[Fim4l] Reasonable lenght of SP's session

Jos Westerbeke jos.westerbeke at eur.nl
Fri Feb 28 14:25:46 CET 2020

Hi Meshna,

As Bernd, I don't think this would break any unwritten rules.

However, I consulted one of our Faculty Liaisons about your questions, and we think that the library would prefer to be in self-control about access. So that access to e-resources are in line with access to the library network. An extended period of access for months, should not be based on a relationship with the library.

As far as we can give a say on that...


On 27/02/2020, 11:32, "FIM4L on behalf of Bernd Oberknapp" <fim4l-bounces at lists.daasi.de on behalf of bo at ub.uni-freiburg.de> wrote:

    On 26.02.20 13:28, Koren, Meshna (ELS-AMS) wrote:
    > We know what the risk for Elsevier would have been if we allowed a user to be remembered, and clearly we'd need to be able to manage mass download. I was more wondering whether allowing the user to be remembered for an extended period of time would in some way be inconvenient to the IdPs/institutions. Would we be breaking some unwritten FIM rules by remembering a user for 3 month (this is just an arbitrary lenght)?
    I don't think this would break unwritten rules, but this could cause 
    problems. One issue could be that users only allowed to access the 
    licensed content as walk-in-patrons could get access from everywhere by 
    simply visiting the library every 3 months - another issue you would 
    have to address in license contracts (not just new license contracts but 
    all existing ones...). Another issue could be users affilitated with 
    multiple institutions, they would need an option to "be forgotten" (or 
    you would have to allow multiple simultaneous logins as SpringerLink 
    does). I think such a remember me feature also could make things more 
    complex for the library help desk. As already mentioned this would add 
    usage from users no longer affiliated with the institution which might 
    have unwanted effects.
    >>From the IdP perspective that would mean that users that have signed in to IdP every day would then sign in every 3 month. It would also mean that a user that is disabled through IdP (because they leave the institution) can still access institutional subscriptions for another 3 month.
    > Does anyone keep track of that? Does anyone care? Is a daily control of usage expected/desired by anyone? Is there some other reason that we should keep a user signed in for 3 month?
    We keep track of how many authentications occurs for SPs, but we don't 
    use that information for any evaluations. Of course we are not allowed 
    to keep track of how often individual users authenticate.
    Note that the ScienceDirect SP currently is in the DFN-AAI Advanced 
    which requires user information to be updated within two weeks. Some 
    institutions that are not able to meet this requirement might question 
    why Elsevier requires the Advanced level when users can access 
    ScienceDirect for several months after leaving the institution via the 
    remember me feature.
    Best regards,
    Bernd Oberknapp
    Gesamtleitung ReDI
    Albert-Ludwigs-Universität Freiburg
    Platz der Universität 2 | Postfach 1629
    D-79098 Freiburg        | D-79016 Freiburg
    Telefon:  +49 761 203-3852
    Telefax:  +49 761 203-3987
    E-Mail:   bo at ub.uni-freiburg.de
    Internet: www.ub.uni-freiburg.de

More information about the FIM4L mailing list