When I started with RSC Wales back in June 2007 one of the first things I did was attend a JISC Access Management (AM) event. And here I am again a few years on, having just got back from the 2009 event which I attended hoping to find out what the current access management landscape looks like. What has changed and what have we learned in the interim?

I’ll blog about some of the sessions and some of my thoughts, with  inevitable emphasis on the areas most relevant to libraries and LRCs. I haven’t been Tweeting with the rest of the Twittoratti, but there was plenty to digest on the #fam09 tag.

If you want to find out more about the event you can view the programme, download many of the presentations or visit the FAM09 social site.

First, a recap of the access management options for e-resources

Shibboleth (by which I mean Federated Access Management) was the main option under discussion. It requires either in-house support, or you can pay a third party to set to it and provide support until you have enough in-house experience.

A related option, offering the same functionality, is to pay for a subscription to the OpenAthens Service, to gain Shibboleth-like features. I think of the Shibboleth/OpenAthens options as being like looking for somewhere to live.

OpenAthens is like renting a nice appartment. It is nice to live in, but you can’t do what you like with the apartment (e.g. replacing the windows if you don’t like them), and you will never own the apartment – if ever you stop paying the rent you get kicked out and have nothing to show for the years you paid for. Though while you do pay rent, someone else will (hopefully) be responsible for repairs to the property.

Shibboleth is like buying a house. There is a cost at the start, and you the one reponsible for maintaining the property. You can do that yourself if you have the skill; or pay someone else to do so, and maybe when you understand more go on a DIY course yourself and start to do your own maintenance.

There are two other common access management options, though I can’t think of a way of extending the house analogy to them without it being contrived, so I’ll just describe them straight. One option (often used in conjunction with Shibboleth) is to use the more traditional IP plus proxy solution to on-and-off campus access to resources and services.

There is also sometimes the option to have a single, fixed username and password for off-campus access, which can be workable for small e-resource portfolios. This option is gradually disappearing for many resource providers though.

Some of the sessions I attended

Identity and Access as UK Priority, Sara Marsh and Peter Tinson

This session was a summary of where we came from (beginning in 2004), where we are, where we’re going, and potential barriers to getting there, so was an appropriate conference opener. Sara likened herself to the jam of the talk, sandwiched between Peter’s opening and closing bread. I was glad to see that the bread was wholemeal.

The early landscape was one where there were few Shibbolised resources and a lack of in-house skills. Organisations lacked institutional access management strategies, and IT departments felt that access management was just about access to e-resources, and was therefore only a library issue.

And now? All but a few of the big publishers offer Federated Access Management as an option, and those that don’t offer it are under increasing pressure. UCISA and SCONUL surveys found that access and identity management is now in the top ten strategic issues listed by their members, so the importance has risen (though the issue is not at the top of the list).

What is needed for the future? Two main things stood out. Firstly access and identity management/Federated Access Management needs to get into top-level strategies. Secondly we need more examples of the benefits early adopters have gained from Federated Access Management in order to make the strongest possible management case.

Federated Access, the Library Experience, Sarah Pearson, Richard Cross and Francis Lowry

The experiences of two institutions (the University of Birmingham and Nottingham Trent University) in implementing Shibboleth. Many of the things said rang true to my experiences of being involved with a university implementation.

Sarah Pearson spoke about the Birmingham experience. In Birmingham they have used Shibboleth to implement single sign-on (SSO) to Metalib (their federated search tool) and EZproxy, but not to the VLE yet. They try to push users through Metalib as the primary means of accessing e-resources, since then the library can make access more seamless to users.

Sarah showed a diagram of the various ways in which a user at the University of Birmingham accesses e-resources (see below – click to enlarge). It illustrates the complexity of managing the various access options – a diagram like that can be a valuable thing for any library to create in attempting to identify areas which need work.

Collaboration for the University of Birmingham Shibboleth implementation was between:

• Serials Team (Library Services)
  They activated e-resources, customised links, implemented authentication, and did troubleshooting.
• Digital Library Team (IT Services)
  Managed Metalib and SFX installation including interaction with the IdP (Identity Provider)
• Networks Team (IT Services)
  Setup and maintenance of IdP and interaction with BIIS registry

See Sarah’s presentation for the implementation timescale and process – it shows the complexity of the move from the librarian’s perspective, all the processes involved before you even reach the user education element! Issues such as contacting service providers, finding out what information to provide, obtaining WAYFLess URL information, testing etc is all time-consuming, and if you need to manage resources in a federated search tool like Metalib there are extra steps.

