The Road to Simplified Remote Access
by Linda van Keuren
In March 2020, as the word went out that Dahlgren Memorial Library (DML) would move to a virtual learning environment for an undetermined period, its staffers were relieved and grateful that the collections were online. They would not need to scan print materials or arrange for a print material pickup service. The library had been providing online access to high-quality, evidence-based journals, books, and point-of-care tools for years. Not only were users familiar with the traditional resource access points on the library’s website, they also could obtain full-text content immediately at the publisher websites by taking advantage of the SeamlessAccess button. For a userbase made up of physicians, nurses, and other clinical staffers dealing with a burgeoning pandemic and students, faculty members, and researchers dealing with an upheaval to their academic work, access to information resources was one thing they did not have to worry about.
|SeamlessAccess ... provided busy users with uncomplicated access to high-quality information.
The groundwork for simplified remote access with SeamlessAccess had begun many years earlier. DML is the library for the Georgetown University Medical Center and serves graduate students, staffers, and faculty members in medicine, nursing, and biomedicine as well as the physicians, staffers, and researchers in a cancer center and one hospital of a large health system. In total, the library serves approximately 6,500 full-time equivalent (FTE) users. Similar to most health sciences libraries, in the late 1990s, DML began collecting electronic only. Since 2010, almost 100% of collections expenditures were for online resources, with the library donating or weeding all print journals and most print books.
From the early days of online content, authorization to view library online subscriptions was based on the IP addresses of the institution and off-campus proxy server. On-campus users would be recognized as such and would not be required to log in to use the collections. Remote users were prompted to authenticate using their university credentials. IP authentication streamlined access on campus, but over the years, as the remote use of the library increased, there was a noticeable difference in users’ research experience depending on their location.
In 2016, the library administration identified a number of goals for library resource management, including the following:
Focused acquisitions — DML wanted the flexibility to acquire some resources solely for the users of the medical center and other, more interdisciplinary resources for the entire campus in partnership with the other university libraries. The staffers felt it was no longer sustainable to provide all resources to everyone on campus, particularly when some tools were specifically restricted to trained healthcare providers.
Granular usage statistics — This was a very important goal. At the time, the only usage statistics available were COUNTER stats. These were valuable for collection management decisions, but not as helpful for library utilization discussions with departmental administrators. Inevitably, department administrators would ask a question that was difficult to answer: “How are our students using the library?” Granular usage data that included department or status would allow for much richer conversations and informed decisions in regard to outreach activities, budgetary support, and collection management.
Identity management — Utilizing the IP addresses to identify affiliated users was imperfect. The library wanted to tie library access into the existing identity management processes on campus and make access-entitlement decisions based on the academic or clinical status of the user, not the location.
Stronger security — Although protected by campus IT security, some areas of the campus network were more
porous than others (such as kiosk computers) in which a non-affiliated individual might gain access to library resources. Around the same time the library staffers were considering these goals, ransomware attacks were on the rise, so cybersecurity was very much on everyone’s mind.
DML felt that moving from IP-based authentication to a federated authentication solution would help to achieve these goals and chose OpenAthens (openathens.org), provided by TDNet (tdnet.io/services/authentication).
As OpenAthens and federated access management were new to the library, there was a steep learning curve as the small staff worked to understand the underlying technology and to develop new processes. However, the library had a strong partnership with the university information services (UIS) department. UIS not only vetted OpenAthens to ensure the platform conformed to security and data management policies, but it helped the library staffers work through many of the details of the project. The UIS team favored the move away from IP-based authentication, as it aligned well with university cybersecurity goals.
The UIS team helped to develop the logic needed to identify users who would have access to DML library resources through this new system. The logic was utilized to automatically add a user attribute to network user accounts. Upon the creation of a network account, if users fell within the identified user types, an attribute was utilized to indicate they were eligible to access the library’s resources. If users did not have the attribute within their network account, they would be provided with educational information about how to locate the materials via another route upon login.
Once the connection between the university authentication system and OpenAthens was arranged, the library team worked on configuring the resources within Open-Athens and at the publisher site. The last steps were to test access and update all resource URLs within the library’s finding tools. For users, access remained uninterrupted,
except they were required to log in at all times regardless of location. The library staff members gave this new login requirement much consideration, wondering if, for users, the change might be considered an unreasonable barrier. However, this concern was tempered by the belief that the new process would be more reliable and secure for users. Most users worked in a health field, in which even-tighter security measures and login requirements were common. Once the transition was completed, there were minimal user comments on the added login requirement.
