[Fim4l] Reasonable lenght of SP's session
peter.gietz at daasi.de
Fri Feb 28 20:50:44 CET 2020
just to also give you my 2 cent: I think the SP Session duration should
be similar to the average IdP Session duration, which is something
between 8 and 10 hours.
This thread provided a lot of arguments for that.
Am 28.02.20 um 14:25 schrieb Jos Westerbeke:
> Hi Meshna,
> As Bernd, I don't think this would break any unwritten rules.
> However, I consulted one of our Faculty Liaisons about your questions, and we think that the library would prefer to be in self-control about access. So that access to e-resources are in line with access to the library network. An extended period of access for months, should not be based on a relationship with the library.
> As far as we can give a say on that...
> On 27/02/2020, 11:32, "FIM4L on behalf of Bernd Oberknapp" <fim4l-bounces at lists.daasi.de on behalf of bo at ub.uni-freiburg.de> wrote:
> On 26.02.20 13:28, Koren, Meshna (ELS-AMS) wrote:
> > We know what the risk for Elsevier would have been if we allowed a user to be remembered, and clearly we'd need to be able to manage mass download. I was more wondering whether allowing the user to be remembered for an extended period of time would in some way be inconvenient to the IdPs/institutions. Would we be breaking some unwritten FIM rules by remembering a user for 3 month (this is just an arbitrary lenght)?
> I don't think this would break unwritten rules, but this could cause
> problems. One issue could be that users only allowed to access the
> licensed content as walk-in-patrons could get access from everywhere by
> simply visiting the library every 3 months - another issue you would
> have to address in license contracts (not just new license contracts but
> all existing ones...). Another issue could be users affilitated with
> multiple institutions, they would need an option to "be forgotten" (or
> you would have to allow multiple simultaneous logins as SpringerLink
> does). I think such a remember me feature also could make things more
> complex for the library help desk. As already mentioned this would add
> usage from users no longer affiliated with the institution which might
> have unwanted effects.
> >>From the IdP perspective that would mean that users that have signed in to IdP every day would then sign in every 3 month. It would also mean that a user that is disabled through IdP (because they leave the institution) can still access institutional subscriptions for another 3 month.
> > Does anyone keep track of that? Does anyone care? Is a daily control of usage expected/desired by anyone? Is there some other reason that we should keep a user signed in for 3 month?
> We keep track of how many authentications occurs for SPs, but we don't
> use that information for any evaluations. Of course we are not allowed
> to keep track of how often individual users authenticate.
> Note that the ScienceDirect SP currently is in the DFN-AAI Advanced
> which requires user information to be updated within two weeks. Some
> institutions that are not able to meet this requirement might question
> why Elsevier requires the Advanced level when users can access
> ScienceDirect for several months after leaving the institution via the
> remember me feature.
> Best regards,
> Bernd Oberknapp
> Gesamtleitung ReDI
> Albert-Ludwigs-Universität Freiburg
> Platz der Universität 2 | Postfach 1629
> D-79098 Freiburg | D-79016 Freiburg
> Telefon: +49 761 203-3852
> Telefax: +49 761 203-3987
> E-Mail: bo at ub.uni-freiburg.de
> Internet: www.ub.uni-freiburg.de
> FIM4L mailing list
> FIM4L at lists.daasi.de
Peter Gietz, CEO
DAASI International GmbH
phone: +49 7071 407109-0
fax: +49 7071 407109-9
email: peter.gietz at daasi.de
Sitz der Gesellschaft: Tübingen
Registergericht: Amtsgericht Stuttgart, HRB 382175
Geschäftsleitung: Peter Gietz
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1753 bytes
Desc: not available
More information about the FIM4L