org>
<b>On Behalf Of </b>Electronic Resources in Libraries discussion list via Eril-l<br>
<b>Sent:</b> 22 May 2024 16:36<br>
<b>To:</b> Electronic Resources in Libraries discussion list <eril-l@lists.eril-l.org><br>
<b>Subject:</b> Re: [Eril-l] OpenAthens vs campus federated SSO?<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">I do not work closely with authentication and have had minimal experience with federated access. However, when I read "...we have had some vendors that we never worked with
<b>suddenly being able to authenticate through Canarie without either the library staff OR our IT staff doing anything at all</b> on our end" I wondered how you would restore access if you lost it. Who would you contact? Having Open Athens seems to mean that
you can contact Open Athens regarding loss of access. I would be suspicious of any access that appears miraculously and is unmonitored by the library or a service. It sounds like something hard to manage (especially if you have no other access like ezproxy
set up as a backup) in a crisis or even on a regular day. <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Judith<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="gmailsignatureprefix">--</span><o:p></o:p></p>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal">Judith Nagata (she/her)<o:p></o:p></p>
<div>
<p class="MsoNormal">Electronic Resources & Serials Librarian<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Dinand Library<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">College of the Holy Cross<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Worcester, MA 01610<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">p: 508-793-2639<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">e: <a href="mailto:jnagata@holycross.edu" target="_blank">jnagata@holycross.edu</a><o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On Wed, May 22, 2024 at 10:36 AM Electronic Resources in Libraries discussion list via Eril-l <<a href="mailto:eril-l@lists.eril-l.org">eril-l@lists.eril-l.org</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">Thanks for this. I am confused however about your first point. But first I probably need to distinguish between the "you" in "you'd still need to configure" being us library staff versus our campus
IT staff.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">We as in the library staff definitely do NOT have to maintain any kind of local idp instance. And while in the past we've had to involve our IT dept to do something (hidden from me) to work with
some vendors (I'm guessing that whatever they did is what you mean), we have had some vendors that we never worked with suddenly being able to authenticate through Canarie without either the library staff OR our IT staff doing anything at all on our end. In
fact, I only discovered some of these were working when I went through our list of every vendor from off campus to see what they'd offer me, and surprisingly found some doing SSO that I hadn't known about (and I would be the person at my library who would
know).<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">Your other points are definitely correct - we'll have to keep maintaining our ezproxy server for a long time as we have many smaller vendors who can barely manage IP authentication and aren't going
to offer SSO any time soon.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">But if we had money for OA, we could instead just switch from self-hosted to having OCLC do that work for us, which leads to a secondary question:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">For the IP authenticated vendors (setting aside the SAML/federated ones), is there anything about OA that is superior to the service that OCLC offers if one uses ezproxy hosted by them?<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">I haven't heard any comments or complaints about the branding issue, but I'll pay more attention to that, thanks again!<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div id="m_-3482291115391445746Signature">
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black;background:white">Melissa Belvadi</span><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="background:white"><span style="font-size:12.0pt;color:black"><a href="mailto:mbelvadi@upei.ca" target="_blank">mbelvadi@upei.ca</a><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">Make an appointment: <a href="https://mbelvadi.youcanbook.me/" target="_blank">https://mbelvadi.youcanbook.me/</a><o:p></o:p></span></p>
</div>
</div>
<div class="MsoNormal" align="center" style="text-align:center">
<hr size="3" width="98%" align="center">
</div>
<div id="m_-3482291115391445746divRplyFwdMsg">
<p class="MsoNormal"><b><span style="color:black">From:</span></b><span style="color:black"> Eril-l <<a href="mailto:eril-l-bounces@lists.eril-l.org" target="_blank">eril-l-bounces@lists.eril-l.org</a>> on behalf of Electronic Resources in Libraries discussion
list via Eril-l <<a href="mailto:eril-l@lists.eril-l.org" target="_blank">eril-l@lists.eril-l.org</a>><br>
<b>Sent:</b> Wednesday, May 22, 2024 11:13 AM<br>
<b>To:</b> <a href="mailto:eril-l@lists.eril-l.org" target="_blank">eril-l@lists.eril-l.org</a> <<a href="mailto:eril-l@lists.eril-l.org" target="_blank">eril-l@lists.eril-l.org</a>><br>
<b>Subject:</b> [Eril-l] OpenAthens vs campus federated SSO?</span> <o:p></o:p></p>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><br>
CAUTION: This email originated from outside of UPEI. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you are uncertain, please forward to
<a href="mailto:phishing@upei.ca" target="_blank">phishing@upei.ca</a> and delete this email.<br>
