Hi all,
This is an interesting use case, thanks. And I agree with Jiri; Elsevier (ScienceDirect/Scopus/etc.) could be an example for our Recommendation option 5b. I said 'could be' because it depends on how you establish your connection between IdP and SP, of course. Perhaps Elsevier has different SSO connections for libraries due to the lack of a good FIM4L reference;)
I think we (Erasmus University) have such a 'Recommendation 5b' example with ScienceDirect.
We exchange the urn:mace:dir:attribute-def:eduPersonTargetedID attribute (Persistant Identifier) with Elsevier. Our (hub-spoke) SURFconext federation has a connection (through eduGAIN) with Elsevier. Hence all SURFconext members (almost all higher education schools of the Netherlands) are able to connect to Elsevier in prescribed way. See screenshot 1 in the email attachment for our connection info. (Thanks for the wonderful IdP dashboard, Raoul;)
When you're logged in through federated SSO at www.sciencedirect.com you'll have access and you'll stay anonymous, based on a persistent identifier.
Now, you're offered by Elsevier to voluntarily 'activate personalization'. Whatever you fill in there, it will be bound to the persistent identifier. And there you'll have your own build profile, even with 'fake' name and email, as I did with my spam Yahoo email address. (Screenshot 2) I perfectly carry my profile with me by using Elsevier federated login.
And as you said Peter S., Elsevier is also able to build a personal profile based on the persistent identifier, but they must find the information themselves, with advanced algorithms e.g. Which they do not, according to Meshna. But I think this goes beyond our scope.
@Meshna: I can't find a button to delete my profile;)
all the best! Jos
On 19/07/2019, 10:24, "FIM4L on behalf of Jiri Pavlik" <fim4l-bounces@lists.daasi.de on behalf of jiri.pavlik@mzk.cz> wrote:
Hi,
thanks a lot for your comments, Meshna, Leif, Raoul, Peter, Bernd.
Could you share with us, Meshna, whether there are some IdPs which are not releasing targetedID to Elsevier SP currently? This would worth to address in order to avoid users confusion and discomfort when using federated authentication at Elsevier services. I belive there are no such IdPs from eduID.cz despide that requested attributes are missing in Elsevier SP metadata registered in eduGAIN.
Best regards
Jiri
On Thu, Jul 18, 2019 at 10:18 PM Koren, Meshna (ELS-AMS) M.Koren@elsevier.com wrote: > > We (Elsevier; as Scopus doesn't have its own SP) tie a targetedID to an 'Elsevier user account' which is created in our database when a user decides to 'activate personalization', so that next time when a user accesses Elsevier product via the IdP, they can access their institutional entitlements AND their personal features with one set of credentials in one go. ('Activate personalization' means the same as 'register' or 'create user account'.) > > That is the only way we use targetedID. > > "So it's not enough to provide them with the ability to track every movement and every resource one accesses (based on a pseudonymous identifier released by the IDP), they will /only/ offer you the benefit of personalization features if you /also/ tell them exactly who you are with name and email?! > > Of course that fully undermines the point of sending them pseudonymous identifiers in the first place." > > That's upside down. Something to do with GDPR. We don't create user profiles without user's action. We don't use targetedID to track a user or to maintain a session across different products; that would be useless and unnecessarily complicated, seeing most of our users don't use federated access in the first place. > > An IdP doesn't need to release a targetedID. A user can register without it (email + password) if they want to, but then they'll have two sets of credentials and some of them will be eternally confused or annoyed because they can either access subscribed content or their personal features, but not both. They will of course register at other SPs and end up with more credentials, or all these emails with different passwords, or with the same passwords... which completely defies the purpose of federated access. > > Kind regards, > Meshna > > > > Meshna Koren > > Associate Product Manager > Product Management - Identity and Platform - Research Products > > Elsevier BV > Radarweg 29, Amsterdam 1043 NX, The Netherlands > m.koren@elsevier.com > > Federated Access - SAML, Shibboleth, Corporate SSO, OpenAthens, Institutional Login > > > > > -----Original Message----- > From: FIM4L fim4l-bounces@lists.daasi.de On Behalf Of Leif Johansson > Sent: Thursday, July 18, 2019 22:01 > To: fim4l@lists.daasi.de > Subject: Re: [Fim4l] Scopus > > *** External email: use caution *** > > > > > > > So it's not enough to provide them with the ability to track every > > movement and every resource one accesses (based on a pseudonymous > > identifier released by the IDP), they will /only/ offer you the > > benefit of personalisation features if you /also/ tell them exctly who > > you are with name and email?! > > > > Dude you can provide any information you like there... Thats exactly what a pseudonym is! > > Cheers Leif > _______________________________________________ > FIM4L mailing list > FIM4L@lists.daasi.de > http://lists.daasi.de/listinfo/fim4l > > ________________________________ > > Elsevier B.V. Registered Office: Radarweg 29, 1043 NX Amsterdam, The Netherlands, Registration No. 33156677, Registered in The Netherlands. > _______________________________________________ > FIM4L mailing list > FIM4L@lists.daasi.de > http://lists.daasi.de/listinfo/fim4l _______________________________________________ FIM4L mailing list FIM4L@lists.daasi.de http://lists.daasi.de/listinfo/fim4l