Newsline, February 2019

Letter from the Executive Director

One of the key challenges in standards adoption is ensuring consistency in the use of the elements that are included in the specification across different providers and, occasionally, within a single provider.  Although some things included in specifications -- such as size, speed, or shape -- are hard to misunderstand or misapply, with information standards, these specifications are often less clear. There might be different reasons to provide dates in varied formats.  There might be legitimate reasons for marking up content in certain ways for specific purposes, or important reasons for describing a person or content in a certain way at different times.

One example of this problem in the NISO portfolio is our work on XML markup standards. There is a great deal of potential variation in how different companies use the ANSI/NISO JATS standard tags for marking up a production file, based on how their internal systems function and some basic assumptions about what information should be contained within those tags. These variances can create interoperability issues as similar tags are used for different purposes, or when different structures are used inconsistently.  Without getting too deeply into the technical weeds, this problem exists across a variety of standards, such as with both SIP and NCIP, with MARC and ONIX, and with accessibility markup.

To address this problem with JATS, NISO adopted the JATS4R community last fall and its recommendations regarding the application of the JATS standard are now being published as NISO Recommended Practices. The JATS4R community is developing a suite of recommendations that address numerous barriers to interoperability by tackling specific issues with the use of tagging structures using the JATS standard. Using XML, the same document component may be tagged several different ways and still be valid. However, for interchange systems to accurately identify and reuse elements of content across creators, distributors, and users, the documents must be tagged in a consistent, predictable way. Some examples of the specific issues JATS4R has addressed include recommendations on Data Availability StatementsDisplay Objects (such as figures, tables, boxes, and math)Citations, and Authors and Affiliations.

This distinction is also important with regard to a forthcoming Recommended Practice, the Resource Access in the 21st Century initiative (RA21).  At its core, the RA21 initiative is built around the desire to make access control via SAML-based identity management systems, like OpenAthens and Shibboleth, a more seamless process and one more closely aligned with the user-experience on common consumer web services.  RA21 is a joint initiative led by NISO and the International Association of STM Publishers that is developing a recommended practice and infrastructure to simplify connecting patrons to their institutional identity provider (IDP).

What is critically important in using SAML for library services is to understand the use of the attributes of the patron in the SAML data exchange.  SAML services can be used to provide a variety of online access-controlled services. The amount of data shared by the institution about the user is contextual and dependent on the service.  If the user is accessing a course-management service, it is important to know a lot about who the user is to provide the correct course details and services. In the library context, all that is required to facilitate access is for the institution to provide entitlement information as a token indicating the user is authorized to access the content. Although the RA21 service, which is simply a browser-based preference of which identity provider to connect a user with, does not share attributes or control which data is to be provided by the institution, the recommendation will provide guidance on limiting attributes to the minimal level necessary to facilitate access.

In this way, part of the RA21 recommendation will also address this broader issue of how best to comply with the recommendation, just like the JATS4R project is doing with tag use-or avoiding misuse-in JATS.  Failure to provide specific direction about JATS tag use can inhibit interoperability, which is the core reason to use JATS in the first place. Failure of organizations to limit attribute release to only those data that are absolutely necessary can create privacy threats for library patrons.  If the group does not provide guidance on how best to avoid these private-data leakages, it runs the risk of trust in the service eroding among librarians. It is important to note here that data provided in the RA21 SAML login experience is controlled by the institution, rather than controlled by what is requested by the publisher, so data management is governed by the institution. However, with most SAML implementations, these attribute release policies aren't controlled by the library.  It will take a concerted effort to communicate to the institutional IT staff that in the case of library services, far less data needs to be exchanged than other services.

It is important that along with the technical requirements of a standard or recommendations that this less formal guidance on implementation should also be provided to engender and maintain trust in the exchange.  For even with the best standard, if people's trust in how it is deployed begins to wane, then adoption too will diminish. In the end, a standard that is too broad is almost as useless as not having a standard at all.

With kindest regards,