NISO Recommended Practice on Single Sign-On Authentication Available for
Public Comment
Identifies Needed Improvements for Users Authenticating to Licensed
Electronic Resources
NISO announces the availability of ESPReSSO: Establishing Suggested
Practices Regarding Single Sign-On (NISO RP-11-201x) for public comment
through June 22, 2011. ESPReSSO identifies practical solutions for improving
the use of single sign-on authentication technologies to ensure a seamless
experience for the user.
Currently a hybrid environment of authentication practices exists, including
older methods of userid/password, IP authentication, or proxy servers along
with newer federated authentication protocols such as Athens and Shibboleth.
This recommended practice identifies changes that can be made immediately to
improve the authentication experience for the user, even in a hybrid
situation, while encouraging both publishers/service providers and libraries
to transition to the newer Security Assertion Markup Language (SAML)-based
authentication, such as Shibboleth.
"With the growing use of mobile devices and remote access, the older
authentication methods are not manageable for either the content provider or
the library," explains Steve Carmody, IT Architect, Computing and
Information Services, at Brown University and co-chair of the NISO ESPReSSO
Working Group. "The ESPReSSO recommendations will help bridge the transition
to more robust authentication methods that better match the needs of today's
users and eliminate the need for multiple identities."
"Libraries are very concerned about protecting the privacy of their
patrons," states Harry Kaplanian, Director of Technology, Serials Solutions,
Inc., and co-chair of the NISO ESPReSSO Working Group. "These
recommendations identify methods that can be used to maintain privacy while
still offering users advanced functionality, such as saving searches between
sessions."
"NISO is testing various methods for identifying issues in our community
where NISO can provide leadership in developing solutions," states Todd
Carpenter, Managing Director of NISO. "The ESPReSSO recommended practice is
the first outcome of a Chair's Initiative project, where the NISO Board of
Directors Chair (then Oliver Pesch from EBSCO Information Services)
identifies a specific issue that would benefit from study and the
development of a recommended practice or standard."
The draft Recommended Practice and an online comment form are available at:
www.niso.org/workrooms/sso/. Publishers and distributors of licensed content
as well as licensing organizations, such as libraries, are all encouraged to
review and comment on the document.
Cynthia Hodgson
NISO Technical Editor Consultant
National Information Standards Organization
Email: hodgsonca@verizon.net
Phone: 301-654-2512