Success stories in user engagement:

Slides:



Advertisements
Similar presentations
Accessing electronic journals from off- campus This causes lots of headaches, but dont despair, heres how to do it! (Please note – this presentation is.
Advertisements

State Portal Advisory Committee Kick-Off meeting 12 August 2010 Prepared by: Ivy Hoffman and George Bakolia.
Top Objectives: 1.Increase web traffic and exposure 2.Become definitive authority on Coffee 3.Increase sales to coffee centric Food Service Operators 4.Engage.
LGfL Update Stewart Duncan LGfL Technical Manager Ian Lehmann LGfL Operations Manager.
Holly Eggleston, UCSD Shibboleth and Library Resources InCommon Library/Shibboleth Project.
- NCSU project goals and requirements - Adoption Drivers - Current challenges and pain points - Identacor at NCSU - Identacor Features - NCSU Key Benefits.
1 Not So Strange Bedfellows: Information Standards For Librarians AND Publishers November 6, 2015.
Authentication in the information industry: the challenges Rob Scaysbrook, International Sales Manager
How To Run a Golf Tournament. As many of you know, hosting a charity golf tournament is no easy task. Between creating the day’s agenda, tracking down.
AP CSP: Identifying People with Data and The Cost of Free
COUNTER Code of Practice - an introduction to Release 4
WHY VIDEO SURVELLIANCE
Resource Access for the 21th Century a NISO-STM Initiative
Creating your online identity
2 March 2017 Jevgenija Sevcova, EIFL Programmes and events coordinator
PeerWise Student Instructions
Quality Assurance System Field Service Automation
eduTEAMS platform for collaboration Niels Van Dijk
Top 10 DevOps online Resources to learn Share & Practice by scmGalaxy
ENG 105i Writing in Business
of our Partners and Customers
Building the foundations for innovation
Marketplace & service catalog concepts, first design analysis
NEFA’S Online Learning Center
Academic partnerships Course Rep Training
WorldCat Public Interest Group
Resource Access for the 21th Century a NISO-STM Initiative
Vocabulary Big Data - “Big data is a broad term for datasets so large or complex that traditional data processing applications are inadequate.” Moore’s.
More leads, More enquiries, More sales
Introduction to Computers
South African Identity Federation
Microsoft 365 Business Customer Targeting 2/6/18
Developing Learning To teach learning skills schools have to identify the key skills they value. This presentation is to explain the key learning skills.
SOCIAL MEDIA MARKETING
Enterprise Content Management, Shared Services, & Contract Management
Case Closed: The Future of Legal Tech Has Already Been Decided According to Legal tech and Innovation experts Peter Sovall and Isabel Parker, we’ve got.
Tailor slide to customer industry/pain points
CrossXing Revised 6/30/16 HCB00480.
Cloud Connect Seamlessly
Notes for helpers Supporting everyone to tell their story
Teaching with Instructional Software
speakers Julia Wallace, Project director, RA21
End of Year Performance Review Meetings and objective setting for 2018/19 This briefing pack is designed to be used by line managers to brief their teams.
11/19/2018 4:38 AM Microsoft 365 Business Customer Targeting Janine Brittain - EXEED 2/6/18 © Microsoft Corporation. All rights reserved. MICROSOFT.
Automating Profitable Growth™
Standards For Collection Management ALCTS Webinar – October 7, 2014
Linking Users, Resources, & Data Driven Decisions with OpenAthens
IP Filtering is Obsolete Where do we go from here?
Social Media and Networking: What it is & why it’s important
Welcome to Naviance at Lowell High School
Automating Profitable Growth
Enterprise Content Management Prepared by: Rick Beck; Director, IT Application Services 09/21/2011 CHECO Fall 2011 Conference.
JSTOR as a Shibboleth Target
Academic Partnerships Course Rep Training University of Plymouth
Sr. Manager, Global Talent Acquisition
Introduction When searching for a new mattress, you have to make sure you know where to go to find the best one. The mattress you sleep on is going to.
Quality Assurance System Field Service Automation
Why CRM Doesn’t Work as Partner Management Software
Scott Thorne & Chuck Shubert
WHY VIDEO SURVELLIANCE
The Hub Innovation Program Evaluation Plan
Implementing Security in ASP.NET Core: Claims, Patterns, and Policies
Sales Training at the Point of Work
Automating Profitable Growth™
CORE 3: Unit 3 - Part D Change depends on…
Helpful Things To Know For Successful Digital Marketing Strategy Presented By:- Abhinav Shashtri.
Jeremy Grant Coordinator Better Identity Coalition
WORKSHOP Establish a Communication and Training Plan
Microsoft Virtual Academy
Advanced Tips and Tricks
Presentation transcript:

