This is becoming an increasing occurrence with vendors and licensed resources.  ArtStor and JStor (hosted by Ithaka) are doing the same thing, and our licensing team has found it frustrating and ineffective to attempt to remedy this via license negotiation and enforcement.  I have also had to get our General Counsel involved with vendors that have enticed our users to sign up with their university credentials into "free" or freemium access.  It is becoming persistent, and sometimes flagrant, issue.

Tim

Tim McGeary

Associate University Librarian for Digital Strategies and Technology

Duke University Libraries

tim.mcgeary@duke.edu

Google/Skype/Twitter: timmcgeary


The Duke University Libraries value diversity of thought, perspective, experience, and background and are actively committed to a culture of inclusion and respect.

From: FIM4L <fim4l-bounces@lists.daasi.de> on behalf of Peter Schober <peter.schober@univie.ac.at>
Sent: Friday, October 9, 2020 10:22 AM
To: fim4l@lists.daasi.de <fim4l@lists.daasi.de>
Subject: Re: [Fim4l] Fwd: InCites now requires users to supply email address and create a new set of credentials
 
* Heather Flanagan <hlf@sphericalcowconsulting.com> [2020-10-09 15:54]:
> I’m not sure if you’re asking a question about what Clarivate is
> doing, if you’re asking if anyone has knowledge of other similar
> patterns, or if this is just an FYI?

What Davide described to me more sounded like, well, almost like a
breach of contract:

Institutions have been releasing limited data to the service provider
("attributes", via "identity federation") to signal to the service
provider that a person should be permitted to access resources under
an institutional license. It is my understanding that has been working
for many years, same as with dozens and hundreds of other services.

Now (or since whenever this was changed) members of those same
instiutions are promoted/forced to register a local account even after
successfully completing the federated login!
So remote access (via federation) is now broken -- it is no longer
sufficient to provide access -- unless one registers Yet Another
Account.

On top of that, experience suggests that a significant percentage of
those subjects will then enter (i.e,, "re-use") their *institutional*
credentials (passwords) when forced to register for a local account at
gunpoint -- a process only made worse by the connection/assotiation
with the familiar/"safe" federated login process that just happened.

Does the above provide sufficient reading-between-the-lines for folks
here to raise some eyebrows?

-peter
_______________________________________________
FIM4L mailing list
FIM4L@lists.daasi.de
https://urldefense.com/v3/__http://lists.daasi.de/listinfo/fim4l__;!!OToaGQ!-ey4Ie7TXVQcH_M-d9qnoPlK27imxssonnUzkvyvhla4pQSTCQTi64P3mna5sqNBj5c$