A recent series of posts in The Scholarly Kitchen discussed the pros and cons of RA 21: Resource Access for the 21st Century. What is RA 21, and how does it relate to more familiar means of authentication?
The current norm for authentication used by academic institutions is IP authentication. If a researcher originates within the IP range associated with an institution, s/he is presumed to be associated with that institution and entitled to resources provided by that institution. For a non-technical explanation of how IP (and other authentication methods) work see Understanding federated identity, RA21 and other authentication methods.
RA21 is a joint NISO/STM initiative "aimed at optimizing protocols across key stakeholder groups,
with a goal of facilitating a seamless user experience for consumers of
scientific communication." (https://ra21.org/index.php/what-is-ra21/). The basic assumption of this initiative is that IP range based authentication no longer works for users of scholarly information. In place of IP authentication and proxy servers, use of a federated authentication model is proposed.
Hinchliffe and Schonfeld express concerns about patron privacy, which may be ameliorated by requirements of the EU General Data Protection Regulation (GDPR) scheduled for enforcement beginning in May 2018. Given some publisher's attempts to cover all aspects of scholarly work flow, would they be inclined to mine and monetize the information about a scholar's research patterns federated identity could generate? Additionally, access for walk-in users may also be an issue.
RA21 is hardly a done deal, but it certainly bears monitoring.
Hinchliffe, Lisa Janicke What will you do when they come for your proxy server?
Schonfeld, Roger C. Identity is everything
Carpenter, Todd A. Myth busting: five commonly held misconceptions about RA21 (and one rumor confirmed)