Success stories in user engagement: Resource Access in the 21st Century (RA21) Panelist: Heather Flanagan, RA21 Academic pilot coordinator   Online access to research and scholarly content is a wonder of the modern digital age. But with great power comes a wealth of complexity. Online access brings challenges around digital identity, around consent, and even around business models. The RA21 project is not trying to eat that entire elephant: our part is just the part where someone is trying to use a credential from their home organization, campus, or business to access content, and needs to actually find that organization in a list of (potentially) thousands of options. This is called the identity discovery problem. February 9, 2018

What is RA21? RA21: Resource Access for the 21st Century Joint initiative of the International Association of STM Publishers (STM) and the National Information Standards Organization (NISO) Aimed at optimizing access protocols across key stakeholder groups Corporate and university subscribers, libraries, software vendors, publishers, identity federation operators, etc. Purpose: To a facilitate seamless user experience beyond IP address recognition, supporting network security and user privacy RA21 is sponsored by an association of scholarly publishers (STM) and NISO, a US-based standards organization that focuses on information standards. The stakeholders involved include librarians, scholarly publishers, federation operators, and software vendors. And what we’re trying to get to is a world where a user’s access to content doesn’t depend on being on the correct network, but instead can be done from anywhere, without prior set up, and yet still supports individual privacy.

Why RA21? Simple access to content needs to be fixed, especially for off campus use: Scholarly content & services are increasingly being accessed from outside of corporate/campus networks Publisher pathways for providing off-network access has not kept pace with our experience as consumers (e.g. Google, Facebook, LinkedIn logins across multiple sites). When accessing publisher platforms off-network, fully entitled end users are turning to alternative resources (e.g. SciHub, etc.) because of ease of access. RA21 has been established as the first step in the journey towards replacing the now outdated IP based access & authentication model. Probably the most common way to legally access online content these days is via IP proxies or through physically being on a pre-approved network. This model worked fairly well in that short window of time when the Internet was becoming a thing, but working from airports and coffee shops was not. The American Chemical Society did some research to identify how much mobile traffic was coming to their sites, and you can see from the graph that it’s been a steadily increasing trend over time. 

RA21 Goals Recommend new solutions for access strategies beyond IP recognition in joint collaboration with software vendors, libraries, federation operators Test and improve solutions by organizing pilots in a variety of environments for the creation of best practice recommendations: Corporate Pilot Two Academic Pilots: Privacy Preserving Persistent WAYF (P3W) Pilot WAYF Cloud Pilot Pilots working together on: User experience and a reference UI Privacy and security issues RA21 as a project will not develop a specific technical solution or one industry-wide authentication platform RA21 is working under an assumption that we must replace IP address authorization models with the use of federated identity. Federated identity relies on agreements between a content provider and an identity provider, usually as part of a broader federation that brokers the trust between them and all other entities in the federation. This is a very tall order, and so our main focus is on the first technical step of the problem, that of the identity discovery process. We are working to come up with a set of best practices in that space, and are getting there by actually trying things out via pilot efforts that are testing different ideas. 

