Letter From the Executive Director (May 2019)

Over the years, some NISO projects garner widespread attention from the community, such as the NISO Open Discovery Initiative, the Supplemental Journal Article Materials (NISO/NFAIS) recommendations, the NISO Alternative Assessments Metrics (Altmetrics) Initiative, or the NISO Privacy Principles project.  This is not to say the other projects haven’t had significant impact, but most have had a subtler or less contentious development effort.  Recently, the RA21: Resource Access for the 21st Century project has caught the attention of the broader community.  NISO is now in the midst of a 30-day public comment period for the draft recommended practice.

At its heart, the RA21 project is simply about improving the user experience of using single-sign-on (SSO) systems.  These SSO systems have existed for nearly two decades and have seen broad adoption outside of the context of library resources, although many institutions have used SSO for library resources and services.  SSO is a process of using federated identity systems and the SAML standard for exchanging user attribute information. 

About ten years ago, NISO launched the ESPReSSO project, which was subsequently published in 2011.  The goal of that initiative was to “explore practical solutions for improving the success of SSO authentication technologies for providing a seamless experience for the user and make recommendations for promoting the adoption of one or more of these solutions to make the access improvements a reality.”  That project provided guidance for publishers on making consistent links to the identity management services.  Moving this project forward a decade ago didn’t cause an uproar or any push-back, but rather was met with support and encouragement from the library community.  In essence, RA21 is now seeking to achieve the same goal using the same technology.

With ESPReSSO, the challenge of identifying a user’s institutional affiliation—the “Where Are You From” (WAYF) problem—remained unsolved.  Users were looking to find their institution, not the name of their institution’s identity federation, which most users wouldn’t recognize.  RA21 moves forward on the ESPReSSO recommendations by seeking to solve this problem with a simple user-facing button, and browser-based storage of the user’s institutional affiliation.  The first time a user visits an institutional login, that preference for the applicable institution is stored in the browser’s local storage.  Using JavaScript, the button is then rendered with the user’s institutional affiliation: “Sign in with <the name of your institution>” as the page is presented to the user.  The RA21 service will not store any login information or personally identifiable information, only the institutional login page preference, and all of this information is stored locally on the user’s device.  The information about the user that is shared with the publisher can be completely anonymous; RA21 will function with only the user’s institutional affiliation attribute.  If additional attribute information is shared, the amount of data shared will be completely within the control of the institution, but only with a pseudonymous user ID, so as to protect the user’s privacy.

NISO hosted an open web conference discussion about the draft yesterday, April 30, 2019.  A recording of the session is freely accessible here if you weren’t able to attend.  Please note that the public comment period is open until May 17, 2019, so please submit your comments on the draft in before the deadline via this page on the NISO website.

I’d like to add two additional comments regarding this initiative.  First, I want to thank the dozens of people who have participated in the project.  Of course, I am grateful to the chairs, Chris Shillum (Elsevier) and Ralph Youngen (ACS), and the two project managers, Julia Wallace and Heather Flannigan.  Beyond them, all of the members of the privacy and security working group, the steering group, and the outreach group also deserve our thanks. 

Additionally, I’m pleased that the group has been relatively prompt with its development process.  We expect that the project will have moved from conception and through consideration of pilot technology, drafting, public comments, and publication within about 32 months, or just over two and a half years.  I’m pleased when standards development projects can be measured in months rather than years, so we appreciate that the team has invested their time and experience in pushing the project forward.

I hope you all take a look at the recommendation and provide your feedback.  Community involvement and reaction is an important part of the process, which we greatly appreciate.

Sincerely,

Todd Carpenter
Executive Director, NISO