www.openathens.org
Authentication technology update: OpenAthens
Phil Leahy
Service Relationship Manager
www.openathens.org
Coming up
• The access management toolkit
• Security, privacy and personalisation
• What opportunities are new technologies bringing?
• How OpenAthens helps organisations and their content
provider suppliers
www.openathens.org
Helping over 2,200 organisations
in 48 countries, enable access to
hundreds of thousands of journals,
databases and ebooks for over
4 million end users.
www.openathens.org
The access management toolkit
• Vendor-supplied credentials
• Referral URLs
• IP recognition
• Peer-to-peer SAML connections
• Federated access management
www.openathens.org
Changing user requirements
• Mobile access
is key
• Personalisation is
expected
• Multiple devices are
used
www.openathens.org
Changing librarian requirements
• More tech services to manage
• Multiple tech services must integrate
• Monitor e-library engagement
www.openathens.org
What is local authentication?
• Uses existing usernames and passwords, typically held
in Active Directory
• Same account used for ‘local’ and external systems
• VLE
• Google Apps / Office 365
• OpenAthens
• Reduces administration
• Reduces user queries
www.openathens.org
Security is paramount
• Authentication within Federations uses SAML
• Data encryption comes as standard
• Individual level accountability
• Permission setting features – easier to comply with
restricted content licences
• Authentication servers monitored for misuse
www.openathens.org
Build against an API
• Log your users into the system based on credentials
stored in any system you can gain programmatic access
to
• Great when you cannot use other connection types
www.openathens.org
Connecting to SAML applications
• OpenAthens can interact with many Apps
• Better overall experience for end users
• ‘True’ single sign-on
www.openathens.org
Is user privacy at risk?
• SAML encrypts data by default…
• …but is that sufficient?
• personalisation requires that content providers know
something about a user…
• …what is acceptable?
3l3dfaspfr96k36vcsj6bjl6r8
https://twitter.com/lisalibrarian/status/927534622799548416
www.openathens.org
• Benefit from SAML without installing it
• OpenAthens Cloud offers the same benefits
• OpenID Connect is the hook…
• …but what is OpenID Connect?
OpenAthens Cloud
www.openathens.org
Federation standards
OpenID Connect
• Web-scale
• Modern, developer-
friendly
• Only implicit trust
SAML
• Enterprise
• Mid-2000s tech, hard to
adopt
• Scalable trust-network
www.openathens.org
Google Scholar CASA
“CASA builds on Google Scholar’s Subscriber Links program which provides direct links in the search interface to subscribed collections for on-campus users. With CASA, a researcher can start a literature survey on campus and resume where she left off once she is home, or travelling, with no hoops to jump through. Her subscribed collections are highlighted in Google Scholar searches and she is able to access articles in exactly the same way as on campus.”
Users must access on-campus at least every 30 days to maintain off-campus access.
https://home.heinonline.org/blog/2017/09/casa-en-nuestra-casa-casa-in-our-house/
www.openathens.org
BeyondCorp at Google
• Principles
• Connecting from a particular network must not determine
which services you can access.
• Access to services is granted based on what we know about
you and your device.
• All access to services must be authenticated, authorized and
encrypted.
https://cloud.google.com/beyondcorp/
www.openathens.org
Federation standards
OpenID Connect
• Web-scale
• Modern, developer-
friendly
• Only implicit trust
SAML
• Enterprise
• Mid-2000s tech, hard to
adopt
• Scalable trust-network
Convergence?
www.openathens.org
More information
What does it take to run an access management
federation?
http://bit.ly/2AWSUUz
OpenAthens Cloud uses OpenID Connect
http://bit.ly/2y3pZz6
www.openathens.org
Phil Leahy
OpenAthens Service Relationship Manager
+44 (0)1225 474302
Any questions?
What does it take to run an access management
federation?
http://bit.ly/2AWSUUz
OpenAthens Cloud uses OpenID Connect
http://bit.ly/2y3pZz6
ContactsJosh Howlett, Head of trust and identity, Jisc
Phil Leahy, OpenAthens Service Relationship Manager
Tasha Mellins-Cohen, Director of Publishing, Microbiology Society
Feel free to e-mail your questions and look out for the slides on
uksg.org/webinars/authentication