Currently off-campus access is complex, cumbersome, and not secure Current Situation Currently off-campus access is complex, cumbersome, and not secure Off-network access to scholarly content and services is managed via a confusing mix of VPN servers, Proxy servers, Shibboleth, library portals, etc. Inconsistent user experience across publisher platforms Cumbersome: multiple steps required (with hundreds of options offered at various points) Complex: pathways are not clear Not secure: hard to detect fraud, theft and leaks Let’s look a bit more at why we think the current world of IP address authorization is no longer viable. It is a model that works beautifully on the campus or enterprise network, but as soon as you leave that network, you’ve got some challenges.

Off-Campus Solutions VPN/Proxy Servers Of course, you could set up a VPN to make everything look like you’re on campus. VPNs, however, must to be set up in advance, and require a certain amount of technical savvy on the part of the user to configure. If you want your content now, and we have been well trained by today’s Internet to expect immediate gratification, this is a problem.

Off-Campus Solutions VPN/Proxy Device Pairing While not common, some vendors offer apps that let you pair specific devices with subscriptions. Again, something that needs to be done in advance and sometimes with some technical know how in order to access the content. 

Off-Campus Solutions VPN/Proxy Device Pairing Google’s Campus- Activated Subscriber Access (CASA) There is a project called CASA, coming out of Google, that remembers that a user has logged in on campus, and stores that information so that future off-campus website visits can continue to authorize access to Google Scholar content for up to a week. So, something that again must be done on campus first, and has the added quirk of only working for content accessed via Google Scholar. 

All Leverage Institutional IP Address Recognition Off-Campus Solutions VPN/Proxy Device Pairing CASA (Google) All Leverage Institutional IP Address Recognition All Require User Setup In Advance These are all options that require pre-configuration, and they all depend a certain amount on the IP address of the user. There are better ways that can retain a user’s privacy and work at any time, from anywhere.

RA21 User Experience “You have to start with the customer experience and work your way back to technology.” — Steve Jobs RA21 is coming at this with the user experience at the forefront of our minds. If the user’s find this too hard, we’ve failed.

RA21 User Experience RA21 seeks to follow the pattern emerging on consumer websites: And we have some tough acts to live up to. People are becoming quite familiar with federated login via consumer sites such as Google, LinkedIn, and Facebook. So, why not just use those? Because privacy is important, and you’re not going to get it with a consumer service. You _are_ their product.

Consumer Web – First Time User Experience Let’s look at an example. Doodle is a hugely useful service that let’s people vote on options; most often, it’s used to find meeting times. ** Let’s say you don’t want to create yet another account, and so rather than signing up with Doodle, you decide to continue with a Google account. ** And look, you have several Google accounts to choose from, great! 

Consumer Web – Subsequent Visits And now, on subsequent visits, Doodle knows who you are. 

Consumer Web – Privacy Concerns?? Doodle now knows some highly personal information about me: my name my picture, my email address In fact, they know your name, they know your email, they even know your avatar. The question you should ask yourself at this point is: why do they have to know all that about you? I would argue that they don’t.

RA21 UX Development Seeks to implement the same ease of use as found in consumer web examples, while still preserving user privacy. On Campus Typical Research Discovery Workflow RA21 is trying to duplicate the ease of authentication and access, but in a much more privacy preserving manner. ** Let’s look at a typical research workflow where a user is going to their favorite search site ** to research biodegradable fibers. If the user is on their campus or enterprise network, then poof! ** They have access to the content. And if they are not on campus, ** boo! They don’t have legal access so let’s all go to Sci-Hub. ** Fortunately, there is a legal option if we’re talking about federated identity. The user may authenticate to their home institution, in this example, The Ohio State University, an organization that happens to have subscriptions to all these publications.

RA21 UX Development Seeks to implement the same ease of use as found in consumer web examples, while still preserving user privacy. Typical Research Discovery Workflow Off Campus RA21 is trying to duplicate the ease of authentication and access, but in a much more privacy preserving manner. ** Let’s look at a typical research workflow where a user is going to their favorite search site ** to research biodegradable fibers. If the user is on their campus or enterprise network, then poof! ** They have access to the content. And if they are not on campus, ** boo! They don’t have legal access so let’s all go to Sci-Hub. ** Fortunately, there is a legal option if we’re talking about federated identity. The user may authenticate to their home institution, in this example, The Ohio State University, an organization that happens to have subscriptions to all these publications.

