Fwd: InCites now requires users to supply email address and create a new set of credentials
Hello everyone,
I've sent this message to the FOG mailing list about Clarivate's InCites additional registration flow, but some Colleagues suggested that FIM4L would have been a better venue for the topic.
Regards, Davide
-------- Forwarded Message -------- Subject: InCites now requires users to supply email address and create a new set of credentials Date: Wed, 7 Oct 2020 19:18:52 +0200 From: Davide Vaghetti davide.vaghetti@garr.it To: fog@lists.refeds.org
Hello everyone,
some IdP admins and Librarians alerted us about Clarivate's InCites requiring an additional users registration after the Institutional login. The flow is similar to what Elsevier introduced in sciencedirect, but then rolled back, last year:
- it starts on https://incites.clarivate.com - a user select "Sign in" and then "Institutional (Shibboleth) Sign In" - once the authN flow is finished, the user is requested to register an email address and then to set a password to access InCites
As in the case of Elsevier, the above has not been anticipated in any way from Clarivate, which so far was letting users in with just a transient nameid and ePSA.
Regards, Davide
Hello and welcome, Davide!
I’m not sure if you’re asking a question about what Clarivate is doing, if you’re asking if anyone has knowledge of other similar patterns, or if this is just an FYI?
Heather Flanagan — Translator of Geek to Human https://sphericalcowconsulting.com On Oct 9, 2020, 2:45 AM -0700, Davide Vaghetti davide.vaghetti@garr.it, wrote:
Hello everyone,
I've sent this message to the FOG mailing list about Clarivate's InCites additional registration flow, but some Colleagues suggested that FIM4L would have been a better venue for the topic.
Regards, Davide
-------- Forwarded Message -------- Subject: InCites now requires users to supply email address and create a new set of credentials Date: Wed, 7 Oct 2020 19:18:52 +0200 From: Davide Vaghetti davide.vaghetti@garr.it To: fog@lists.refeds.org
Hello everyone,
some IdP admins and Librarians alerted us about Clarivate's InCites requiring an additional users registration after the Institutional login. The flow is similar to what Elsevier introduced in sciencedirect, but then rolled back, last year:
- it starts on https://incites.clarivate.com
- a user select "Sign in" and then "Institutional (Shibboleth) Sign In"
- once the authN flow is finished, the user is requested to register an
email address and then to set a password to access InCites
As in the case of Elsevier, the above has not been anticipated in any way from Clarivate, which so far was letting users in with just a transient nameid and ePSA.
Regards, Davide -- Davide Vaghetti Consortium GARR Tel: +390502213158 Mobile: +393357779542 Skype: daserzw _______________________________________________ FIM4L mailing list FIM4L@lists.daasi.de http://lists.daasi.de/listinfo/fim4l
* Heather Flanagan hlf@sphericalcowconsulting.com [2020-10-09 15:54]:
I’m not sure if you’re asking a question about what Clarivate is doing, if you’re asking if anyone has knowledge of other similar patterns, or if this is just an FYI?
What Davide described to me more sounded like, well, almost like a breach of contract:
Institutions have been releasing limited data to the service provider ("attributes", via "identity federation") to signal to the service provider that a person should be permitted to access resources under an institutional license. It is my understanding that has been working for many years, same as with dozens and hundreds of other services.
Now (or since whenever this was changed) members of those same instiutions are promoted/forced to register a local account even after successfully completing the federated login! So remote access (via federation) is now broken -- it is no longer sufficient to provide access -- unless one registers Yet Another Account.
On top of that, experience suggests that a significant percentage of those subjects will then enter (i.e,, "re-use") their *institutional* credentials (passwords) when forced to register for a local account at gunpoint -- a process only made worse by the connection/assotiation with the familiar/"safe" federated login process that just happened.
Does the above provide sufficient reading-between-the-lines for folks here to raise some eyebrows?
-peter
This is becoming an increasing occurrence with vendors and licensed resources. ArtStor and JStor (hosted by Ithaka) are doing the same thing, and our licensing team has found it frustrating and ineffective to attempt to remedy this via license negotiation and enforcement. I have also had to get our General Counsel involved with vendors that have enticed our users to sign up with their university credentials into "free" or freemium access. It is becoming persistent, and sometimes flagrant, issue.
Tim
Tim McGeary
Associate University Librarian for Digital Strategies and Technology
Duke University Libraries
tim.mcgeary@duke.edumailto:tim.mcgeary@duke.edu
Google/Skype/Twitter: timmcgeary
The Duke University Libraries value diversity of thought, perspective, experience, and background and are actively committed to a culture of inclusion and respect.
________________________________ From: FIM4L fim4l-bounces@lists.daasi.de on behalf of Peter Schober peter.schober@univie.ac.at Sent: Friday, October 9, 2020 10:22 AM To: fim4l@lists.daasi.de fim4l@lists.daasi.de Subject: Re: [Fim4l] Fwd: InCites now requires users to supply email address and create a new set of credentials
* Heather Flanagan hlf@sphericalcowconsulting.com [2020-10-09 15:54]:
I’m not sure if you’re asking a question about what Clarivate is doing, if you’re asking if anyone has knowledge of other similar patterns, or if this is just an FYI?
What Davide described to me more sounded like, well, almost like a breach of contract:
Institutions have been releasing limited data to the service provider ("attributes", via "identity federation") to signal to the service provider that a person should be permitted to access resources under an institutional license. It is my understanding that has been working for many years, same as with dozens and hundreds of other services.
Now (or since whenever this was changed) members of those same instiutions are promoted/forced to register a local account even after successfully completing the federated login! So remote access (via federation) is now broken -- it is no longer sufficient to provide access -- unless one registers Yet Another Account.
