The Future Of PRIVACY While Accessing PUBLISHED CONTENT
The Future of Privacy While Accessing Published Content
Tuesday 4J
Convener: Judith Bush @judielaine
Notes-taker(s): Judith Bush
Tags for the session - technology discussed/ideas considered:
RA21, EZproxy
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
How can i access published content without surrendering all my relationships and my identity?
- Individuals want access with privacy (personally or due to intellectual property reasons)
- writers have an interest in demonstrating the reach of their work
- publishers have an interest in compensation for their content
- aggregators may act on behalf of publishers, collecting diverse publishers content in one platform.
- publishers & aggregators have an interest in usage statistics to improve their platform and content
- institutions have an interest in linking their members to licensed content
- institutions are interested in establishing whether subscriptions impact research and student outcomes
Scope setting
Published, licensed content mainly means journals and research papers — think humanities and sciences, health and hospitals, biotech research
Compensation has generally been per paper payments or institutional subscriptions: other compensation models that protect privacy (micropayments through an aggregator) are interesting to contrast with models that do not (targeted advertising)
Access includes authentication and authorization, establishing affiliation
Current state
Much of the access is currently mediated IP affiliation. Institutions assert the IP range they wish treated as their use. While there is some "on site" use, there is also considerable proxied use. Proxies usually interrupt TLS interactions, decrypting, rewriting, and then resending. Cookies may or may not be passed through. The proxies allow a great deal of usage statistics to be captured by the institution while obscuring individual users from the content provider.
Questions
RA21 is working with SAML because of the SAML deployments in higher ed. Is OpenID Connect a challenge for established SAML institutions?
What would user centric control of search stats across publishers look like, so that the research stats could be aggregated for educational outcomes studies for the user?
What can IDP systems do to help librarians confirm usage statistics at published resources?
How might affiliation be established with social identities once and used at publishers?
Given the friction points identified by RA21 — discovering if any of an individual’s affiliations provide access — how might a sovereign identity with revokable or time bound affiliations be used in a way that by-passes the friction of the user testing affiliations until finding access and is privacy preserving (not handing over all "library cards")?
To help library patrons discover whether they have access through their library, processes beyond discovering the IDP in the publisher’s list was discussed. Suggestions included introducing an authorization server used by the library as part of their licensing tool, and then if the AS returns a token if and only if there is access to the doi. Other channels between the patron and library, using a doi aware bookmark let were discussed.