The move to federated authentication helped the library to achieve the goals identified in 2016, and, as time has gone on, other benefits have become apparent. Let’s talk about those.
Continuity of services — The library serves a hospital with a computing infrastructure managed by its own IT department. It had been difficult to ensure continuity of access for these users, as the IP addresses and firewall rules would sometimes be changed without notice, leaving the users frustrated and without access. When hospital access did not require logging in due to IP authentication, hospital users seldom used their university credentials. Therefore, when they did need to use content remotely, they would have difficulty recalling a username and password. Remote research would be delayed until they requested a password reset or called the help desk. These users have now become more familiar with the credentials needed to utilize the library, so by March 2020, many knew what to use when working from home.
Security — Federated authentication utilizes both the OpenAthens and institutional security monitoring systems, both of which are staffed by individuals with more security expertise than is available in the library. The library facilitates security monitoring, but is not directly responsible, thereby freeing up the staff to focus on other services. When there are signs of misuse, a specific account will be suspended while the matter is investigated. While investigating, just that user account is shut off, rather than all accounts using the same IP number, which is how misuse cases were handled prior to federated authentication.
SeamlessAccess — In subsequent years, with the implementation of SeamlessAccess by major publishers, users on and off campus could gain streamlined access to high-quality content. As most of our library users are involved in either providing or learning about patient care, there is an urgency to their information needs. So, the fit was clear, and adopting SeamlessAccess was a no-brainer. DML librarians did not have to do anything special to take advantage of SeamlessAccess; however, having federated authentication in place was a prerequisite for deployment.
This is not to say there were not challenges. For institutions such as Georgetown that may have multiple federated authentication systems (e.g., Shibboleth and OpenAthens), users may see multiple viable options when selecting the institution from the list provided by the publishers. For example, DML users may see both Georgetown University and Georgetown University Medical Center. It is very easy to choose the incorrect option from the list. This continues to be an issue of concern, and one that is under examination by a WAYF Entry Disambiguation Working Group. Whenever possible, DML has consistently used the same phrase to brand the library content and works to educate users on what they should select to gain access to the subscriptions. Some publishers can also suppress all but the relevant institutional names.
The Bottom Line
The library staff believes that reducing access pain points for remote users not only streamlines the research process, but has the potential to decrease the use of content-sharing sites (such as SciHub) and reduce security problems (such as the sharing of passwords). SeamlessAccess is a game changer and compliments many strategies—engaged librarians, curated content lists via LibGuides, the Lean Library browser extension, and support of OA resources—used to enhance the research experience.
In March 2020, DML’s newly remote users were presented with the same access experience they had when on campus pre-pandemic. The years of work to move all collections online and to institute federated authentication paid off considerably. The availability of SeamlessAccess within the research environment provided busy users with uncomplicated access to high-quality information wherever and whenever they needed it.
What is Seamless Access?
This service, offered through the Coalition for Seamless Access, streamlines
the authentication of users across digital resources, thus providing
the basis for a better user experience when accessing and utilizing scholarly
literature. The SeamlessAccess infrastructure permits users to sign
on once to access a variety of information collections, collaboration tools,
and shared resources.
The SeamlessAccess User Experience
To explain the benefits of the SeamlessAccess experience for the user, it is helpful to recall how Dahlgren Memorial Library (DML) librarians would instruct remote users in the past. For example, when a remote user needed the full text of an article but was presented with a payment request, librarians would have instructed the user to exit the publisher site, connect to the library’s homepage, enter the citation information into the DML Citation Matcher tool to see where access was available, authenticate with university credentials, and return to the same publisher page he or she started on. Since publishers such as Wiley, Elsevier, Springer Nature, and Taylor & Francis implemented SeamlessAccess—and because DML has federated authentication—the user can look for the “Access through your institution” button on the publisher page to gain full-text access.
After clicking the button, the user can search for the institution name. DML staffers have instructed users that they should select Georgetown University Medical Center if presented with more than one viable option. Then, the familiar university login page will appear. And after logging in, the user can read the full-text article.
Users who continue their research and land on another publisher’s site that has implemented SeamlessAccess will see the familiar “Access through your institution” button. This time, the site will recognize their affiliation with Georgetown University Medical Center. They will only have to click the SeamlessAccess button to see the full text—no additional logins and no exiting the publisher site are needed.
The instant full-text access will continue across any information resource sites that have implemented SeamlessAccess and for which the library has a subscription. Privacy is protected, as only the right to access content is remembered, not the actual credentials. The consistency of the look and feel of the SeamlessAccess button across various platforms is a helpful visual clue for users who are navigating through different page layouts.