On top of that, experience suggests that a significant percentage of those subjects will then enter (i.e,, "re-use") their *institutional* credentials (passwords) when forced to register for a local account at gunpoint -- a process only made worse by the connection/assotiation with the familiar/"safe" federated login process that just happened.
Does the above provide sufficient reading-between-the-lines for folks here to raise some eyebrows?
-peter _______________________________________________ FIM4L mailing list FIM4L@lists.daasi.de https://urldefense.com/v3/__http://lists.daasi.de/listinfo/fim4l__;!!OToaGQ!...
Hello Heather,
On 09/10/20 15:54, Heather Flanagan wrote:
Hello and welcome, Davide!
I’m not sure if you’re asking a question about what Clarivate is doing, if you’re asking if anyone has knowledge of other similar patterns, or if this is just an FYI?
Yes, good point. Well, the thing is that Clarivate's behavior is the exact opposite of the FIM4L recommendations, so I'd like the advice of this community in how to deal with this Publisher and possibly doing it not alone.
As Peter was pointing out, Clarivate's additional registration flow is breaking federated access and probably some contracts and privacy law as well, but I'd prefer to restrain from the legalities at least until it strictly necessary. Not to count that IDEM, as other identity federations, are not direct parties in this type of contracts.
Cheers, Davide
Heather Flanagan — Translator of Geek to Human https://sphericalcowconsulting.com On Oct 9, 2020, 2:45 AM -0700, Davide Vaghetti davide.vaghetti@garr.it, wrote:
Hello everyone,
I've sent this message to the FOG mailing list about Clarivate's InCites additional registration flow, but some Colleagues suggested that FIM4L would have been a better venue for the topic.
Regards, Davide
-------- Forwarded Message -------- Subject: InCites now requires users to supply email address and create a new set of credentials Date: Wed, 7 Oct 2020 19:18:52 +0200 From: Davide Vaghetti davide.vaghetti@garr.it To: fog@lists.refeds.org
Hello everyone,
some IdP admins and Librarians alerted us about Clarivate's InCites requiring an additional users registration after the Institutional login. The flow is similar to what Elsevier introduced in sciencedirect, but then rolled back, last year:
- it starts on https://incites.clarivate.com
- a user select "Sign in" and then "Institutional (Shibboleth) Sign In"
- once the authN flow is finished, the user is requested to register an
email address and then to set a password to access InCites
As in the case of Elsevier, the above has not been anticipated in any way from Clarivate, which so far was letting users in with just a transient nameid and ePSA.
Regards, Davide -- Davide Vaghetti Consortium GARR Tel: +390502213158 Mobile: +393357779542 Skype: daserzw _______________________________________________ FIM4L mailing list FIM4L@lists.daasi.de http://lists.daasi.de/listinfo/fim4l
Hello Davide,
Thanks for joining and for your email.
Things are coming together at a perfect timing I guess. We're almost ready to publish the final version of FIM4L Principles & Recommendations.
The idea is that libraries worldwide can refer to a common accepted document which describes how we (libraries) want to establish federated SSO connections with publishers.
Since a few weeks we have a new website where you can find this document: https://www.fim4l.org/?page_id=257
But be patient: I'll send an announcement to this list, probably by the end of this week, with a new graphical update of the FIM4L Principles & Recommendations.
When all things ready, the official published document will be backed by Europe LIBER libraries (400+) and may be of great value for you to refer too by speaking with publishers.
All the best! Jos
Jos Westerbeke Library IT Specialist / Demandmanager | Erasmus University Rotterdam | Burgemeester Oudlaan 50, Library | 3062PA Rotterdam | jos.westerbeke@eur.nl | +31 640295513
Op 09-10-20 16:43 heeft FIM4L namens Davide Vaghetti <fim4l-bounces@lists.daasi.de namens davide.vaghetti@garr.it> geschreven:
Hello Heather,
On 09/10/20 15:54, Heather Flanagan wrote: > Hello and welcome, Davide! > > I’m not sure if you’re asking a question about what Clarivate is doing, > if you’re asking if anyone has knowledge of other similar patterns, or > if this is just an FYI? >
Yes, good point. Well, the thing is that Clarivate's behavior is the exact opposite of the FIM4L recommendations, so I'd like the advice of this community in how to deal with this Publisher and possibly doing it not alone.
As Peter was pointing out, Clarivate's additional registration flow is breaking federated access and probably some contracts and privacy law as well, but I'd prefer to restrain from the legalities at least until it strictly necessary. Not to count that IDEM, as other identity federations, are not direct parties in this type of contracts.
Cheers, Davide
> Heather Flanagan — Translator of Geek to Human > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsphericalc... > On Oct 9, 2020, 2:45 AM -0700, Davide Vaghetti > davide.vaghetti@garr.it, wrote: >> Hello everyone, >> >> I've sent this message to the FOG mailing list about Clarivate's InCites >> additional registration flow, but some Colleagues suggested that FIM4L >> would have been a better venue for the topic. >> >> Regards, >> Davide >> >> -------- Forwarded Message -------- >> Subject: InCites now requires users to supply email address and create a >> new set of credentials >> Date: Wed, 7 Oct 2020 19:18:52 +0200 >> From: Davide Vaghetti davide.vaghetti@garr.it >> To: fog@lists.refeds.org >> >> Hello everyone, >> >> some IdP admins and Librarians alerted us about Clarivate's InCites >> requiring an additional users registration after the Institutional >> login. The flow is similar to what Elsevier introduced in sciencedirect, >> but then rolled back, last year: >> >> - it starts on https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fincites.cl... >> - a user select "Sign in" and then "Institutional (Shibboleth) Sign In" >> - once the authN flow is finished, the user is requested to register an >> email address and then to set a password to access InCites >> >> As in the case of Elsevier, the above has not been anticipated in any >> way from Clarivate, which so far was letting users in with just a >> transient nameid and ePSA. >> >> Regards, >> Davide >> -- >> Davide Vaghetti >> Consortium GARR >> Tel: +390502213158 >> Mobile: +393357779542 >> Skype: daserzw >> _______________________________________________ >> FIM4L mailing list >> FIM4L@lists.daasi.de >> https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.daasi...
