Federated Identity Management for Libraries: Why and How

The European Open Science Cloud (EOSC) will build a trusted environment for open cross-disciplinary research in Europe. Millions of researchers, science and technology professionals will be able to use the EOSC, and they will be supported by libraries in their natural roles as champions of Open Science infrastructures and tools, promotors of best practices and coordinators of training.

Libraries will, however, need to provide more than training and support if they want to ensure that researchers can seamlessly access publications and data across disciplines and borders.

The availability of a trusted and robust Authentication and Authorisation Infrastructure (AAI) is essential for the sharing of services, resources and research outputs at the scale and level required by the EOSC. Libraries will therefore need to ensure that their research infrastructure resources and services are federated. This step towards AAI and Federated Identity Management (FIM) is every bit as important as the role libraries play in promoting Open Science.

The Benefits of Federated Identity Management

Federated Identity Management designates technologies and policies that allow researchers to access online resources with a single set of login credentials, provided and managed by their own institutions. For libraries, this means that a researcher belonging to an institution can use a manageable and scalable Single Sign-On (SSO) mechanism to access the e-resources to which the library subscribes.

Users have the great benefit that once they’ve found the e-resource they’re looking for — say an article in a journal or magazine — and have accessed it with their credentials, they don’t need other credentials when moving to other resources. They can access everything seamlessly and securely, from any place and via any device.

[dt_quote type=”pullquote” layout=”right” font_size=”big” size=”3”]SSO allows library authorities to accurately see which services are most popular with their users. This allows libraries to make informed decisions about how to spend their money to provide what people really want.[/dt_quote]Security, user-friendliness and scalability are important for libraries, as well as the protection of personal data, but there is another very important benefit for them. SSO allows library authorities to accurately see which services are most popular with their users. This allows libraries to make informed decisions about how to spend their money to provide what people really want.

SSO is widely available at many universities and research institutions in Europe and its reach has been extending to communities worldwide. However, there are still challenges that need addressing such as the number of institutions that are connected to national federations (and hence the users that have federated credentials), credentials translation services needed for users to access different type of services, different levels of trust in the credentials required by different services, and so on. The foundation of what’s needed to make all this infrastructure interoperable at the scale required by the EOSC is laid out in the blueprint architecture and guidelines produceed by AARC, an EU-funded project in which LIBER is participating.

Three Ways to Get Started

There are three ways for libraries to get started with Federated Identity Management.

1. University Libraries With Insitutional AAI – Where federated identity is managed by their university, research libraries can easily tap into their institutional AAI and offer SSO to their users.
2. Libraries With IT Resources But Without Institutional AAI – These libraries should become Identity Providers. This may be perceived as a technical challenge but there are many opportunities for them to obtain guidance and support. Within the AARC project, LIBER has produced a ‘Toolkit for Libraries’, which provides information on how to deploy federated access within libraries (even for resources that are still accessed via IP-based authentication) and explains how to enable SSO for library walk-in users.
3. Smaller Libraries – Libraries without significant IT resources at their disposal can take advantage of alternatives such as the Liberate-hosted SSO solution recently launched by Jisc in the UK. The service isn’t only for libraries but was piloted with Libraries Connected who, together with Jisc, commissioned also a very interesting piece of independent evaluation research. This is useful for decision makers at libraries to read.

With this growing set of resources, libraries have more and more reasons to make the leap towards Federated Identity Management. We hope that providing these sign-posts will help some to follow this path.