Thinking about authentication

Five years ago I blogged some thoughts on authentication and how confusing it is.  I thought it might be interesting to revisit this in the light of the recent report sponsored by OpenAthens on “Librarians’ experiences and perceptions of Identity and Access Management”. I also had a long chat with Phil Leahy at UKSG which is always a pleasure.

I broadly agree with the report – everyone wants things to be seamless, no one wants to login, no one wants to understand technical matters / terms.  From my NHS perspective we have pretty much always needed to treat everyone as “offsite” as IP access is rarely an option.  Perhaps the increasing demand evidenced in the wider community will drive some neat solutions?

Challenges of offsite access

I thought it interesting that the library staff felt that offsite access was a bigger challenge to their skills and knowledge than to that of the users and their increasingly complex journeys.  We spend a lot more time worrying about these things than the users! I would expect a somewhat different result if users were asked.

In the solutions section I was excited to see the potential discussed for recognising multiple affiliations – this would be a real game changer (alongside some licence work).  Increased granularity is something we can see coming in the changes to NHS OpenAthens but this needs to be accompanied by changes to allow automated allocation to different permission sets by user type.

In terms of my thoughts from five years ago – how have we done?

Many of the issues remain the same and are tied up in the nature of authentication – people do need to identify themselves and remember their login details.

The change to a two step authentication has been accepted by the users and meets the need to increase control over potential dubious registrations.

Problems with over convoluted login paths remain (and remain within the remit of the publishers who should be doing better) as does inconsistent use of terminology.

A new problem comes from the stricter password rules which place a higher level of security on OpenAthens logins than near any other system I use (numbers and letters, at least 8, no sequences, no “weak” words). The biggest set of problems relate to the implementation of a new self registration form for the NHS (by NICE and outside the control of EduServ).  This fails on multiple browsers and is particularly unhelpful around the password issue simply telling people they have made an error but not what it is or how to fix it.  Moves are underway to sort this but given it has been in excess of four months since the new password rules were introduced a solution is not being rushed.  I feel sorry for EduServ who look bad but cannot resolve it, for people trying to manage registrations and (more than anything) for those trying to register.

So more progress required.

UKSG Glasgow reflections

This was my first attendance at the UKSG conference. Having mostly been focussed on health information and NHS needs (and with an NHS training budget) I tended to focus my conference attendance on HLG.  I was lucky enough to be able to take my talk on extending ejournals to the NHS for a last outing (slides above) and brilliantly this meant UKSG covered my conference fees, hotel and train ticket. If I ever come up with anything that would fit with UKSG interests again I would submit again for that reason alone!
What interests UKSG was one of the questions I came away with. The range of talks was very wide encompassing apps, open access, open data, copyright, discovery, ethnography and other letters of the alphabet (search UKSG for talk recordings). While I was interested in many of the things I attended they often felt less practical than the average HLG talk. This perhaps reflected the high level of a number of speakers or the very particular specifics of their examples. It almost certainly reflects my ongoing health focus. The open access side was probably the most interesting for building my knowledge.  I did not have any great moments of revelation.
My favourite session was on ethnographic approaches. This an area increasingly in the spotlight and a likely candidate for my next years objectives. It was great to hear about the progress of research by @librarygirlknit and @llordllama (and a big pleasure to have met both of them IRL for the first time). I need to think about how to use these approaches to understand activity away from the library.
The HEFCE review of metrics sounds like it should be a good read but sadly won’t see the light of day till after the election. I enjoyed the presentation on efforts at Faber to make money from digital outside of the sale of ebooks. Having been tempted into buying one of their beautiful editions recently I had been impressed by their website. The model seems to be one of building loyalty and a community of a sort around both their core products but also desirable crafted items. There was some commentary for and against this fetishisation of the book on social media. I think it seems a good way to go – the basic edition remains available and the objects created are useful and beautiful passing the William Morris test.
I was pleased with how my sessions went. Both times there were a good number of people and some really interesting discussion was prompted. Having to spell out a lot of the NHS jargon meant there was no problem timing wise. It took about twice as long as at HLG to deliver a similar volume of material! It was also great to have the chance to talk to lots of publishers about licence extensions. Hopefully a few of these discussions will bear fruit.
The conference itself was very slickly organised (even the wifi worked OK). The social programme was fun though I tapped out early from the Ceilidh. No MD20/20 was served and no Teenage Fanclub played (to my knowledge).