One issue Sarah raised was the fact that some users will navigate directly to a resource rather than going through the library portal, so they will have to deal with WAYFs. Her team has now incorporated that route into their user education (guidance on Metalib and in induction).

Then Richard and Francis gave the Nottingham Trent University perspective. Nottingham Trent University were early Shibboleth adopters, and the central message I took away from their part of the presentation was the positive one that they had experienced no problems, Shibboleth has been stable with no downtime, and it all just worked from day one – on which day it was heavily used by students to take advantage of Microsoft’s free DreamSpark offer (it requires an institution to be using Federated Access Management for their students to benefit – another reason to switch!)

A valuable piece of advice from the presentation was that they never refer to Shibboleth when communicating with users, they only talk about the ‘University username and password’. Obviously they refer to it among library and IT staff though.

In terms of transition, they had a roadmap and a blog to inform staff. They also created a wiki that includes every e-resource they subscribe to and how users access it (since terminology varies from provider to provider), so that staff know how to help off-campus users for each resource. Bear in mind that the help staff on campus won’t see login screens, they will be automatically validated via IP, so this kind of information is invaluable for user suppport. Richard and Francis lamented that there is no consistency of terminology in how Service Providers refer to the login options, necessitating this approach.

The main lessons Richard and Francis wished to share:

• Plan early
• IT and library staff must work together (a partnership emphasised in other talks too)
• Communicate with Service Providers – don’t assume anything
• Don’t expect glowing praise from users – access management should be invisible to them if it works (but expect complaints when it doesn’t!)

They concluded that it is an ongoing process of development, it is not all over on the day that Shibboleth is installed. Also Shibboleth is not a solution to everything, but it is an important and flexible building block in the organisation’s infrastructure.

There were some similarities between the setup at the two universities. For example, both institutions currently use a combination of Shibboleth, IP/EZProxy and other methods (for a minority of resources). Both are currently using Shibboleth 1.3 but are planning to move to version 2.

Both also agreed on some of the challenges:

• There are personalisation issues when using dual authentication (e.g. Shibboleth plus IP). However they can be dealt with e.g. Nottingham Trent University migrated accounts wholesale where possible (e.g. for Refworks) and when that wasn’t an option they supported users individually in migrating settings. In a few instances users had to rebuild their personalisation from scratch.
• Not all Service Providers use a standard WAYFless URL structure, and many don’t include the ability to deep-link it e.g. to a particular e-book or database. Those that do have WAYFless structures may not tell you. There is a lack of standards here.

Tech 101 for Librarians, Andy Swiffin

Andy tackled the issue of terminology, trying to unravel the acronyms, as well as placing the emphasis on why and how you deploy an IdP (Identity Provider). He emphasised the relative simplicity of the process – if you have a web server with Tomcat, and have an identity source e.g. LDAP or Microsoft Active Directory, then you can do it easily. Andy has done a Shibboleth install and configured and tested it in just 12 minutes!

Why adopt FAM?

The same answers came up in a number of sessions, so it makes sense to just summarise the common answers here.

• Increased user privacy.
• KISS – Keep things simple for the user by enabling single-sign-on (SSO) for internal and external resources.
• Granularity – Federated Access Management enables fine-grained authorisation, so it should be possible to save money by only buying a specialist resource for the group that needs it, rather than paying for a subscription for the whole institution that will only be used by a few people. Obviously the ideal from a librarian’s perspective is to offer access to everyone, but as Sara Marsh pointed out – if it is a choice between paying for access for a group that needs something, or not getting the resource at all because access for the entire organisation is too expensive, the former is better than no access at all.

Social gaming

After the evening meal on Monday there was a games room for socialising to take place in. Four Nintendo Wiis were set up so that people could compete in Mario Kart, boxing, baseball, ten-pin bowling, Wii Fit and winter sports; along with giant Jenga and Connect 4, table football and air hockey. I put in some sterling defence work on the table football, but my gaming ability was a major letdown at ten-pin bowling, and for some reason my bowling ball always ended up in the gutter or – even worse – rolling away from me in the wrong direction. I’m almost certain that it was a faulty controller :-p but it made it look like I couldn’t hold my own in a Wii-ing contest.

