Trust and Internet Identity Meeting Europe
Feb 2020: Workshops and Unconference

RA21 Identity Provider Discovery

(Heather Flanagan)

RA21 Simple Trusted Access

Heather gives an Overview on RA21 (-> slides)

back in 2015 librarians from the pharma, the Pharma Documentation Ring concluded, that IP-address recognition is not meeting their needs any more (mergers, ..)

-> came up with SSO. Incorporate all publishers, know how to bill, do not track individual researchers.

RA21 has 60 organizational members

SAML and federation is available, but institutional discovery is difficult. -> RA21 UX challenge

Research discovery workflow oriented by specialized searches, followed by paper download Librarians are very concerned about user privacy - > release only entitlement and pseudonymous id (personalization only possible with extra registration at the SP)

There is a trade-of between ease of access and protection of uses with VPNs, proxies, etc.

Entitlements are used for the publisher to decide whether the user should have access, but could be a binary decision,

RA21 ran two pilots. There are 2 scripts in the UI, that do (1) storage of discovery choice and (2) IPD-discovery. This is hosted at a central location. These services are separate, and an SP can use local IDP discovery but central storage of user preference.

Smaller organizations want a default discovery service.

Publishers are a large group of service providers and therefore an important use case. But other SPs should be thought as well.

Switch WAYF is already RA21 compatible.

UX building blocks

-> see the cool slide

  1. user always sees the 3 steps (1) find institution, (2) login at institution, (3) proceed at service as authenticated user.

If preference is stored, the button ‘Login via your organization’ is replaces with ‘login with XYZ’

The RA21 interface is very quick and does not wait for a long list of institutions to be downloaded.