-- Davide Vaghetti Consortium GARR Tel: +390502213158 Mobile: +393357779542 Skype: daserzw _______________________________________________ FIM4L mailing list FIM4L@lists.daasi.de https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.daasi...
Hi Jos, Davide,
let’s put together recommendations tailored for InCites base on FIM4L Principles & Recommendations. It will be great to approach Clarivate together FIM4L and federation operators. I am going draft the recommentions.
Cheers
Jiri
On Mon 12. 10. 2020 at 9:22, Jos Westerbeke jos.westerbeke@eur.nl wrote:
Hello Davide,
Thanks for joining and for your email.
Things are coming together at a perfect timing I guess. We're almost ready to publish the final version of FIM4L Principles & Recommendations.
The idea is that libraries worldwide can refer to a common accepted document which describes how we (libraries) want to establish federated SSO connections with publishers.
Since a few weeks we have a new website where you can find this document: https://www.fim4l.org/?page_id=257
But be patient: I'll send an announcement to this list, probably by the end of this week, with a new graphical update of the FIM4L Principles & Recommendations.
When all things ready, the official published document will be backed by Europe LIBER libraries (400+) and may be of great value for you to refer too by speaking with publishers.
All the best! Jos
Jos Westerbeke Library IT Specialist / Demandmanager | Erasmus University Rotterdam | Burgemeester Oudlaan 50 https://www.google.com/maps/search/Burgemeester+Oudlaan+50?entry=gmail&source=g, Library | 3062PA Rotterdam | jos.westerbeke@eur.nl | +31 640295513
Op 09-10-20 16:43 heeft FIM4L namens Davide Vaghetti < fim4l-bounces@lists.daasi.de namens davide.vaghetti@garr.it> geschreven:
Hello Heather, On 09/10/20 15:54, Heather Flanagan wrote: > Hello and welcome, Davide! > > I’m not sure if you’re asking a question about what Clarivate isdoing, > if you’re asking if anyone has knowledge of other similar patterns, or > if this is just an FYI? >
Yes, good point. Well, the thing is that Clarivate's behavior is the exact opposite of the FIM4L recommendations, so I'd like the advice of this community in how to deal with this Publisher and possibly doing it not alone. As Peter was pointing out, Clarivate's additional registration flow is breaking federated access and probably some contracts and privacy lawas well, but I'd prefer to restrain from the legalities at least until it strictly necessary. Not to count that IDEM, as other identity federations, are not direct parties in this type of contracts.
Cheers, Davide > Heather Flanagan — Translator of Geek to Human >https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsphericalc... > On Oct 9, 2020, 2:45 AM -0700, Davide Vaghetti > davide.vaghetti@garr.it, wrote: >> Hello everyone, >> >> I've sent this message to the FOG mailing list about Clarivate's InCites >> additional registration flow, but some Colleagues suggested that FIM4L >> would have been a better venue for the topic. >> >> Regards, >> Davide >> >> -------- Forwarded Message -------- >> Subject: InCites now requires users to supply email address and create a >> new set of credentials >> Date: Wed, 7 Oct 2020 19:18:52 +0200 >> From: Davide Vaghetti davide.vaghetti@garr.it >> To: fog@lists.refeds.org >> >> Hello everyone, >> >> some IdP admins and Librarians alerted us about Clarivate's InCites >> requiring an additional users registration after the Institutional >> login. The flow is similar to what Elsevier introduced in sciencedirect, >> but then rolled back, last year: >> >> - it starts on https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fincites.cl... >> - a user select "Sign in" and then "Institutional (Shibboleth) Sign In" >> - once the authN flow is finished, the user is requested to register an >> email address and then to set a password to access InCites >> >> As in the case of Elsevier, the above has not been anticipated in any >> way from Clarivate, which so far was letting users in with just a >> transient nameid and ePSA. >> >> Regards, >> Davide >> -- >> Davide Vaghetti >> Consortium GARR >> Tel: +390502213158 >> Mobile: +393357779542 >> Skype: daserzw >> _______________________________________________ >> FIM4L mailing list >> FIM4L@lists.daasi.de >> https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.daasi...
-- Davide Vaghetti Consortium GARR Tel: +390502213158 Mobile: +393357779542 Skype: daserzw _______________________________________________ FIM4L mailing list FIM4L@lists.daasi.dehttps://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.daasi...
FIM4L mailing list FIM4L@lists.daasi.de http://lists.daasi.de/listinfo/fim4l
Dear all,
there is a draft of the recommendations for InCites -
https://docs.google.com/document/d/1W1ZhKdJXkBiOvhKcm1PDvcUaPVrbFlKJmKU1_WgK...
Please feel free to comment or modify the recommendations.
All the best
Jiri
On Mon, Oct 12, 2020 at 9:41 AM Jiri Pavlik jiri.pavlik@techlib.cz wrote:
Hi Jos, Davide,
let’s put together recommendations tailored for InCites base on FIM4L Principles & Recommendations. It will be great to approach Clarivate together FIM4L and federation operators. I am going draft the recommentions.
Cheers
JiriOn Mon 12. 10. 2020 at 9:22, Jos Westerbeke jos.westerbeke@eur.nl wrote:
Hello Davide,
Thanks for joining and for your email.
Things are coming together at a perfect timing I guess. We're almost ready to publish the final version of FIM4L Principles & Recommendations.
The idea is that libraries worldwide can refer to a common accepted document which describes how we (libraries) want to establish federated SSO connections with publishers.
Since a few weeks we have a new website where you can find this document: https://www.fim4l.org/?page_id=257
But be patient: I'll send an announcement to this list, probably by the end of this week, with a new graphical update of the FIM4L Principles & Recommendations.
When all things ready, the official published document will be backed by Europe LIBER libraries (400+) and may be of great value for you to refer too by speaking with publishers.
All the best! Jos
Jos Westerbeke Library IT Specialist / Demandmanager | Erasmus University Rotterdam | Burgemeester Oudlaan 50 https://www.google.com/maps/search/Burgemeester+Oudlaan+50?entry=gmail&source=g, Library | 3062PA Rotterdam | jos.westerbeke@eur.nl | +31 640295513
Op 09-10-20 16:43 heeft FIM4L namens Davide Vaghetti < fim4l-bounces@lists.daasi.de namens davide.vaghetti@garr.it> geschreven:
Hello Heather, On 09/10/20 15:54, Heather Flanagan wrote: > Hello and welcome, Davide! > > I’m not sure if you’re asking a question about what Clarivate isdoing, > if you’re asking if anyone has knowledge of other similar patterns, or > if this is just an FYI? >
Yes, good point. Well, the thing is that Clarivate's behavior is the exact opposite of the FIM4L recommendations, so I'd like the advice of this community in how to deal with this Publisher and possibly doingit not alone.
As Peter was pointing out, Clarivate's additional registration flow is breaking federated access and probably some contracts and privacy lawas well, but I'd prefer to restrain from the legalities at least until it strictly necessary. Not to count that IDEM, as other identity federations, are not direct parties in this type of contracts.
Cheers, Davide > Heather Flanagan — Translator of Geek to Human >https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsphericalc... > On Oct 9, 2020, 2:45 AM -0700, Davide Vaghetti > davide.vaghetti@garr.it, wrote: >> Hello everyone, >> >> I've sent this message to the FOG mailing list about Clarivate's InCites >> additional registration flow, but some Colleagues suggested that FIM4L >> would have been a better venue for the topic. >> >> Regards, >> Davide >> >> -------- Forwarded Message -------- >> Subject: InCites now requires users to supply email address and create a >> new set of credentials >> Date: Wed, 7 Oct 2020 19:18:52 +0200 >> From: Davide Vaghetti davide.vaghetti@garr.it >> To: fog@lists.refeds.org >> >> Hello everyone, >> >> some IdP admins and Librarians alerted us about Clarivate's InCites >> requiring an additional users registration after the Institutional >> login. The flow is similar to what Elsevier introduced in sciencedirect, >> but then rolled back, last year: >> >> - it starts on https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fincites.cl... >> - a user select "Sign in" and then "Institutional (Shibboleth) Sign In" >> - once the authN flow is finished, the user is requested to register an >> email address and then to set a password to access InCites >> >> As in the case of Elsevier, the above has not been anticipated in any >> way from Clarivate, which so far was letting users in with just a >> transient nameid and ePSA. >> >> Regards, >> Davide >> -- >> Davide Vaghetti >> Consortium GARR >> Tel: +390502213158 >> Mobile: +393357779542 >> Skype: daserzw >> _______________________________________________ >> FIM4L mailing list >> FIM4L@lists.daasi.de >> https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.daasi...
-- Davide Vaghetti Consortium GARR Tel: +390502213158 Mobile: +393357779542 Skype: daserzw _______________________________________________ FIM4L mailing list FIM4L@lists.daasi.dehttps://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.daasi...
FIM4L mailing list FIM4L@lists.daasi.de http://lists.daasi.de/listinfo/fim4l
Hi all,
welcome here Davide, your presence here is much appreciated.
Yes it is obvious that more and more publishers see a value in collecting data ...
May be we should think about a page on our website with a list of "Publishers that are conformant with the FIM4L recommendations". This could be an insentive for publishers to not go the way we observed here. Just an idea....
What else could we do to convince publishers to be conformant?
Cheers,
Peter
Am 12.10.2020 um 09:22 schrieb Jos Westerbeke:
Hello Davide,
Thanks for joining and for your email.
Things are coming together at a perfect timing I guess. We're almost ready to publish the final version of FIM4L Principles & Recommendations.
The idea is that libraries worldwide can refer to a common accepted document which describes how we (libraries) want to establish federated SSO connections with publishers.
Since a few weeks we have a new website where you can find this document: https://www.fim4l.org/?page_id=257
But be patient: I'll send an announcement to this list, probably by the end of this week, with a new graphical update of the FIM4L Principles & Recommendations.
When all things ready, the official published document will be backed by Europe LIBER libraries (400+) and may be of great value for you to refer too by speaking with publishers.
