[Fim4l] Scopus

Koren, Meshna (ELS-AMS) M.Koren at elsevier.com
Sat Jul 20 00:46:22 CEST 2019


That will be different per SP.

Elsevier is updating the access management system from old to new. In the old system a user would lose access to their previous user account when the value of targetedID changed. A persistent NameID is generated in a different way than ePTID so that value would most likely change. There's nothing we can do for such user because a SAML attribute is only validated via a SAML assertion.

In the new system we allow a user to 'link their new credentials' to their existing user account if their attributes change, provided they use the same email address they have used before. You can see that here: https://service.elsevier.com/app/answers/detail/a_id/29105/supporthub/elsevieraccess

This new system is gradually being implemented across products; quite a lot of work.

Kind regards,
Meshna


-----Original Message-----
From: FIM4L <fim4l-bounces at lists.daasi.de> On Behalf Of Bernd Oberknapp
Sent: Friday, July 19, 2019 16:22
To: fim4l at lists.daasi.de
Subject: Re: [Fim4l] Scopus

*** External email: use caution ***



I'm wondering what happens if the identifiers sent by an IdP change (identifier added or removed, switch from eduPersonTargetedID to persistent ID or vice versa)? Would the users be able to request an initial password for their email address and, if the IdP sends an identifier, connect their existing Elsevier user account to a new identifier?

Best regards,
Bernd


On 19.07.19 15:01, Koren, Meshna (ELS-AMS) wrote:
> Yes, there are. I don't exactly know how many because no way of reporting on this, but there have always been users from institutions that aren't able to activate personalization because of that and they come and complain.
>
> Please note that our SP, specifically, can make use of eduPersonTargetedID or a Persistent NameID for this purpose; which one the IdP releases depends, I guess, on the software they use (and in some cases on what the federation recommends/configures).
>
> We're currently not requesting or requiring any attributes through our UK Federation metadata because there isn't a perfect way of doing that, and not requesting anything seems to be a lesser problem than otherwise. We don't need to alarm any existing IdPs into changing the released attributes because that would again cause trouble for end users... until we address that problem. It's a work in progress.
>
> We are requesting them through some federations, as you've noticed; that's because at the time of integration that was possible, and done, and it doesn't need to change.
>
> Kind regards,
> Meshna
>
>
>
> -----Original Message-----
> From: FIM4L <fim4l-bounces at lists.daasi.de> On Behalf Of Jiri Pavlik
> Sent: Friday, July 19, 2019 10:24
> To: fim4l at lists.daasi.de
> Subject: Re: [Fim4l] Scopus
>
> *** External email: use caution ***
>
>
>
> Hi,
>
> thanks a lot for your comments, Meshna, Leif, Raoul, Peter, Bernd.
>
> Could you share with us, Meshna, whether there are some IdPs which are not releasing targetedID to Elsevier SP currently?
> This would worth to address in order to avoid users confusion and discomfort when using federated authentication at Elsevier services. I belive there are no such IdPs from eduID.cz despide that requested attributes are missing in Elsevier SP metadata registered in eduGAIN.
>
> Best regards
>
>                 Jiri
>
> On Thu, Jul 18, 2019 at 10:18 PM Koren, Meshna (ELS-AMS) <M.Koren at elsevier.com> wrote:
>>
>> We (Elsevier; as Scopus doesn't have its own SP) tie a targetedID to
>> an 'Elsevier user account' which is created in our database when a
>> user decides to 'activate personalization', so that next time when a
>> user accesses Elsevier product via the IdP, they can access their
>> institutional entitlements AND their personal features with one set
>> of credentials in one go. ('Activate personalization' means the same
>> as 'register' or 'create user account'.)
>>
>> That is the only way we use targetedID.
>>
>> "So it's not enough to provide them with the ability to track every movement and every resource one accesses (based on a pseudonymous identifier released by the IDP), they will /only/ offer you the benefit of personalization features if you /also/ tell them exactly who you are with name and email?!
>>
>> Of course that fully undermines the point of sending them pseudonymous identifiers in the first place."
>>
>> That's upside down. Something to do with GDPR. We don't create user profiles without user's action. We don't use targetedID to track a user or to maintain a session across different products; that would be useless and unnecessarily complicated, seeing most of our users don't use federated access in the first place.
>>
>> An IdP doesn't need to release a targetedID. A user can register without it (email + password) if they want to, but then they'll have two sets of credentials and some of them will be eternally confused or annoyed because they can either access subscribed content or their personal features, but not both. They will of course register at other SPs and end up with more credentials, or all these emails with different passwords, or with the same passwords... which completely defies the purpose of federated access.
>>
>> Kind regards,
>> Meshna
>>
>>
>>
>> Meshna Koren
>>
>> Associate Product Manager
>> Product Management - Identity and Platform - Research Products
>>
>> Elsevier BV
>> Radarweg 29, Amsterdam 1043 NX, The Netherlands m.koren at elsevier.com
>>
>> Federated Access - SAML, Shibboleth, Corporate SSO, OpenAthens,
>> Institutional Login
>>
>>
>>
>>
>> -----Original Message-----
>> From: FIM4L <fim4l-bounces at lists.daasi.de> On Behalf Of Leif
>> Johansson
>> Sent: Thursday, July 18, 2019 22:01
>> To: fim4l at lists.daasi.de
>> Subject: Re: [Fim4l] Scopus
>>
>> *** External email: use caution ***
>>
>>
>>
>>>
>>> So it's not enough to provide them with the ability to track every
>>> movement and every resource one accesses (based on a pseudonymous
>>> identifier released by the IDP), they will /only/ offer you the
>>> benefit of personalisation features if you /also/ tell them exctly
>>> who you are with name and email?!
>>>
>>
>> Dude you can provide any information you like there... Thats exactly what a pseudonym is!
>>
>>          Cheers Leif
>> _______________________________________________
>> FIM4L mailing list
>> FIM4L at lists.daasi.de
>> http://lists.daasi.de/listinfo/fim4l
>>
>> ________________________________
>>
>> Elsevier B.V. Registered Office: Radarweg 29, 1043 NX Amsterdam, The Netherlands, Registration No. 33156677, Registered in The Netherlands.
>> _______________________________________________
>> FIM4L mailing list
>> FIM4L at lists.daasi.de
>> http://lists.daasi.de/listinfo/fim4l
> _______________________________________________
> FIM4L mailing list
> FIM4L at lists.daasi.de
> http://lists.daasi.de/listinfo/fim4l
>
> ________________________________
>
> Elsevier B.V. Registered Office: Radarweg 29, 1043 NX Amsterdam, The Netherlands, Registration No. 33156677, Registered in The Netherlands.
> _______________________________________________
> FIM4L mailing list
> FIM4L at lists.daasi.de
> http://lists.daasi.de/listinfo/fim4l
>


--
Bernd Oberknapp
Gesamtleitung ReDI

Albert-Ludwigs-Universität Freiburg
Universitätsbibliothek
Platz der Universität 2 | Postfach 1629
D-79098 Freiburg        | D-79016 Freiburg

Telefon:  +49 761 203-3852
Telefax:  +49 761 203-3987
E-Mail:   bo at ub.uni-freiburg.de
Internet: www.ub.uni-freiburg.de


________________________________

Elsevier B.V. Registered Office: Radarweg 29, 1043 NX Amsterdam, The Netherlands, Registration No. 33156677, Registered in The Netherlands.


More information about the FIM4L mailing list