“Last year SeamlessAccess™, a joint initiative run by GÉANT, Internet2, NISO and STM, went into beta-mode. In light of the pandemic, that turned out to be very timely – as testified by implementers of the service seeing increases of 150% to 300% for this type of off-campus use. SeamlessAccess is based on federated identity management (FIM) and uses SAML as the underlying technology (Security Assertion Mark-up Language, an open standard designed for secure single sign-on). It offers a modern alternative to long-standing but less flexible and somewhat outmoded IP-based access solutions through a privacy-protecting, secure single sign-on service. Previous posts in The Scholarly Kitchen already gave an inside view on the benefits of federated access, shared data on huge growth in federated authentication at the start of the pandemic, and shone a light on the strategic benefits of identity management and federated authentication for scholarly publishers.
Recently, questions have been posed whether FIM and SAML are, in fact, as secure and privacy-safe as often claimed. In response, the project team behind SeamlessAccess explains why the answer is simply “Yes”….”
“SeamlessAccess — the main result of the work around RA21 — is currently in beta. The goal of SeamlessAccess is to allow people to log in to content purchased by their employer or institution no matter where they are, using a technology stack that achieves “an optimal balance between security and usability.” A big part of this is a reliance on the Security Assertion Markup Language (SAML)….”
“Accessing research through an institutional subscription using SAML authentication (Shibboleth and OpenAthens) is now more straightforward with the introduction of SeamlessAccess on Taylor & Francis Online.
SeamlessAccess automatically recognizes if you have previously logged into Taylor & Francis Online using Shibboleth or OpenAthens and presents your previously used institution as the first option, removing the need to manually search each and every time you want to access journal research articles.
The feature not only works on Taylor & Francis Online but follows you across all participating publisher platforms. So, if you have logged into your institution on another participating publishing platform and then switch to another also using SeamlessAccess, your institutional choice will be carried with you. This works even if you’re visiting a publisher platform for the first time….”
“JP: How do you see open scholarly infrastructure developing in the next few years?
CS: There are a number of fairly well-established open scholarly infrastructure organizations such as Crossref, ORCID, and DataCite, and we definitely need to look at how we can work more effectively together to deliver what I might call joined-up capabilities and joined-up experiences to our mutual users and members. So I think that’s one thing I’d like to see developed. But there are also lots of gaps.
We know that there’s huge interest in enabling scholars to represent their work in ways that are challenging because there still aren’t identifiers for every kind of research output, and there aren’t good taxonomies of every kind of contribution that research has made. I don’t necessarily think it’s ORCID’s role to take all of that on, but we can work with our fellow scholarly infrastructure initiatives to lay the path for other groups to come along and benefit from our collective experience. …
So I was involved in a set of very early discussions which led to the RA21 recommendations, and then in turn to SeamlessAccess, which is all about applying modern authentication technology to ease the problems researchers face with access to resources that their institutions have provided for them. This has a close tie-in with ORCID and CrossRef because it’s ultimately about getting some of these barriers out of the way so researchers can focus on doing the research without having to struggle with systems that aren’t joined up properly. Most recently, I’ve been working on an initiative called GetFTR which is about improving the user journey between all manner of tools and content discovery systems and authoritative published content.
I guess some people might say that these problems will diminish with the move to Open Access, but if you look at SeamlessAccess, it’s about improving access to many kinds of resources that researchers need and their institutions have to vouch that they should have access to, like shared research infrastructure and research collaboration tools. We know from researchers themselves that they really appreciate a lot less hassle dealing with usernames and passwords and access control, for all kinds of resources. So that’s really what SeamlessAccess is all about. It’s not done yet, but we’ve made some good progress in starting to solve that problem and make it easier….
But I think the most difficult and most satisfying milestone which kind of coincided with when I left the Board was when ORCID finally got to sustainability and financial break-even. The most challenging thing over the past decade has been finding a model that enabled us to provide a vast majority of ORCID services freely and openly, yet with enough support to sustain the organization. It’s so easy to underestimate just how difficult that is in the world of open infrastructure, and it was a great achievement for everyone—for the team, for founding Executive Director Laure Haak, and the Board to eventually get to that point after almost 10 years….”
“Given recent reporting in the press,1 it seems that the legitimacy and credibility of Sci-Hub is no longer a matter for debate. However, the challenge of how to address the continuing threat Sci-Hub poses to authors, societies, university presses, and other publishers reliant on the royalties derived from book sales and subscription income remains — and is connected to the much wider challenge of cybercrime….
Collectively, we have a responsibility to safeguard and manage a successful online researcher experience by ensuring institutional and individual access is enabled to high quality, licensed, peer reviewed publications; that data is protected; and entitlements from licensed institutions are safeguarded. For example, publishers and librarians worked together as part of the RA21 initiative, now called seamlessaccess.org, to make access to articles easier for researchers using their institutional logins when they are not on campus. As this becomes implemented across platforms and publishers, it will also negate the need for researchers to log in each time they move between publishers’ websites. …
One way that our community is looking to address and tackle these issues is through the Scholarly Networks Security Initiative (SNSI). …”
“Nick Fowler and Steven Inchcoombe introduce SNSI [Scholarly Networks Security Initiative], an initiative to solve the cyber challenges facing the scholarly communications industry
Last year the Washington Post and several other media outlets reported that the U.S. Department of Justice (DoJ) was investigating pirate website Sci-Hub….
Such activities threaten the scholarly communications ecosystem and the integrity of the academic record. Sci-Hub has no incentive to ensure the accuracy of the research articles being accessed, no incentive to ensure research meets ethical standards, and no incentive to retract or correct if issues arise.
As this issue goes beyond that of the illegal accessing of academic research, publishers cannot tackle it alone. We need to work with librarians, university network security officers and others responsible for cybersecurity in academic institutions which is why a new pan-publisher initiative has recently been set up with the purpose of encouraging exactly that. The Scholarly Networks Security Initiative brings together publishers and institutions to solve cyber challenges threatening the integrity of the scientific record, scholarly systems and the safety of personal data. The group will explore, for example, how the dangers related to Sci-Hub use can be included in information literacy and other library outreach programs….
Ultimately a combination of forces are needed to protect institutions from cyber-attacks and to ensure that researchers are presented with the best possible user experience, safe in the knowledge that the work they are accessing is correct, up to date and properly connected to the scientific record. Awareness of the damage Sci-Hub is inflicting on institutions and academia needs to be increased. Law enforcement efforts to address the site’s illegality need to be supported. And publishers need to continue making their platforms more interactive and interconnected so that our communities can access the research we publish how they want to. We need to demonstrate that Sci-Hub is not only harmful to the research community but that it is also redundant.”