All the best! Jos
Jos Westerbeke Library IT Specialist / Demandmanager | Erasmus University Rotterdam | Burgemeester Oudlaan 50, Library | 3062PA Rotterdam | jos.westerbeke@eur.nl | +31 640295513
Op 09-10-20 16:43 heeft FIM4L namens Davide Vaghetti <fim4l-bounces@lists.daasi.de namens davide.vaghetti@garr.it> geschreven:
Hello Heather, On 09/10/20 15:54, Heather Flanagan wrote: > Hello and welcome, Davide! > > I’m not sure if you’re asking a question about what Clarivate is doing, > if you’re asking if anyone has knowledge of other similar patterns, or > if this is just an FYI? > Yes, good point. Well, the thing is that Clarivate's behavior is the exact opposite of the FIM4L recommendations, so I'd like the advice of this community in how to deal with this Publisher and possibly doing it not alone. As Peter was pointing out, Clarivate's additional registration flow is breaking federated access and probably some contracts and privacy law as well, but I'd prefer to restrain from the legalities at least until it strictly necessary. Not to count that IDEM, as other identity federations, are not direct parties in this type of contracts. Cheers, Davide > Heather Flanagan — Translator of Geek to Human > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsphericalcowconsulting.com%2F&data=02%7C01%7Cjos.westerbeke%40eur.nl%7Cec8e9e7e9a91475f9de008d86c619b2b%7C715902d6f63e4b8d929b4bb170bad492%7C0%7C0%7C637378514315287569&sdata=ovaeYQk9zvqBzPynK7y2MDKI2X1ikf7Aoyxb2gvHWz0%3D&reserved=0 > On Oct 9, 2020, 2:45 AM -0700, Davide Vaghetti > <davide.vaghetti@garr.it>, wrote: >> Hello everyone, >> >> I've sent this message to the FOG mailing list about Clarivate's InCites >> additional registration flow, but some Colleagues suggested that FIM4L >> would have been a better venue for the topic. >> >> Regards, >> Davide >> >> -------- Forwarded Message -------- >> Subject: InCites now requires users to supply email address and create a >> new set of credentials >> Date: Wed, 7 Oct 2020 19:18:52 +0200 >> From: Davide Vaghetti <davide.vaghetti@garr.it> >> To: fog@lists.refeds.org >> >> Hello everyone, >> >> some IdP admins and Librarians alerted us about Clarivate's InCites >> requiring an additional users registration after the Institutional >> login. The flow is similar to what Elsevier introduced in sciencedirect, >> but then rolled back, last year: >> >> - it starts on https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fincites.clarivate.com%2F&data=02%7C01%7Cjos.westerbeke%40eur.nl%7Cec8e9e7e9a91475f9de008d86c619b2b%7C715902d6f63e4b8d929b4bb170bad492%7C0%7C0%7C637378514315287569&sdata=9hMtWuW25Dw6Yjjs3F3oGq48q6rJvx%2FDpsbx63FYPrg%3D&reserved=0 >> - a user select "Sign in" and then "Institutional (Shibboleth) Sign In" >> - once the authN flow is finished, the user is requested to register an >> email address and then to set a password to access InCites >> >> As in the case of Elsevier, the above has not been anticipated in any >> way from Clarivate, which so far was letting users in with just a >> transient nameid and ePSA. >> >> Regards, >> Davide >> -- >> Davide Vaghetti >> Consortium GARR >> Tel: +390502213158 >> Mobile: +393357779542 >> Skype: daserzw >> _______________________________________________ >> FIM4L mailing list >> FIM4L@lists.daasi.de >> https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.daasi.de%2Flistinfo%2Ffim4l&data=02%7C01%7Cjos.westerbeke%40eur.nl%7Cec8e9e7e9a91475f9de008d86c619b2b%7C715902d6f63e4b8d929b4bb170bad492%7C0%7C0%7C637378514315287569&sdata=Pk1uf0zSFCUACtQ8k%2BtHGq0Upv%2F5SQhN9%2BgdP%2F5xfwM%3D&reserved=0 -- Davide Vaghetti Consortium GARR Tel: +390502213158 Mobile: +393357779542 Skype: daserzw _______________________________________________ FIM4L mailing list FIM4L@lists.daasi.de https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.daasi.de%2Flistinfo%2Ffim4l&data=02%7C01%7Cjos.westerbeke%40eur.nl%7Cec8e9e7e9a91475f9de008d86c619b2b%7C715902d6f63e4b8d929b4bb170bad492%7C0%7C0%7C637378514315287569&sdata=Pk1uf0zSFCUACtQ8k%2BtHGq0Upv%2F5SQhN9%2BgdP%2F5xfwM%3D&reserved=0
FIM4L mailing list FIM4L@lists.daasi.de http://lists.daasi.de/listinfo/fim4l
Hi Peter,
we discussed what we can do on a call with Davide and Peter Schober and agreed that FIM4L should approach Clarivate regarding bad federated authentication implementation. There is a draft what FIM4L could suggest to Clarivate:
https://docs.google.com/document/d/1W1ZhKdJXkBiOvhKcm1PDvcUaPVrbFlKJmKU1_WgK...
All the best
Jiri
On Mon, Oct 19, 2020 at 7:08 PM Peter Gietz peter.gietz@daasi.de wrote:
Hi all,
welcome here Davide, your presence here is much appreciated.
Yes it is obvious that more and more publishers see a value in collecting data ...
May be we should think about a page on our website with a list of "Publishers that are conformant with the FIM4L recommendations". This could be an insentive for publishers to not go the way we observed here. Just an idea....
What else could we do to convince publishers to be conformant?
Cheers,
Peter
Am 12.10.2020 um 09:22 schrieb Jos Westerbeke:
Hello Davide,
Thanks for joining and for your email.
Things are coming together at a perfect timing I guess. We're almost
ready to publish the final version of FIM4L Principles & Recommendations.
The idea is that libraries worldwide can refer to a common accepted
document which describes how we (libraries) want to establish federated SSO connections with publishers.
Since a few weeks we have a new website where you can find this
document: https://www.fim4l.org/?page_id=257
But be patient: I'll send an announcement to this list, probably by the
end of this week, with a new graphical update of the FIM4L Principles & Recommendations.
When all things ready, the official published document will be backed by
Europe LIBER libraries (400+) and may be of great value for you to refer too by speaking with publishers.
All the best! Jos
Jos Westerbeke Library IT Specialist / Demandmanager | Erasmus University Rotterdam |
Burgemeester Oudlaan 50, Library | 3062PA Rotterdam | jos.westerbeke@eur.nl | +31 640295513
Op 09-10-20 16:43 heeft FIM4L namens Davide Vaghetti <
fim4l-bounces@lists.daasi.de namens davide.vaghetti@garr.it> geschreven:
Hello Heather, On 09/10/20 15:54, Heather Flanagan wrote: > Hello and welcome, Davide! > > I’m not sure if you’re asking a question about what Clarivate isdoing,
> if you’re asking if anyone has knowledge of other similarpatterns, or
> if this is just an FYI? > Yes, good point. Well, the thing is that Clarivate's behavior is the exact opposite of the FIM4L recommendations, so I'd like the adviceof
this community in how to deal with this Publisher and possibly doingit
not alone. As Peter was pointing out, Clarivate's additional registration flowis
breaking federated access and probably some contracts and privacylaw as
well, but I'd prefer to restrain from the legalities at least untilit
strictly necessary. Not to count that IDEM, as other identity federations, are not direct parties in this type of contracts. Cheers, Davide > Heather Flanagan — Translator of Geek to Human >https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsphericalc...
