Wednesday, May 25, 2011

NISO Recommended Practice on SSO Authentication open for comments

NISO Recommended Practice on Single Sign-On Authentication Available for Public Comment Identifies Needed Improvements for Users Authenticating to Licensed Electronic Resources

NISO announces the availability of ESPReSSO: Establishing Suggested Practices Regarding Single Sign-On (NISO RP-11-201x) for public comment through June 22, 2011. ESPReSSO identifies practical solutions for improving the use of single sign-on authentication technologies to ensure a seamless experience for the user.

Currently a hybrid environment of authentication practices exists, including older methods of userid/password, IP authentication, or proxy servers along with newer federated authentication protocols such as Athens and Shibboleth.
This recommended practice identifies changes that can be made immediately to improve the authentication experience for the user, even in a hybrid situation, while encouraging both publishers/service providers and libraries to transition to the newer Security Assertion Markup Language (SAML)-based authentication, such as Shibboleth.

"With the growing use of mobile devices and remote access, the older authentication methods are not manageable for either the content provider or the library," explains Steve Carmody, IT Architect, Computing and Information Services, at Brown University and co-chair of the NISO ESPReSSO Working Group. "The ESPReSSO recommendations will help bridge the transition to more robust authentication methods that better match the needs of today's users and eliminate the need for multiple identities."

"Libraries are very concerned about protecting the privacy of their patrons," states Harry Kaplanian, Director of Technology, Serials Solutions, Inc., and co-chair of the NISO ESPReSSO Working Group. "These recommendations identify methods that can be used to maintain privacy while still offering users advanced functionality, such as saving searches between sessions."

"NISO is testing various methods for identifying issues in our community where NISO can provide leadership in developing solutions," states Todd Carpenter, Managing Director of NISO. "The ESPReSSO recommended practice is the first outcome of a Chair's Initiative project, where the NISO Board of Directors Chair (then Oliver Pesch from EBSCO Information Services) identifies a specific issue that would benefit from study and the development of a recommended practice or standard."

The draft Recommended Practice and an online comment form are available at: Publishers and distributors of licensed content as well as licensing organizations, such as libraries, are all encouraged to review and comment on the document.

Cynthia Hodgson
NISO Technical Editor Consultant
National Information Standards Organization
Phone: 301-654-2512

(Reposted from SERIALST list)

No comments: