Hi Jos, Tim,

Thanks for bringing this to attention. It is very good idea to write a FIM4L response
describing that the FIM4L recommendations are there for propper scientists 
authentication at publishers services eliminating threads of tracking academics.

Best regards

               Jiri 





On Fri, Apr 16, 2021 at 3:20 PM Tim McGeary <tim.mcgeary@duke.edu> wrote:
I find this article to be highly cited yet highly sensationalized, the latter of which is demotivating.  But I was in that CNI meeting in Dec 2018, and that conversation motivated me to call NISO to task for not having any librarians on the RA21 committees and having worked closely with Todd Carpenter on other projects, I had credibility from experience to get myself on a RA21 team and then formally onto a Seamless Access team.  

Within Seamless Access, I found highly collaborative people from libraries, publishers, vendors, and other organizations who were all committed to developing standards for this work.  We battled over various elements and worked toward consensus, developing multiple options for services that need no user attributes whatsoever to function to those services that cannot function without user attributes.  I am proud of that work, and as someone who is responsible for privacy and security, I am much more confident to deploy Seamless Access today than I was sitting in that room in Washington, DC in December 2018.

That said, your itemized list is consistent with the objectives we had working in the Seamless Access Entity Attributes working group, and I can say that many of these are indeed included.  A colleague of mine is now on the Seamless Access Licensing group working to develop standards of language for contracts and licenses to try to solve other items on this list that cannot be easily solved through technology standards.

The pandemic has proven that IP-based authentication is no longer viable, yet the publisher marketplace is not equal in ability to support SSO.  The biggest publishers primarily already have SSO in place that we can easily agree to; the smallest publishers do not and have yet to demonstrate they can.  

And while we should do what we can to protect user's privacy, I do not come to the table believing or expecting that libraries and publishers are like-minded, and indeed the objectives each has in mind are very different.  I believe it is then paramount for libraries to achieve what we can in contractual and technological standards-based user privacy AND improve /update our Information Literacy programs to include guidance for users to protect their privacy through their choices and behaviors.  Part of this is acknowledging that as Libraries we want to track their usage of our own services just like publishers do.  So, we commit to transparency of our practices to demonstrate our expectations to users and demonstrate what questions they should be asking and considering in the practices of other services.

Tim

Tim McGeary

Associate University Librarian for Digital Strategies and Technology

Duke University Libraries

tim.mcgeary@duke.edu



From: FIM4L <fim4l-bounces@lists.daasi.de> on behalf of Jos Westerbeke <jos.westerbeke@eur.nl>
Sent: Friday, April 16, 2021 6:09 AM
To: fim4l@lists.daasi.de <fim4l@lists.daasi.de>
Subject: [Fim4l] Critical article
 

Hi all,

 

Please read following article:

https://elephantinthelab.org/when-your-journal-reads-you/

 

What about the idea to write an official FIM4L response?

 

I think we can note that:

  • It is time that libraries indeed need to fight this problem.
  • Both libraries and publishers should work on this.
  • SSO authentication methods can be used to reach the goal of better privacy, rather than IP-based authentication.
  • Libraries and publishers need to work together on protecting users' privacy.
  • We need to work together towards a new trust model anchored in a contract.
  • Only together we can make a safe 'information journey' for researchers and students.
  • We need each other, even when articles are published in Open Access. We can create a safe logon and can agree on a contractual basis that a publisher provides a safe journey for an authenticated user, rather than not authenticated users who are exposed to whatever the publisher is looking for.

 

All the best,

Jos

 

Jos Westerbeke

Library IT specialist/manager  | Erasmus University Rotterdam, Library | Burgemeester Oudlaan 50 | 3062PA Rotterdam | jos.westerbeke@eur.nl | +31 640295513

 

_______________________________________________
FIM4L mailing list
FIM4L@lists.daasi.de
http://lists.daasi.de/listinfo/fim4l