> On Oct 9, 2020, 2:45 AM -0700, Davide Vaghetti > <davide.vaghetti@garr.it>, wrote: >> Hello everyone, >> >> I've sent this message to the FOG mailing list about Clarivate'sInCites
>> additional registration flow, but some Colleagues suggested thatFIM4L
>> would have been a better venue for the topic. >> >> Regards, >> Davide >> >> -------- Forwarded Message -------- >> Subject: InCites now requires users to supply email address andcreate a
>> new set of credentials >> Date: Wed, 7 Oct 2020 19:18:52 +0200 >> From: Davide Vaghetti <davide.vaghetti@garr.it> >> To: fog@lists.refeds.org >> >> Hello everyone, >> >> some IdP admins and Librarians alerted us about Clarivate'sInCites
>> requiring an additional users registration after the Institutional >> login. The flow is similar to what Elsevier introduced insciencedirect,
>> but then rolled back, last year: >> >> - it starts onhttps://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fincites.cl...
>> - a user select "Sign in" and then "Institutional (Shibboleth)Sign In"
>> - once the authN flow is finished, the user is requested toregister an
>> email address and then to set a password to access InCites >> >> As in the case of Elsevier, the above has not been anticipated inany
>> way from Clarivate, which so far was letting users in with just a >> transient nameid and ePSA. >> >> Regards, >> Davide >> -- >> Davide Vaghetti >> Consortium GARR >> Tel: +390502213158 >> Mobile: +393357779542 >> Skype: daserzw >> _______________________________________________ >> FIM4L mailing list >> FIM4L@lists.daasi.de >>https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.daasi...
-- Davide Vaghetti Consortium GARR Tel: +390502213158 Mobile: +393357779542 Skype: daserzw _______________________________________________ FIM4L mailing list FIM4L@lists.daasi.dehttps://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.daasi...
FIM4L mailing list FIM4L@lists.daasi.de http://lists.daasi.de/listinfo/fim4l
--
Peter Gietz, CEO
DAASI International GmbH Europaplatz 3 D-72072 Tübingen Germany
phone: +49 7071 407109-0 fax: +49 7071 407109-9 email: peter.gietz@daasi.de web: www.daasi.de
Sitz der Gesellschaft: Tübingen Registergericht: Amtsgericht Stuttgart, HRB 382175 Geschäftsleitung: Peter Gietz
FIM4L mailing list FIM4L@lists.daasi.de http://lists.daasi.de/listinfo/fim4l
Hi Jiri,
Thanks for the update.
Cheers,
Peter
Am 20.10.20 um 10:27 schrieb Jiri Pavlik:
Hi Peter,
we discussed what we can do on a call with Davide and Peter Schober and agreed that FIM4L should approach Clarivate regarding bad federated authentication implementation. There is a draft what FIM4L could suggest to Clarivate:
https://docs.google.com/document/d/1W1ZhKdJXkBiOvhKcm1PDvcUaPVrbFlKJmKU1_WgK...
All the best
Jiri
On Mon, Oct 19, 2020 at 7:08 PM Peter Gietz <peter.gietz@daasi.de mailto:peter.gietz@daasi.de> wrote:
Hi all, welcome here Davide, your presence here is much appreciated. Yes it is obvious that more and more publishers see a value in collecting data ... May be we should think about a page on our website with a list of "Publishers that are conformant with the FIM4L recommendations". This could be an insentive for publishers to not go the way we observed here. Just an idea.... What else could we do to convince publishers to be conformant? Cheers, Peter Am 12.10.2020 um 09:22 schrieb Jos Westerbeke: > Hello Davide, > > Thanks for joining and for your email. > > Things are coming together at a perfect timing I guess. We're almost ready to publish the final version of FIM4L Principles & Recommendations. > > The idea is that libraries worldwide can refer to a common accepted document which describes how we (libraries) want to establish federated SSO connections with publishers. > > Since a few weeks we have a new website where you can find this document: https://www.fim4l.org/?page_id=257 > > But be patient: I'll send an announcement to this list, probably by the end of this week, with a new graphical update of the FIM4L Principles & Recommendations. > > When all things ready, the official published document will be backed by Europe LIBER libraries (400+) and may be of great value for you to refer too by speaking with publishers. > > All the best! > Jos > > Jos Westerbeke > Library IT Specialist / Demandmanager | Erasmus University Rotterdam | Burgemeester Oudlaan 50, Library | 3062PA Rotterdam | jos.westerbeke@eur.nl <mailto:jos.westerbeke@eur.nl> | +31 640295513 > > > Op 09-10-20 16:43 heeft FIM4L namens Davide Vaghetti <fim4l-bounces@lists.daasi.de <mailto:fim4l-bounces@lists.daasi.de> namens davide.vaghetti@garr.it <mailto:davide.vaghetti@garr.it>> geschreven: > > Hello Heather, > > On 09/10/20 15:54, Heather Flanagan wrote: > > Hello and welcome, Davide! > > > > I’m not sure if you’re asking a question about what Clarivate is doing, > > if you’re asking if anyone has knowledge of other similar patterns, or > > if this is just