This month I used SurveyMonkey to get a snapshot of the usage of – and opinions on – the E-books for FE Project in LRCs in Wales. There were responses from about half of the colleges (14 respondees in total). I’ll summarise the main results, and have anonymised individual responses. There are some interesting comments on access methods (as expected, colleges want IP for on-campus, and another option for off-campus); importing MARC records into OPACs; ideas for promoting the collection; and on a Welsh-language interface.

Has your institution signed up to the E-books for FE deal yet? [In the sense of having submitted a signed agreement form.]

If no, are there any particular obstacles that have prevented you from setting up access for your institution? [1 response]

1.    we are not members of Shibboleth or Open Athens

Has the site for your institution been set up by Ebrary, with access for your users?

If yes, how long did it take? Any other comments? [6 responses]

1.    a couple of weeks after signing the agreement.
2.    couple of days
3.    Fairly quick after initial problem – they got our details a bit wrong
4.    A couple of weeks – as expected, given the volume of FE subscribers I’m surprised that others have felt this timescale was so slow!
5.    About 2 weeks after completing licence agreement
6.    Around 5 weeks from sending off completed agreement.

What access method did you select?

Do you have any comments about the options offered by Ebrary? [5 responses]

1.    It would have been nice to have on-site access by IP as well
2.    Original offer should have been remote access and IP not one or the other. I understand that this issue has now been resolved.
3.    Not having IP access is a disadvantage. It will make it harder to promote the database and encourage staff to access it
4.    Would have liked IP access as well as evidence suggests this is what students tend to use but this what outweighed by the need for off campus access for those who need it
5.    Would have liked a vareity of options rather than just one. We are still trying to get Shibboleth to work and so IP access would also have been helpful. We may find that 3 months are spent getting the shibboleth access sorted!

Have you downloaded the MARC records for the titles into your library catalogue?

If yes, were there any problems? What LMS do you use? Other comments? [6 responses]

1.    No problems. We use Heritage, and they were very helpful in making it easy for their users by liaising with Ebrary over this.
2.    For some reason the records won’t download in Heritage. I’ve informed Heritage support and we are in dialogue.
3.    To be honest I’m not sure if we have or not (and person who would know is on leave)!
4.    Autolib, they have just sent me a link for downloading the records.
5.    Heritage LMS – provided file and worked fairly easily
6.    Use Alice (Softlink) – not yet aware if we can download MARC records

Do you have any plans for promoting the e-books next term? E.g. demos to teachers, or pointing out titles useful to certain courses, or promoting Ebrary platform features? [13 responses]

1.    yes – demos for staff and students. pointing out useful titles for staff, and also to stick on Moodle site. Promote on web pages and Library Moodle.
2.    We will be adding stickers to books that are also available via the ebrary. Main point of entry will be via our Moodle page. Some tutors have already been introduced to the ebrary, but not all. We will be actively promoting the ebrary via posters and other displays and will likely run workshops throughout the year.
3.    Yes, staff development sessions and promotion of ebook libraries. Also including ebook libraries in the student inductions.
4.    Inductions, collection per course of useful titles, inform Heads of Department to disseminate resource,
5.    Yes – but not yet firmed up. We’ll use a range of concurrent measures and also promote them to students in induction. Will monitor promotional activity and effectiveness and be ready to report back.
6.    Yes. Will certainly demo it to teachers, but have not thought of a coherent strategy yet. I’m waiting to get it on our OPAC first.
7.    Yes – face-to-face demonstrations, e-mailing bookshelves to tutors etc
8.    Will be incorporated into ‘advanced inductions’ have already done some staff development sessions with tutors
9.    No plans as yet, as we are short of staff time to do this at present.
10.    Yes, website links, catalogue links, demo’s during research sessions.
11.    Yes; demos to staff, holding drop in sessions for staff and students; getting ourselve invited to Faculty meetings; holding drop ins for staff during STaff Development days, advertising on the widget – you name it we’ll be doing it!
12.    Yes – will provide demos and point out useful e-books in inductions
13.    Not yet – need to get access first

