<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div class="elementToProof" style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
I would contact the vendor's support of course, just like I would do now with IP authentication. How far does OA get involved in mediating lost access between a library and a vendor? I would expect the first step would always be to make sure you paid the latest
invoice and the vendor received it which I can't imagine OA being involved in. Pretty much every time we lose access to something we paid for, it has nothing to do with our authentication system and is always about the vendor somehow messing up their record
of our being a customer in good standing. I suppose if you do a major change of SSO systems, like we're about to change from Shibboleth to Azure, it would be easier to have OA handle it than have to check with every vendor that was configured for the old
idp, but that's probably a once-in-a-decade type of change.</div>
<div class="elementToProof" style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div id="Signature">
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span style="background-color: rgb(255, 255, 255);">Melissa Belvadi</span></div>
<div style="text-align: left; background-color: rgb(255, 255, 255); font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
mbelvadi@upei.ca</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Make an appointment: https://mbelvadi.youcanbook.me/</div>
</div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Eril-l <eril-l-bounces@lists.eril-l.org> on behalf of Electronic Resources in Libraries discussion list via Eril-l <eril-l@lists.eril-l.org><br>
<b>Sent:</b> Wednesday, May 22, 2024 12:35 PM<br>
<b>To:</b> Electronic Resources in Libraries discussion list <eril-l@lists.eril-l.org><br>
<b>Subject:</b> Re: [Eril-l] OpenAthens vs campus federated SSO?</font>
<div> </div>
</div>
<div><br>
<div style="background-color:#ffe599; padding:10px; margin-left:0px; margin-right:0px">
<span style="font-size:9pt; font-family:Arial,sans-serif; color:#17202A"><b>CAUTION:</b></span>
<span style="font-size:9pt; line-height:10pt; font-family:Arial,sans-serif; color:#17202A">
This email originated from outside of UPEI. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you are uncertain, please forward to phishing@upei.ca and delete this email.
<p></p>
</span></div>
<br>
<div><br>
<div style="background-color:#ff9999; padding:10px; margin-left:0px; margin-right:0px">
<span style="font-size:9pt; font-family:Arial,sans-serif; color:#17202A"><b>WARNING:</b></span>
<span style="font-size:9pt; line-height:10pt; font-family:Arial,sans-serif; color:#17202A">
The sender of this email could not be verified and may not match the person in the 'FROM' field. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you are uncertain, please forward to phishing@upei.ca and
delete this email.
<p></p>
</span></div>
<br>
<div>
<div dir="ltr">
<div dir="ltr">I do not work closely with authentication and have had minimal experience with federated access. However, when I read "...we have had some vendors that we never worked with
<b>suddenly being able to authenticate through Canarie without either the library staff OR our IT staff doing anything at all</b> on our end" I wondered how you would restore access if you lost it. Who would you contact? Having Open Athens seems to mean that
you can contact Open Athens regarding loss of access. I would be suspicious of any access that appears miraculously and is unmonitored by the library or a service. It sounds like something hard to manage (especially if you have no other access like ezproxy
set up as a backup) in a crisis or even on a regular day.
