Open Athens
Search OpenAthens Open Athens

OpenAthens, Shibboleth, or Simply SAML?

Louise EagleBy Louise Eagle
Category - Blog

Tuesday 29th November 2016

The inaugural OpenAthens customer conference took place in November 2016, bringing together 120 individuals from across the information community. Key challenges and opportunities around the provision of access to knowledge were discussed.

This post is a digest of a round-table session led by Adam Snook, Pre-Sales Consultant and David Orrell, Systems Architect. It addressed many of the misconceptions surrounding terminology and user journeys for SAML-based access to content.

  • Is Shibboleth different to OpenAthens?
  • Pending legislation – the GDPR and what it means for system
  • Standardisation of SAML

Is Shibboleth different to OpenAthens?
Adam began the session by addressing the misconception that some librarians and publishers have: that OpenAthens isn’t compatible with Shibboleth for access and identity management. In fact, they are simply different terms referring to the same process: providing secure access between identity providers and service providers using SAML.

This can lead to a complex user experience – different publishers’ platforms include links for Shibboleth login, OpenAthens login, or both. This can prove unnecessarily confusing when a user is looking for the fastest possible route to content – particularly as OpenAthens can be used as a login pathway for any resource or system that has a SAML capability.

Pending legislation – the GDPR and what it means for systems
Related to the use of SAML to pass information about users between systems is the new GDPR legislation (organisations need to be compliant by May 2018).  This legislation sets out new rules for gathering, storing, and processing the personal data of users: companies must obtain users’ consent, and inform them about what data is being transferred and why. There are additional requirements for keeping a record of opt-in statements users have agreed to.

From a user experience perspective, there is a balance to be struck between keeping users informed, and not disrupting their workflows when seeking access to content. Best practice is still being developed and there’s yet some time to implement solutions; OpenAthens is looking to incorporate as much compliance into its processes possible so that publishers and institutions have less to be concerned about within their own systems.

Standardisation of SAML
There was much heated discussion about the highly varied nature of user journeys, including the numerous approaches and terminology facing end-users. There are initiatives underway to identify standards to ensure a better all-round user experience (see our previous post about the key issues for Publishers and for more information about our RA21). David reiterated OpenAthens’ commitment to work with others in the space and provide guidance, tools, and best practice for addressing these challenges (as identified in the OpenAthens Publisher Manifesto).

Next steps for OpenAthens – and the industry
As reflected by the Publisher Manifesto and the programme of the conference, OpenAthens is taking a more visible stand about best practices. As well as tackling the key issues facing information professionals, we are committed to advocating the best possible approaches to these issues across the industry. You can view the presentations and slides from the conference to find out more.

Share this article