There is an extra allocation for textbooks of relevance to Wales, Scotland, and Northern Ireland. If there are any textbooks that you would like to see available in this, enter their details below. The comments will be passed on to the E-books for FE Project Manager. [4 responses]

1.    University of Wales Press titles would be particularly useful as these are often either out of print/print on demand and generally hard to get hold of. Some example titles:
A History of Wales 1906 – 2000, Gareth Evans (9780708315941)
A History of Wales, 1815 – 1906, Gareth Evans 9780708310281)
Hope and Heartbreak: A Social History of Wales, 1776 – 1871, Russell Davies (9780708319321)
Organise! Organise! Organise!, Ryland Wallace (9780708310786 )
Welsh-language textbooks such as:
GCSE Mathematics / TGAU Mathemateg (9780340927366)
IT / Technoleg Gwybodaeth (9781845210977)
2.    At this moment in time nothing comes to mind but would like the opportunity to be able to submit requests in the future should anything deem appropriate
3.    More books for our Business and Professional faculty would be nice e.g. hairdressing, beauty, introductory business books.
4.    Relevant FE vocational titles – again person who would know which key texts are available in Welsh is on leave

Ebrary have agreed to look into creating a Welsh interface for their e-books platform. Would this be useful to your institution? Would you promote it?

Comments (on Welsh interface) [7 responses]

1.    Welsh is already promoted quite well within our LRC and we would happily promote a Welsh-language interface. Usage of the Welsh language in the xxx area isn’t great but both members of LRC staff are able to speak Welsh as well as a few other members of staff. I envisage that it would be particularly useful for our outreach learners, many of whom are based in more ‘Welshy’ areas.
2.    Not terribly useful in reality but would be good politically.
3.    This should be a given in Wales even if colleges have a small Welsh language cohort.
4.    The uptake probably wouldn’t be great, but it would help college satisfy its Welsh language obligations.
5.    We already have a bilingual catalogue and KnowUK was also available bilingually
6.    Usage would be minute, to be frank.
7.    Not sure how much usage it would have but would a good feature.

Many thanks to those college LRCs that responded to my survey: Barry College, Bridgend College, Coleg Ceredigion, Coleg Glan Hafren, Coleg Harlech, Coleg Llandrillo, Coleg Meirion Dwyfor, Coleg Powys, Coleg Sir Gar, Gorseinon College, Swansea College.

[The National Library of Wales at night - a photo I took with my first digital camera in 2000]

A new development that may be of interest regarding electronic resources available to FE colleges in Wales.

In the past people wanting to join the National Library of Wales (NLW) had to travel to Aberystwyth. Because I live here I obviously think Aberystwyth is a nice place – but perhaps not very easy for library users in the rest of Wales to get to. However the NLW has now enabled all their readers, academic and non-academic, to register through a new online registration system.

The good bit for Welsh FE is that if you live in Wales, you can also register for an Athens username and password (and thus access to the National Library of Wales’ Athens-authenticated resources). It may be worth promoting to your users, since it is a free resource for you and them, and also benefits the NLW with an increase in their number of users.

The online registration form is available here.
A list of electronic resources subscribed to by the NLW can be seen here.

Of course if people visit the NLW in person, they can still apply for a Reader’s Ticket without going online. They will need to privide 2 forms of ID, one of them showing their current address. The NLW will take photos of them and a card will be produced (linked to the online registration if previously done).

So now the only reason to visit Aberystwyth is for a sun tan (maybe not today though…).

OpenAthens pricing from Aug 2008

For colleges that want to continue to use Athens as their authentication system after August 2008, here is a link to the new OpenAthens pricing by JISC band. There is further information in the flyer here.

RSC Wales Athens / Shibboleth survey results

I will take this opportunity to circulate the results of the Athens / Shibboleth survey conducted by Samantha Edwards (between January and March 2007). The free text comments have been anonymised as far as possible). It seems a number of people are planning to move to Shibboleth, though lots of people were happy with Athens – the only problem being the need to pay for it after August next year.