<div><br>
</div>
<div>Judith</div>
<div><br>
</div>
<div><span class="x_gmail_signature_prefix">--</span><br>
<div dir="ltr" class="x_gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">Judith Nagata (she/her)
<div>Electronic Resources & Serials Librarian</div>
<div>Dinand Library</div>
<div>College of the Holy Cross</div>
<div>Worcester, MA 01610</div>
<div>p: 508-793-2639</div>
<div>e: <a href="mailto:jnagata@holycross.edu" target="_blank">jnagata@holycross.edu</a></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="x_gmail_quote">
<div dir="ltr" class="x_gmail_attr">On Wed, May 22, 2024 at 10:36 AM Electronic Resources in Libraries discussion list via Eril-l <<a href="mailto:eril-l@lists.eril-l.org">eril-l@lists.eril-l.org</a>> wrote:<br>
</div>
<blockquote class="x_gmail_quote" style="margin:0px 0px 0px 0.8ex; border-left:1px solid rgb(204,204,204); padding-left:1ex">
<div class="x_msg-3482291115391445746">
<div dir="ltr">
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Thanks for this. I am confused however about your first point. But first I probably need to distinguish between the "you" in "you'd still need to configure" being us library staff versus our campus IT staff.</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
We as in the library staff definitely do NOT have to maintain any kind of local idp instance. And while in the past we've had to involve our IT dept to do something (hidden from me) to work with some vendors (I'm guessing that whatever they did is what you
mean), we have had some vendors that we never worked with suddenly being able to authenticate through Canarie without either the library staff OR our IT staff doing anything at all on our end. In fact, I only discovered some of these were working when I went
through our list of every vendor from off campus to see what they'd offer me, and surprisingly found some doing SSO that I hadn't known about (and I would be the person at my library who would know).</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Your other points are definitely correct - we'll have to keep maintaining our ezproxy server for a long time as we have many smaller vendors who can barely manage IP authentication and aren't going to offer SSO any time soon.</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
But if we had money for OA, we could instead just switch from self-hosted to having OCLC do that work for us, which leads to a secondary question:</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
For the IP authenticated vendors (setting aside the SAML/federated ones), is there anything about OA that is superior to the service that OCLC offers if one uses ezproxy hosted by them?</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
I haven't heard any comments or complaints about the branding issue, but I'll pay more attention to that, thanks again!</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div id="x_m_-3482291115391445746Signature">
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span style="background-color:rgb(255,255,255)">Melissa Belvadi</span></div>
<div style="text-align:left; background-color:rgb(255,255,255); font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<a href="mailto:mbelvadi@upei.ca" target="_blank">mbelvadi@upei.ca</a></div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Make an appointment: <a href="https://mbelvadi.youcanbook.me/" target="_blank">https://mbelvadi.youcanbook.me/</a></div>
</div>
<div id="x_m_-3482291115391445746appendonsend"></div>
<hr style="display:inline-block; width:98%">
<div id="x_m_-3482291115391445746divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> Eril-l <<a href="mailto:eril-l-bounces@lists.eril-l.org" target="_blank">eril-l-bounces@lists.eril-l.org</a>> on behalf
of Electronic Resources in Libraries discussion list via Eril-l <<a href="mailto:eril-l@lists.eril-l.org" target="_blank">eril-l@lists.eril-l.org</a>><br>
<b>Sent:</b> Wednesday, May 22, 2024 11:13 AM<br>
<b>To:</b> <a href="mailto:eril-l@lists.eril-l.org" target="_blank">eril-l@lists.eril-l.org</a> <<a href="mailto:eril-l@lists.eril-l.org" target="_blank">eril-l@lists.eril-l.org</a>><br>
<b>Subject:</b> [Eril-l] OpenAthens vs campus federated SSO?</font>
<div> </div>
</div>
<div><font size="2"><span style="font-size:11pt">
<div><br>
CAUTION: This email originated from outside of UPEI. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you are uncertain, please forward to
<a href="mailto:phishing@upei.ca" target="_blank">phishing@upei.ca</a> and delete this email.<br>
<br>
<br>
WARNING: The sender of this email could not be verified and may not match the person in the 'FROM' field. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you are uncertain, please forward to
<a href="mailto:phishing@upei.ca" target="_blank">phishing@upei.ca</a> and delete this email.<br>
<br>
<br>
Hi Melissa,<br>
<br>
I had the same question when my library was considering the jump to federated access. From my perspective and if I'm understanding correctly, three major issues come to mind:<br>
<br>