RA21 UX Development Seeks to implement the same ease of use as found in consumer web examples, while still preserving user privacy. Typical Research Discovery Workflow Off Campus RA21 is trying to duplicate the ease of authentication and access, but in a much more privacy preserving manner. ** Let’s look at a typical research workflow where a user is going to their favorite search site ** to research biodegradable fibers. If the user is on their campus or enterprise network, then poof! ** They have access to the content. And if they are not on campus, ** boo! They don’t have legal access so let’s all go to Sci-Hub. ** Fortunately, there is a legal option if we’re talking about federated identity. The user may authenticate to their home institution, in this example, The Ohio State University, an organization that happens to have subscriptions to all these publications.

Preserving Privacy User: 12345 Role: Student User: 56789 User: 55555 Publishers receive attributes about the user, not the user’s identity. Reporting: ChemStudent In a federated login scenario**, what is generally passed from the organization back to the content provider is information about the user (such as whether or not they were able to authenticate, and how they are affiliated with the university). **Sharing information like name and email is discouraged by the contractual agreements the content providers and the Identity Providers sign when they join a federation. **So, more information can be shared, but exactly what and how much is something that can be controlled by the institution, not by the content provider. 

Concerns Addressed around RA21 and Federated Identity IP authentication is inherently privacy persevering while federated authentication technologies are not Busted: Federated authentication can be privacy preserving, while some privacy regulations (e.g. GDPR) consider IP addresses as personally identifiable information. Proxy servers work just fine as a solution for off-campus access Busted: Proxy servers force individuals to start their research journey on an institutional portal rather than directly from their tool of choice (e.g. Google, PubMed). RA21 just wants to enable publishers to track users across each other’s platforms Busted: Cross-site tracking technology is decades old. The fact that publishers haven’t pursued this indicates there is limited, if any, commercial motivation to do so. RA21 creates yet another username and password Busted: RA21 leverages a user’s existing institutional credentials and does not require the creation of publisher-specific usernames and passwords. There is a lot of fear and doubt about federated identity services and about RA21 in particular. Concerns such as the belief that publishers will harvest any and all information possible for business and marketing purposes, or that this is really creating just another username and password for a person to have to deal with. Those concerns are understandable, but not an accurate reflection of what actually happens in this scenario.

Concerns Addressed around RA21 and Federated Identity (continued) RA21 is placing control of users’ identity in the hands of institutions and not the individuals themselves Plausible: RA21 seeks to validate that a user is a member of an institution's authorized user community. Doing so does not require that an institution reveal the identity of the user. However, it is possible that some campus/corporate identity systems may be configured to convey personal information to some service providers. RA21 seeks to eliminate IP-based access Confirmed: RA21 believes that federated authentication provides many advantages over IP-based access. The obvious starting point for RA21 is to improve a user’s experience while away from the campus/corporate network. We hypothesize that it will eventually become second nature for users to use their institutional credentials to access scholarly resources regardless of location. What is valid is that we are talking about information that the institution is authoritative for about the user, not about the user’s information, and so user consent is not really part of our discussion. What is also valid is that we would like to see federated identity become the thing that replaces IP-based authorization.

Rolling out RA21 Who does the work? Everybody! Content providers: will need changes to their web site and services to support federated login may be as simple as adding a URL, or may be in depth technical integrations Librarians: will need to be prepared to answer questions of their users and work with the central IT departments Identity providers and federation operators: will need to continue to build and strengthen the trust model of federation I expect another area of concern is: who is going to do this work? How would this roll out? Each stakeholder has a part of this: Content providers, be they publishers or vendors, will need to make changes to their web site and services to support federated login, and it may be as simple as adding a URL to planning for some very deep, technical integrations—we’re planning for a variety of levels here. Librarians will need to be prepared to answer questions of their users and—and this will be hard on many campuses—actually work with the central IT departments to be a part of the conversation on how they identity provider should behave and what information they should release.  Identity providers and federation operators have their own parts to play as well to build and strengthen the trust models that will make all this work and allow organizations confident that the right things are happening with respect to security and privacy.

