Skip to main content
Providers Investing in Identity and Access Management

Providers Investing in Identity and Access Management

May 2019

A couple of big changes in institutional access to online resources are underway.  Both of them have been in the works for many years but are now reaching tipping points that will make them unavoidable in the foreseeable future.  Both will require service providers to invest in upgrading their identity and access management.  But one represents a fundamental shift in approach with major benefits to users, while the other is an unavoidable upgrade to a traditional approach that is starting to lose its lustre.

In case you’re not up to date on the changing world of identity and access, here’s why it’s time to sit up and listen.

First, the unavoidable upgrade

Many of you may be aware that we’ve been running out of IP addresses for quite a few years thanks to the massive growth in devices connected to the internet.  Most of the IP addresses we use today are from an older version of the Internet Protocol called IPv4 that uses the familiar four sets of one-to-three numbers. Even though this protocol supports 3.4 billion devices, we’ve technically already run out of unique addresses and are currently trading on existing ones.

Handily, the latest version of the internet protocol is called IPv6 and supports approximately 340 trillion trillion unique addresses (yes, that duplication was deliberate!).  However, it also requires much longer numbers – in technical terms, 128-bit characters rather than today’s existing 32-bit characters. This means that your existing software for authenticating IP addresses will need to be upgraded to support the new, longer IPv6 addresses. According to Google, almost 25% of internet users now access over IPv6 addresses, so we’re close to the tipping point where organizations will start to migrate en masse i.e. it’s a change you need to start planning for now.

Then, the fundamental shift

However, there’s a far more fundamental change in the air which is the move away from IP address authentication towards Single Sign-On (SSO).  You’ll already be familiar with this trend in your personal life – you probably use SSO solutions like Facebook, Google, or LinkedIn multiple times a day to access apps on your mobile device.  They’re easier than remembering individual passwords and enable you to access a more personalized and engaging online experience.

Well, the knowledge industry is also starting to shift more significantly towards the use of SSO.  In comparison to IP authentication, it gives institutional users a secure and privacy-preserving method of authenticating access to online resources while still benefiting from a personalized experience.  However, until recently, there was a big gap in this promise of seamless access – the need to identify your institution.  Users moving from one resource to another had to repeatedly select which institution to authenticate through – creating additional access friction for each resource that can deter usage.

Thankfully, a joint NISO and STM initiative called Resource Access in the 21st Century, or RA21 , has figured out a solution and their recommendations were recently published as a draft Recommended Practice.  Their main recommendation is the creation of a lightweight, central service that will allow publishers to find out which organization a user last selected when authenticating by Federated Single Sign-On, allowing them to skip the WAYF page and instead present them with a one-click option to access a resource via that institution. If the user already has an active session with their home organization, there is no need to re-verify credentials and access will be immediate and seamless.

What does this shift demand of publishers and content platforms?

As an example, one might look at a recently announced partnership. Emerald Publishing is partnering with identity and access management specialists LibLynx in developing their new Emerald Insight digital research platform. 

As a publisher, Emerald offers over 300 journals, more than 2,500 books and over 1,500 case studies, via a dedicated research platform.

Their overriding goal was to make the user experience easier and more enjoyable and they recognized that the broad range of authentication technologies and business models they needed to support, covering both paid and open access content, had a major impact on ease of access.  Emerald wanted a unifying solution that could simplify their architecture while still delivering the flexibility needed to optimize for usability.

LibLynx will be powering authentication and identity management across a broad range of use cases. “You don’t often get the opportunity to engineer a completely new access experience from the ground up, and we’ve really enjoyed working with Emerald on this ambitious project” said Tim Lloyd, CEO of LibLynx. His firm began working on the implementation in late 2017, working closely with Emerald’s project team and their software development partners, 67 Bricks.  The new platform experience is expected to be available to users by July of 2019.

LibLynx’s authentication API provides Emerald with a standardized method for confirming a user’s identity and/or institutional affiliation that is independent of customer type, platform technology, and the authentication methods required.  A suite of supporting tools make it easy for Emerald’s existing customer and rights management systems to seamlessly integrate into LibLynx, allowing for high levels of automation and simplifying customer support workflows.

What’s the take-away?

Doing research, pursuing an investigative train of thought, even writing a simple term paper – these activities demand the use of multiple information resources. Licensed content requires properly authenticated access, but not at the expense of a user’s time and attention.  The move towards Single-Sign-On should be viewed as a plus for busy students, faculty and other research professionals. Publishers, such as Emerald, and micro-service providers, such as Liblynx, are working to provide a simplified authentication solution for institutional libraries and thereby enable smoother access for thousands of library patrons.