an FYI? > > > > Yes, good point. Well, the thing is that Clarivate's behavior is the > exact opposite of the FIM4L recommendations, so I'd like the advice of > this community in how to deal with this Publisher and possibly doing it > not alone. > > As Peter was pointing out, Clarivate's additional registration flow is > breaking federated access and probably some contracts and privacy law as > well, but I'd prefer to restrain from the legalities at least until it > strictly necessary. Not to count that IDEM, as other identity > federations, are not direct parties in this type of contracts. > > Cheers, > Davide > > > Heather Flanagan — Translator of Geek to Human > > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsphericalcowconsulting.com%2F&data=02%7C01%7Cjos.westerbeke%40eur.nl%7Cec8e9e7e9a91475f9de008d86c619b2b%7C715902d6f63e4b8d929b4bb170bad492%7C0%7C0%7C637378514315287569&sdata=ovaeYQk9zvqBzPynK7y2MDKI2X1ikf7Aoyxb2gvHWz0%3D&reserved=0 > > On Oct 9, 2020, 2:45 AM -0700, Davide Vaghetti > > <davide.vaghetti@garr.it <mailto:davide.vaghetti@garr.it>>, wrote: > >> Hello everyone, > >> > >> I've sent this message to the FOG mailing list about Clarivate's InCites > >> additional registration flow, but some Colleagues suggested that FIM4L > >> would have been a better venue for the topic. > >> > >> Regards, > >> Davide > >> > >> -------- Forwarded Message -------- > >> Subject: InCites now requires users to supply email address and create a > >> new set of credentials > >> Date: Wed, 7 Oct 2020 19:18:52 +0200 > >> From: Davide Vaghetti <davide.vaghetti@garr.it <mailto:davide.vaghetti@garr.it>> > >> To: fog@lists.refeds.org <mailto:fog@lists.refeds.org> > >> > >> Hello everyone, > >> > >> some IdP admins and Librarians alerted us about Clarivate's InCites > >> requiring an additional users registration after the Institutional > >> login. The flow is similar to what Elsevier introduced in sciencedirect, > >> but then rolled back, last year: > >> > >> - it starts on https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fincites.clarivate.com%2F&data=02%7C01%7Cjos.westerbeke%40eur.nl%7Cec8e9e7e9a91475f9de008d86c619b2b%7C715902d6f63e4b8d929b4bb170bad492%7C0%7C0%7C637378514315287569&sdata=9hMtWuW25Dw6Yjjs3F3oGq48q6rJvx%2FDpsbx63FYPrg%3D&reserved=0 > >> - a user select "Sign in" and then "Institutional (Shibboleth) Sign In" > >> - once the authN flow is finished, the user is requested to register an > >> email address and then to set a password to access InCites > >> > >> As in the case of Elsevier, the above has not been anticipated in any > >> way from Clarivate, which so far was letting users in with just a > >> transient nameid and ePSA. > >> > >> Regards, > >> Davide > >> -- > >> Davide Vaghetti > >> Consortium GARR > >> Tel: +390502213158 > >> Mobile: +393357779542 > >> Skype: daserzw > >> _______________________________________________ > >> FIM4L mailing list > >> FIM4L@lists.daasi.de <mailto:FIM4L@lists.daasi.de> > >> https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.daasi.de%2Flistinfo%2Ffim4l&data=02%7C01%7Cjos.westerbeke%40eur.nl%7Cec8e9e7e9a91475f9de008d86c619b2b%7C715902d6f63e4b8d929b4bb170bad492%7C0%7C0%7C637378514315287569&sdata=Pk1uf0zSFCUACtQ8k%2BtHGq0Upv%2F5SQhN9%2BgdP%2F5xfwM%3D&reserved=0 > > -- > Davide Vaghetti > Consortium GARR > Tel: +390502213158 > Mobile: +393357779542 > Skype: daserzw > _______________________________________________ > FIM4L mailing list > FIM4L@lists.daasi.de <mailto:FIM4L@lists.daasi.de> > https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.daasi.de%2Flistinfo%2Ffim4l&data=02%7C01%7Cjos.westerbeke%40eur.nl%7Cec8e9e7e9a91475f9de008d86c619b2b%7C715902d6f63e4b8d929b4bb170bad492%7C0%7C0%7C637378514315287569&sdata=Pk1uf0zSFCUACtQ8k%2BtHGq0Upv%2F5SQhN9%2BgdP%2F5xfwM%3D&reserved=0 > > > _______________________________________________ > FIM4L mailing list > FIM4L@lists.daasi.de <mailto:FIM4L@lists.daasi.de> > http://lists.daasi.de/listinfo/fim4l -- Peter Gietz, CEO DAASI International GmbH Europaplatz 3 D-72072 Tübingen Germany phone: +49 7071 407109-0 fax: +49 7071 407109-9 email: peter.gietz@daasi.de <mailto:peter.gietz@daasi.de> web: www.daasi.de <http://www.daasi.de> Sitz der Gesellschaft: Tübingen Registergericht: Amtsgericht Stuttgart, HRB 382175 Geschäftsleitung: Peter Gietz _______________________________________________ FIM4L mailing list FIM4L@lists.daasi.de <mailto:FIM4L@lists.daasi.de> http://lists.daasi.de/listinfo/fim4l
Dear all,
I believe that everyone is happy about our recommendations for Clarivate regarding federated authentication at InCites -
https://docs.google.com/document/d/1W1ZhKdJXkBiOvhKcm1PDvcUaPVrbFlKJmKU1_WgK...
I am going to reach out Clarivate representatives within few days with Cc to FIM4L list as we agreed on FIM4L WG call last week.
Kind regards
Jiri
On Fri, Oct 23, 2020 at 7:27 PM Peter Gietz peter.gietz@daasi.de wrote:
Hi Jiri,
Thanks for the update.
