Newsline December 2016

There are many positives associated with being a first mover in a particular market space, such as market leadership, strengthened client relationships, customer loyalty, and an opportunity to leapfrog competitors. Unfortunately, however, moving first often ties one to legacy approaches toward certain processes, an issue that is true of scholarly publishers and the authentication systems that are widely deployed in the library and publishing communities.

Libraries and publishers moved quickly to provide their patrons access to subscribed content via IP-address-based authentication systems. This made sense in the early days of the Internet, when most users connected through desktop computers that were hard-wired to campus networks. In the mid-to-late 1990s, few people had home connectivity, and even fewer used mobile devices or laptops connected to a remote network. Since then, transformations in connectivity, institutional collaborations, and mobile computing have greatly enhanced and complicated the ways in which users access content. These complications mean that users experience subscriber access via IP-based protocols that are unreliable and error prone, for reasons unknown to the users.

When it works, the user experience and simplicity of IP-based authentication makes accessing content seamless and simple, but the system is also rife with problems. IP addresses are easily spoofed. Also, because the initial IP ranges were far too inadequate for the eventual demand, ranges overlap and are often used as proxies for broader communities than originally designed, making the network horribly insecure. Many nefarious attackers have taken advantage of these vulnerabilities to pirate significant amounts of publisher content.

We find ourselves in an environment where an outdated, inappropriate solution forms the basis for providing content to millions of users at tens of thousands of institutions. The entire situation is untenable (it probably has been for years) and we need to address the issue at a broad scale.

A number of initiatives to advance more robust technologies to improve access control have found varying levels of success over the years. Any success is often most dependent on local institutional infrastructure. Also, not every content provider is equally prepared to provide access via methods that are not IP-based. Similarly, not every institution can support these other authentication methods. Finally, the user education issue, meaning the task of informing patrons how to gain access via more robust methods, has gotten short shrift.

It is about time that libraries and publishers move beyond IP-based authentication. A related effort begun within the STM Association of publishers earlier this year is gaining momentum, and NISO has been engaged in these conversations and is supporting the initiative. Realizing that this work needs to be a broad-based community effort, we are helping to bring library and vendor voices into the conversation. Two community meetings are planned this December, with additional opportunities for engagement lined up as well. Discussions are underway to find means to enhance participation and explore reasonable approaches. This multi-year effort will require participation from a variety of community members. A survey has launched to gain insight into organizational capabilities and interest in this endeavor. If you're interested in helping in these efforts, please respond via the survey. The community will need to establish bridges between institutional IT and content providers and nurture better relationships between patrons and providers.

NISO is a terrific venue to bring many of these players together in a mutually supportive way to combat these new security challenges. The work will require a great deal of trust and collaboration; qualities NISO brings to the table. We will have our work cut out for us in the coming year.

With this ambitious agenda, I hope you all have a wonderful holiday season and a productive start to your new year!

We appreciate your feedback and input on these future directions for our Organization and for the information distribution ecosystem.

With kindest regards,

Todd Carpenter

Executive Director