Take aways: RA21 vs. IP-based Solutions No prior setup required (e.g., to configure a proxy/VPN server, pair a device, etc.). No disruption to the research discovery workflow. Ability for publishers to offer differentiated user experience or differentiated services based upon user attributes (not identity). Ability to block a single user account instead of an IP address, and offer more targeted information to campus security to investigate potentially compromised credentials. Ability to offer more granular usage reporting back to subscribers. So, for a quick summary regarding the expected outcomes of RA21: we will be proposing best practices that assume no prior set up required by the user, that assume the content providers can provide differentiated services based on information about a user and not the individual user’s personal information, that bad actors can be more easily identified through cooperation between the content provider and the identity provider, and that organizations can opt in to more granular usage reporting (by including an attribute with department billing codes, for example) - this would again be information owned by an institution about a user, but not the user’s personal information. 

Throughout RA21 and onwards RA21 Roadmap 2018 and onwards Q1 2018 Early outputs Position papers Q1-Q2 2018 Mid-term outputs Task Forces: UX; Security / privacy Pilots: Options for discovery; technology platforms Q2/ Q3 2018 Final Recommendations and open consultation (via NISO process) Q4 2018 and onwards Long Term outputs Creation of and involvement in Operational User Communities Throughout RA21 and onwards Ongoing outreach engagement across key stakeholder communities Beyond 2018: STM hands over the lead of the project to NISO for adoption and implementation by all stakeholders The goal is to have the best practices out for discussion by mid-year, and to have a final output by the end of 2018. Going forward, we expect to see organizations building operational services based on the RA21 best practices.

Outreach Activities ALA Midwinter - January 20-24, 2018 Denver CNI - December 2016, April 2017 STM - December 2016, July 2017, December 2017 SSP - May 2017 JISC - July 2017 AGLIN Forum - August 2017 SURF - September 2017 Utrecht Internet2 - October 2017 San Francisco Charleston Conference - November 10, 2017 UKSG - November 16, 2017 CCC - hosted webinar November 16, 2017 RA21 in the News Myth Busting: Five Commonly Held Misconceptions About RA21 (and One Rumor Confirmed) https://scholarlykitchen.sspnet.org/2018/02/07/myth-busting-five-commonly-held-misconceptions-ra21/ UKSG Insight – Opinion Pieces: “Easy access to the version of record (VoR) could help combat piracy: views from a publishing technologist” Author: Tasha Mellins-Cohen. 10 July 2017. Society for Scholarly Publishing – Scholarly Kitchen: “Failure to Deliver: Reaching Users in an Increasingly Mobile World” Author: Todd Carpenter. 15 June 2017. Library Learning Space: “RA21 and libraries” 16 May 2017. Index Data: “RA21 Project aims to ease remote access to licensed content” Author: Peter Murray. 19 December 2016. ALA Midwinter - January 20-24, 2018 Denver PSP - February 7-9, 2018 DC ER&L – March 6-8, 2018 Austin MLA Insights – March 6, 2018 Chicago ACS – March 18-22, 2018 New Orleans STM – April 24-26, 2018 Philadelphia MLA - May 18-23, 2018, Atlanta SLA – June 9-13, 2018 Baltimore If you’d like to learn more, we have a very active outreach committee that has planned for sessions at a wide variety of events. This kind of broad outreach, the broad cross-sector list of stakeholders, the global nature of the work, is what makes this a strong project and leads us towards success.

Visit: https://www.RA21.org Questions? Visit: https://www.RA21.org Contact: Julia Wallace Program Director Julia@RA21.org Heather Flanagan Pilot Coordinator Heather@RA21.org And if you’d like to talk directly to me or Julia Wallace, the program director, about the project, you can contact us at the addresses on the slide. We’d be happy to add you to the announce list, too.