Cheers,
Peter Am 20.10.20 um 10:27 schrieb Jiri Pavlik:
Hi Peter,
we discussed what we can do on a call with Davide and Peter Schober and agreed that FIM4L should approach Clarivate regarding bad federated authentication implementation. There is a draft what FIM4L could suggest to Clarivate:
https://docs.google.com/document/d/1W1ZhKdJXkBiOvhKcm1PDvcUaPVrbFlKJmKU1_WgK...
All the best
JiriOn Mon, Oct 19, 2020 at 7:08 PM Peter Gietz peter.gietz@daasi.de wrote:
Hi all,
welcome here Davide, your presence here is much appreciated.
Yes it is obvious that more and more publishers see a value in collecting data ...
May be we should think about a page on our website with a list of "Publishers that are conformant with the FIM4L recommendations". This could be an insentive for publishers to not go the way we observed here. Just an idea....
What else could we do to convince publishers to be conformant?
Cheers,
Peter
Am 12.10.2020 um 09:22 schrieb Jos Westerbeke:
Hello Davide,
Thanks for joining and for your email.
Things are coming together at a perfect timing I guess. We're almost
ready to publish the final version of FIM4L Principles & Recommendations.
The idea is that libraries worldwide can refer to a common accepted
document which describes how we (libraries) want to establish federated SSO connections with publishers.
Since a few weeks we have a new website where you can find this
document: https://www.fim4l.org/?page_id=257
But be patient: I'll send an announcement to this list, probably by the
end of this week, with a new graphical update of the FIM4L Principles & Recommendations.
When all things ready, the official published document will be backed
by Europe LIBER libraries (400+) and may be of great value for you to refer too by speaking with publishers.
All the best! Jos
Jos Westerbeke Library IT Specialist / Demandmanager | Erasmus University Rotterdam |
Burgemeester Oudlaan 50, Library | 3062PA Rotterdam | jos.westerbeke@eur.nl | +31 640295513
Op 09-10-20 16:43 heeft FIM4L namens Davide Vaghetti <
fim4l-bounces@lists.daasi.de namens davide.vaghetti@garr.it> geschreven:
Hello Heather, On 09/10/20 15:54, Heather Flanagan wrote: > Hello and welcome, Davide! > > I’m not sure if you’re asking a question about what Clarivate isdoing,
> if you’re asking if anyone has knowledge of other similarpatterns, or
> if this is just an FYI? > Yes, good point. Well, the thing is that Clarivate's behavior is the exact opposite of the FIM4L recommendations, so I'd like the adviceof
this community in how to deal with this Publisher and possiblydoing it
not alone. As Peter was pointing out, Clarivate's additional registration flowis
breaking federated access and probably some contracts and privacylaw as
well, but I'd prefer to restrain from the legalities at least untilit
strictly necessary. Not to count that IDEM, as other identity federations, are not direct parties in this type of contracts. Cheers, Davide > Heather Flanagan — Translator of Geek to Human >https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsphericalc...
> On Oct 9, 2020, 2:45 AM -0700, Davide Vaghetti > <davide.vaghetti@garr.it>, wrote: >> Hello everyone, >> >> I've sent this message to the FOG mailing list about Clarivate'sInCites
>> additional registration flow, but some Colleagues suggested thatFIM4L
>> would have been a better venue for the topic. >> >> Regards, >> Davide >> >> -------- Forwarded Message -------- >> Subject: InCites now requires users to supply email address andcreate a
>> new set of credentials >> Date: Wed, 7 Oct 2020 19:18:52 +0200 >> From: Davide Vaghetti <davide.vaghetti@garr.it> >> To: fog@lists.refeds.org >> >> Hello everyone, >> >> some IdP admins and Librarians alerted us about Clarivate'sInCites
>> requiring an additional users registration after theInstitutional
>> login. The flow is similar to what Elsevier introduced insciencedirect,
>> but then rolled back, last year: >> >> - it starts onhttps://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fincites.cl...
>> - a user select "Sign in" and then "Institutional (Shibboleth)Sign In"
>> - once the authN flow is finished, the user is requested toregister an
>> email address and then to set a password to access InCites >> >> As in the case of Elsevier, the above has not been anticipatedin any
>> way from Clarivate, which so far was letting users in with just a >> transient nameid and ePSA. >> >> Regards, >> Davide >> -- >> Davide Vaghetti >> Consortium GARR >> Tel: +390502213158 >> Mobile: +393357779542 >> Skype: daserzw >> _______________________________________________ >> FIM4L mailing list >> FIM4L@lists.daasi.de >>https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.daasi...
-- Davide Vaghetti Consortium GARR Tel: +390502213158 Mobile: +393357779542 Skype: daserzw _______________________________________________ FIM4L mailing list FIM4L@lists.daasi.dehttps://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.daasi...
FIM4L mailing list FIM4L@lists.daasi.de http://lists.daasi.de/listinfo/fim4l
--
Peter Gietz, CEO
DAASI International GmbH Europaplatz 3 D-72072 Tübingen Germany
phone: +49 7071 407109-0 fax: +49 7071 407109-9 email: peter.gietz@daasi.de web: www.daasi.de
Sitz der Gesellschaft: Tübingen Registergericht: Amtsgericht Stuttgart, HRB 382175 Geschäftsleitung: Peter Gietz
FIM4L mailing list FIM4L@lists.daasi.de http://lists.daasi.de/listinfo/fim4l
--
Peter Gietz, CEO
DAASI International GmbH Europaplatz 3 D-72072 Tübingen Germany
phone: +49 7071 407109-0 fax: +49 7071 407109-9 email: peter.gietz@daasi.de web: www.daasi.de
Sitz der Gesellschaft: Tübingen Registergericht: Amtsgericht Stuttgart, HRB 382175 Geschäftsleitung: Peter Gietz
Teilnehmer (7)
-
Davide Vaghetti -
Heather Flanagan -
Jiri Pavlik -
Jos Westerbeke -
Peter Gietz -
Peter Schober -
Tim McGeary