What is your college institution? / Response Count

Barry / 0
Bridgend / 1
Coleg Ceredigion / 0
Coleg Glan Hafren / 1
Coleg Gwent / 1
Coleg Harlech / 1
Coleg Llandrillo / 0
Coleg Llysfasi / 0
Coleg Meirion Dwyfor / 0
Coleg Menai / 0
Coleg Morgannwg / 2
Coleg Powys / 1
Coleg Sir Gar / 1
Deeside / 0
Gorseinon / 1
Merthyr Tydfil / 0
Neath PT / 1
Pembrokeshire / 1
St Davids / 0
Swansea College / 1
WEA South Wales / 0
Welsh College of Horticulture / 0
Yale / 0
Ystrad Mynach / 0
North East Wales Institute (NEWI) / 0
Royal Welsh College of Music and Drama / 0
Swansea Institute / 0
Trinity College / 1
University of Wales Lampeter / 0
[answered question 13 / skipped question 0]

What is the current usage of Athens at your institution? (Select any that apply) / Response Percent / Response Count

None / 0.0% / 0
Registered for service but not used / 15.4% / 2
Accounts issued on request / 69.2% / 9
Self-Registration / 15.4% / 2
Bulk Upload / 7.7% / 1
Athens DA / 7.7% / 1
[answered question 13 / skipped question 0]

Are there any issues that deter your usage of Athens?

No, it is now being very well used (85 students have registered this academic year) as a result of publicising the service more strongly. We have 42 journals that are accessible online via an Athens account. The students who use this service are mostly, but not exclusively, HE students who find that we have the journals they need. The FE students are mostly on Access to HE courses.Yes, for example, not long ago I tried to access EMERALD with Athens, but it did not work.

Yes, students have to self-register in this institution. Last year, we merely handed out Athens passwords – ready to use. Many students don’t have e-mail addresses, so we first have to set up an e-mail address for them. The whole procedure takes about 15 mins per student.

Lack of funding to purchase subscriptions, and a dearth of relevant free resources. There may also be an issue with the perception of Athens as a ‘place’ on the web, rather than a gateway to resources.

No

It can be time consuming to issue accounts on request for larger courses, however although we’ve considered moving to Athens DA we have not been able to justify the cost and time involved at present.

Keen to move to Shibboleth, so haven’t put work into Bulk Upload or alternative system.

The Learning Centres are keen to use Athens (or equivalent). Athens was previously administered by our ILT Manager who has now left the college -usage was very low. We now have a new ILT Manager and have started discussions re Shibboleth as a future solution.

Students don’t know about it or the resources available to them.

No

Has Shibboleth been trialled or implemented at your institution? / Response Percent / Response Count

Yes / 7.7% / 1
No / 84.6% / 11
Not Sure / 7.7% / 1
[answered question 13 / skipped question 0]

Have you any future plans within your institution to trial or implement Shibboleth technology?

I need to know more about the implications of using Shibboleth.No, I would prefer to carry on using Athens for the time being, at least until 2008, but would wish to keep up to date with developments.

We had some meeting about it, or some member of the staff, I think, reported about it when he returned from some seminar; I also have some papers on it, but never, actually tried it.

The Athens administrator at this college has not mentioned any such plans, if they are in place.

Yes. We are currently taking advice from the RSC on the timing of swtiching to Shibboleth.

In initial stages of discussion with Senior Management, and Technical Support.

Possibly, depending on documentation and support issues.

No, not yet.

We would like to implement Shibboleth at some point, but are unlikely to do so in the near future.

Yes – ILT / Computer services working towards this.

Only at early discussion stage at present.

Yes, we hope to implement it by July 2008.

We are looking to move towards Shibboleth, but it doesn’t look as though it is a priority yet.

Would you like more information or training on any of the following? (Select any that apply) / Response Percent / Response Count

Athens DA / 38.5% / 5
Athens Administration / 23.1% / 3
Bulk Upload / 23.1% / 3
Self-Registration / 15.4% / 2
Shibboleth & the UK Access Federation / 84.6% / 11
Other (please specify) / 38.5% / 5

I want to access different electronic articles with a single password, not complecated staged process!I have a meeting with Richard Dunning from Eduserv on Friday 16th to discuss

Dependent on the timing of the switch to Shibboleth, we may need further training on Athens, for our library assistant.

Examples, step by step configuration guides etc would be useful. Implementation workshops, or even an advertised list of consultants, experience, timescales and prices.

We need to be clear when AthensDA is coming to an end, the cost impact of continuing, the cost of implementing Shibboleth, and what Shibboleth will do for us. Once we have this information we can then put together a solid business case and take it forward.

[answered question 13 / skipped question 0]