Even though you'd be authenticating via your institution's Shib to Canarie you'd still need to configure and maintain a local IdP instance for authorization to every SP (vendor or publisher) with whom you want to establish a trusted connection. OpenAthens
maintains almost 500 of these IdP configurations in its resource catalogue so all you have to do is allocate a resource and the connection is established since OpenAthens serves as our IdP. If one isn't available we simply contact EBSCO support who creates
one for us.<br>
<br>
A surprising number of publishers still don't support federated access, so for those that still use IP authentication you'd need to continue using EZproxy which means you'd have to maintain, support, and pay for dual authentication systems. OpenAthens is a
turnkey solution since IP-based and federated access are both supported in OpenAthens.<br>
<br>
This may be deemed a lesser issue, but typically Shib is maintained by your campus' IT shop, so if you're piggybacking on this you'd have to use whatever branding they have in place. You wouldn't be able to maintain consistent library branding and imagery
across your access points, which is important to our patron's user experience.<br>
<br>
I hope this helps clarify. Please feel free to contact me off-list if you'd like more detail. Best of luck!<br>
<br>
Regards,<br>
John<br>
<br>
__________________________________<br>
John Felts<br>
Head of Information Technology and Collections<br>
University Libraries / Coastal Carolina University<br>
376 University Boulevard<br>
Conway SC 29526<br>
843-349-5040<br>
<br>
<br>
------------------------------<br>
<br>
Message: 4<br>
Date: Tue, 21 May 2024 17:22:08 +0000<br>
From: Electronic Resources in Libraries discussion list<br>
<<a href="mailto:eril-l@lists.eril-l.org" target="_blank">eril-l@lists.eril-l.org</a>><br>
To: ERIL-L listserv <<a href="mailto:eril-l@lists.eril-l.org" target="_blank">eril-l@lists.eril-l.org</a>><br>
Subject: [Eril-l] OpenAthens vs campus federated SSO?<br>
Message-ID:<br>
<<a href="mailto:mailman.597.1716312135.1238482.eril-l-eril-l.org@lists.eril-l.org" target="_blank">mailman.597.1716312135.1238482.eril-l-eril-l.org@lists.eril-l.org</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Hi, all.<br>
We use ezproxy generally (self-hosted) but as our campus implemented first Shibboleth and is now moving this summer to Azure, and associated with the big Canadian SAML federation Canarie, we've been finding more and more major library content providers supporting
that kind of off-campus "login via your institution", some of which didn't even contact us to configure it, but just got up and running for us from the Canarie service.<br>
<br>
In light of that trend, I'm wondering what advantages there still are to using Open Athens (which I've been wanting to get for years but didn't have the budget or systems support for).<br>
<br>
If any of you have Open Athens and your campus also provides SSO through that kind of SAML service, can you please tell me what OA is doing for you that makes it still worth the cost?<br>
<br>
Melissa Belvadi<br>
Collections Librarian<br>
University of Prince Edward Island<br>
<a href="mailto:mbelvadi@upei.ca" target="_blank">mbelvadi@upei.ca</a><<a href="mailto:mbelvadi@upei.ca" target="_blank">mailto:mbelvadi@upei.ca</a>> 902-566-0581 ORCID iD: 0000-0002-4433-0189 my public calendar<<a href="https://outlook.office365.com/owa/calendar/0fbab27c909e4493be65313bd66d66b6@upei.ca/5fa60af92c6d451c9ddf90c0bb11e00f15552192987609852692/calendar.html" target="_blank">https://outlook.office365.com/owa/calendar/0fbab27c909e4493be65313bd66d66b6@upei.ca/5fa60af92c6d451c9ddf90c0bb11e00f15552192987609852692/calendar.html</a>><br>
Make an appointment<<a href="https://mbelvadi.youcanbook.me/" target="_blank">https://mbelvadi.youcanbook.me/</a>> via YouCanBookMe My pronouns are ????/???????<br>
My emails are sent during the hours that I work and I understand that you will respond during the hours that you work.<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20240521/41cbb8ce/attachment-0001.htm" target="_blank">http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20240521/41cbb8ce/attachment-0001.htm</a>><br>
<br>
******************************<br>
_______________________________________________<br>
Eril-l mailing list<br>
<a href="mailto:Eril-l@lists.eril-l.org" target="_blank">Eril-l@lists.eril-l.org</a><br>
<a href="http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org" target="_blank">http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org</a><br>
</div>
</span></font></div>
</div>
_______________________________________________<br>
Eril-l mailing list<br>
<a href="mailto:Eril-l@lists.eril-l.org" target="_blank">Eril-l@lists.eril-l.org</a><br>
<a href="http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org" rel="noreferrer" target="_blank">http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org</a><br>
</div>
</blockquote>
</div>
<br clear="all">
<div><br>
</div>
<br>
<div dir="ltr" class="x_gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr"></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>