On Sat, 20 Jul 2019 at 00:46, Koren, Meshna (ELS-AMS) M.Koren@elsevier.com wrote:
That will be different per SP.
Elsevier is updating the access management system from old to new. In the old system a user would lose access to their previous user account when the value of targetedID changed. A persistent NameID is generated in a different way than ePTID so that value would most likely change. There's nothing we can do for such user because a SAML attribute is only validated via a SAML assertion.
In the new system we allow a user to 'link their new credentials' to their existing user account if their attributes change, provided they use the same email address they have used before. You can see that here: https://service.elsevier.com/app/answers/detail/a_id/29105/supporthub/elsevi...
👏🏻
Cheers
Jiri
This new system is gradually being implemented across products; quite a lot of work.
Kind regards, Meshna
-----Original Message----- From: FIM4L fim4l-bounces@lists.daasi.de On Behalf Of Bernd Oberknapp Sent: Friday, July 19, 2019 16:22 To: fim4l@lists.daasi.de Subject: Re: [Fim4l] Scopus
*** External email: use caution ***
I'm wondering what happens if the identifiers sent by an IdP change (identifier added or removed, switch from eduPersonTargetedID to persistent ID or vice versa)? Would the users be able to request an initial password for their email address and, if the IdP sends an identifier, connect their existing Elsevier user account to a new identifier?
Best regards, Bernd
On 19.07.19 15:01, Koren, Meshna (ELS-AMS) wrote:
Yes, there are. I don't exactly know how many because no way of
reporting on this, but there have always been users from institutions that aren't able to activate personalization because of that and they come and complain.
Please note that our SP, specifically, can make use of
eduPersonTargetedID or a Persistent NameID for this purpose; which one the IdP releases depends, I guess, on the software they use (and in some cases on what the federation recommends/configures).
We're currently not requesting or requiring any attributes through our
UK Federation metadata because there isn't a perfect way of doing that, and not requesting anything seems to be a lesser problem than otherwise. We don't need to alarm any existing IdPs into changing the released attributes because that would again cause trouble for end users... until we address that problem. It's a work in progress.
We are requesting them through some federations, as you've noticed;
that's because at the time of integration that was possible, and done, and it doesn't need to change.
Kind regards, Meshna
-----Original Message----- From: FIM4L fim4l-bounces@lists.daasi.de On Behalf Of Jiri Pavlik Sent: Friday, July 19, 2019 10:24 To: fim4l@lists.daasi.de Subject: Re: [Fim4l] Scopus
*** External email: use caution ***
Hi,
thanks a lot for your comments, Meshna, Leif, Raoul, Peter, Bernd.
Could you share with us, Meshna, whether there are some IdPs which are
not releasing targetedID to Elsevier SP currently?
This would worth to address in order to avoid users confusion and
discomfort when using federated authentication at Elsevier services. I belive there are no such IdPs from eduID.cz despide that requested attributes are missing in Elsevier SP metadata registered in eduGAIN.
Best regards
JiriOn Thu, Jul 18, 2019 at 10:18 PM Koren, Meshna (ELS-AMS) <
M.Koren@elsevier.com> wrote:
We (Elsevier; as Scopus doesn't have its own SP) tie a targetedID to an 'Elsevier user account' which is created in our database when a user decides to 'activate personalization', so that next time when a user accesses Elsevier product via the IdP, they can access their institutional entitlements AND their personal features with one set of credentials in one go. ('Activate personalization' means the same as 'register' or 'create user account'.)
That is the only way we use targetedID.
"So it's not enough to provide them with the ability to track every
movement and every resource one accesses (based on a pseudonymous identifier released by the IDP), they will /only/ offer you the benefit of personalization features if you /also/ tell them exactly who you are with name and email?!
Of course that fully undermines the point of sending them pseudonymous
identifiers in the first place."
That's upside down. Something to do with GDPR. We don't create user
profiles without user's action. We don't use targetedID to track a user or to maintain a session across different products; that would be useless and unnecessarily complicated, seeing most of our users don't use federated access in the first place.
An IdP doesn't need to release a targetedID. A user can register
without it (email + password) if they want to, but then they'll have two sets of credentials and some of them will be eternally confused or annoyed because they can either access subscribed content or their personal features, but not both. They will of course register at other SPs and end up with more credentials, or all these emails with different passwords, or with the same passwords... which completely defies the purpose of federated access.
Kind regards, Meshna
Meshna Koren
Associate Product Manager Product Management - Identity and Platform - Research Products
Elsevier BV Radarweg 29, Amsterdam 1043 NX, The Netherlands m.koren@elsevier.com
Federated Access - SAML, Shibboleth, Corporate SSO, OpenAthens, Institutional Login
-----Original Message----- From: FIM4L fim4l-bounces@lists.daasi.de On Behalf Of Leif Johansson Sent: Thursday, July 18, 2019 22:01 To: fim4l@lists.daasi.de Subject: Re: [Fim4l] Scopus
*** External email: use caution ***
So it's not enough to provide them with the ability to track every movement and every resource one accesses (based on a pseudonymous identifier released by the IDP), they will /only/ offer you the benefit of personalisation features if you /also/ tell them exctly who you are with name and email?!
Dude you can provide any information you like there... Thats exactly
what a pseudonym is!
Cheers Leif
FIM4L mailing list FIM4L@lists.daasi.de http://lists.daasi.de/listinfo/fim4l
Elsevier B.V. Registered Office: Radarweg 29, 1043 NX Amsterdam, The
Netherlands, Registration No. 33156677, Registered in The Netherlands.
FIM4L mailing list FIM4L@lists.daasi.de http://lists.daasi.de/listinfo/fim4l
FIM4L mailing list FIM4L@lists.daasi.de http://lists.daasi.de/listinfo/fim4l
Elsevier B.V. Registered Office: Radarweg 29, 1043 NX Amsterdam, The
Netherlands, Registration No. 33156677, Registered in The Netherlands.
FIM4L mailing list FIM4L@lists.daasi.de http://lists.daasi.de/listinfo/fim4l
-- Bernd Oberknapp Gesamtleitung ReDI
Albert-Ludwigs-Universität Freiburg Universitätsbibliothek Platz der Universität 2 | Postfach 1629 D-79098 Freiburg | D-79016 Freiburg
Telefon: +49 761 203-3852 Telefax: +49 761 203-3987 E-Mail: bo@ub.uni-freiburg.de Internet: www.ub.uni-freiburg.de
Elsevier B.V. Registered Office: Radarweg 29, 1043 NX Amsterdam, The Netherlands, Registration No. 33156677, Registered in The Netherlands. _______________________________________________ FIM4L mailing list FIM4L@lists.daasi.de http://lists.daasi.de/listinfo/fim4l