<br>
<br>
WARNING: The sender of this email could not be verified and may not match the person in the 'FROM' field. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you are uncertain, please forward to
<a href="mailto:phishing@upei.ca" target="_blank">phishing@upei.ca</a> and delete this email.<br>
<br>
<br>
Hi Melissa,<br>
<br>
I had the same question when my library was considering the jump to federated access. From my perspective and if I'm understanding correctly, three major issues come to mind:<br>
<br>
Even though you'd be authenticating via your institution's Shib to Canarie you'd still need to configure and maintain a local IdP instance for authorization to every SP (vendor or publisher) with whom you want to establish a trusted connection. OpenAthens
maintains almost 500 of these IdP configurations in its resource catalogue so all you have to do is allocate a resource and the connection is established since OpenAthens serves as our IdP. If one isn't available we simply contact EBSCO support who creates
one for us.<br>
<br>
A surprising number of publishers still don't support federated access, so for those that still use IP authentication you'd need to continue using EZproxy which means you'd have to maintain, support, and pay for dual authentication systems. OpenAthens is a
turnkey solution since IP-based and federated access are both supported in OpenAthens.<br>
<br>
This may be deemed a lesser issue, but typically Shib is maintained by your campus' IT shop, so if you're piggybacking on this you'd have to use whatever branding they have in place. You wouldn't be able to maintain consistent library branding and imagery
across your access points, which is important to our patron's user experience.<br>
<br>
I hope this helps clarify. Please feel free to contact me off-list if you'd like more detail. Best of luck!<br>
<br>
Regards,<br>
John<br>
<br>
__________________________________<br>
John Felts<br>
Head of Information Technology and Collections<br>
University Libraries / Coastal Carolina University<br>
376 University Boulevard<br>
Conway SC 29526<br>
843-349-5040<br>
<br>
<br>
------------------------------<br>
<br>
Message: 4<br>
Date: Tue, 21 May 2024 17:22:08 +0000<br>
From: Electronic Resources in Libraries discussion list<br>
<<a href="mailto:eril-l@lists.eril-l.org" target="_blank">eril-l@lists.eril-l.org</a>><br>
To: ERIL-L listserv <<a href="mailto:eril-l@lists.eril-l.org" target="_blank">eril-l@lists.eril-l.org</a>><br>
Subject: [Eril-l] OpenAthens vs campus federated SSO?<br>
Message-ID:<br>
<<a href="mailto:mailman.597.1716312135.1238482.eril-l-eril-l.org@lists.eril-l.org" target="_blank">mailman.597.1716312135.1238482.eril-l-eril-l.org@lists.eril-l.org</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Hi, all.<br>
We use ezproxy generally (self-hosted) but as our campus implemented first Shibboleth and is now moving this summer to Azure, and associated with the big Canadian SAML federation Canarie, we've been finding more and more major library content providers supporting
that kind of off-campus "login via your institution", some of which didn't even contact us to configure it, but just got up and running for us from the Canarie service.<br>
<br>
In light of that trend, I'm wondering what advantages there still are to using Open Athens (which I've been wanting to get for years but didn't have the budget or systems support for).<br>
<br>
If any of you have Open Athens and your campus also provides SSO through that kind of SAML service, can you please tell me what OA is doing for you that makes it still worth the cost?<br>
<br>
Melissa Belvadi<br>
Collections Librarian<br>
University of Prince Edward Island<br>
<a href="mailto:mbelvadi@upei.ca" target="_blank">mbelvadi@upei.ca</a><<a href="mailto:mbelvadi@upei.ca" target="_blank">mailto:mbelvadi@upei.ca</a>> 902-566-0581 ORCID iD: 0000-0002-4433-0189 my public calendar<<a href="https://outlook.office365.com/owa/calendar/0fbab27c909e4493be65313bd66d66b6@upei.ca/5fa60af92c6d451c9ddf90c0bb11e00f15552192987609852692/calendar.html" target="_blank">https://outlook.office365.com/owa/calendar/0fbab27c909e4493be65313bd66d66b6@upei.ca/5fa60af92c6d451c9ddf90c0bb11e00f15552192987609852692/calendar.html</a>><br>
Make an appointment<<a href="https://mbelvadi.youcanbook.me/" target="_blank">https://mbelvadi.youcanbook.me/</a>> via YouCanBookMe My pronouns are ????/???????<br>
My emails are sent during the hours that I work and I understand that you will respond during the hours that you work.<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20240521/41cbb8ce/attachment-0001.htm" target="_blank">http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20240521/41cbb8ce/attachment-0001.htm</a>><br>
<br>
******************************<br>
_______________________________________________<br>
Eril-l mailing list<br>
<a href="mailto:Eril-l@lists.eril-l.org" target="_blank">Eril-l@lists.eril-l.org</a><br>
<a href="http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org" target="_blank">http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org</a><o:p></o:p></p>
</div>
</div>
</div>
<p class="MsoNormal">_______________________________________________<br>
Eril-l mailing list<br>
<a href="mailto:Eril-l@lists.eril-l.org" target="_blank">Eril-l@lists.eril-l.org</a><br>
<a href="http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org" target="_blank">http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org</a><o:p></o:p></p>
</div>
</blockquote>
</div>
<p class="MsoNormal"><br clear="all">
<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</body>
</html>