[Fim4l] Reasonable lenght of SP's session

Peter Gietz peter.gietz at daasi.de
Fri Feb 28 20:50:44 CET 2020

Hi Meshna,

just to also give you my 2 cent: I think the SP Session duration should
be similar to the average IdP Session duration, which is something
between 8 and 10 hours.

This thread provided a lot of arguments for that.



Am 28.02.20 um 14:25 schrieb Jos Westerbeke:
> Hi Meshna,
> As Bernd, I don't think this would break any unwritten rules.
> However, I consulted one of our Faculty Liaisons about your questions, and we think that the library would prefer to be in self-control about access. So that access to e-resources are in line with access to the library network. An extended period of access for months, should not be based on a relationship with the library.
> As far as we can give a say on that...
> Best,
> Jos
> On 27/02/2020, 11:32, "FIM4L on behalf of Bernd Oberknapp" <fim4l-bounces at lists.daasi.de on behalf of bo at ub.uni-freiburg.de> wrote:
>     On 26.02.20 13:28, Koren, Meshna (ELS-AMS) wrote:
>     > We know what the risk for Elsevier would have been if we allowed a user to be remembered, and clearly we'd need to be able to manage mass download. I was more wondering whether allowing the user to be remembered for an extended period of time would in some way be inconvenient to the IdPs/institutions. Would we be breaking some unwritten FIM rules by remembering a user for 3 month (this is just an arbitrary lenght)?
>     I don't think this would break unwritten rules, but this could cause 
>     problems. One issue could be that users only allowed to access the 
>     licensed content as walk-in-patrons could get access from everywhere by 
>     simply visiting the library every 3 months - another issue you would 
>     have to address in license contracts (not just new license contracts but 
>     all existing ones...). Another issue could be users affilitated with 
>     multiple institutions, they would need an option to "be forgotten" (or 
>     you would have to allow multiple simultaneous logins as SpringerLink 
>     does). I think such a remember me feature also could make things more 
>     complex for the library help desk. As already mentioned this would add 
>     usage from users no longer affiliated with the institution which might 
>     have unwanted effects.
>     >>From the IdP perspective that would mean that users that have signed in to IdP every day would then sign in every 3 month. It would also mean that a user that is disabled through IdP (because they leave the institution) can still access institutional subscriptions for another 3 month.
>     > 
>     > Does anyone keep track of that? Does anyone care? Is a daily control of usage expected/desired by anyone? Is there some other reason that we should keep a user signed in for 3 month?
>     We keep track of how many authentications occurs for SPs, but we don't 
>     use that information for any evaluations. Of course we are not allowed 
>     to keep track of how often individual users authenticate.
>     Note that the ScienceDirect SP currently is in the DFN-AAI Advanced 
>     which requires user information to be updated within two weeks. Some 
>     institutions that are not able to meet this requirement might question 
>     why Elsevier requires the Advanced level when users can access 
>     ScienceDirect for several months after leaving the institution via the 
>     remember me feature.
>     Best regards,
>     Bernd
>     -- 
>     Bernd Oberknapp
>     Gesamtleitung ReDI
>     Albert-Ludwigs-Universität Freiburg
>     Universitätsbibliothek
>     Platz der Universität 2 | Postfach 1629
>     D-79098 Freiburg        | D-79016 Freiburg
>     Telefon:  +49 761 203-3852
>     Telefax:  +49 761 203-3987
>     E-Mail:   bo at ub.uni-freiburg.de
>     Internet: www.ub.uni-freiburg.de
> _______________________________________________
> FIM4L mailing list
> FIM4L at lists.daasi.de
> http://lists.daasi.de/listinfo/fim4l


Peter Gietz, CEO

DAASI International GmbH        
Europaplatz 3                   
D-72072 Tübingen                

phone: +49 7071 407109-0
fax:   +49 7071 407109-9  
email: peter.gietz at daasi.de
web:   www.daasi.de

Sitz der Gesellschaft: Tübingen
Registergericht: Amtsgericht Stuttgart, HRB 382175
Geschäftsleitung: Peter Gietz

-------------- next part --------------
A non-text attachment was scrubbed...
Name: pEpkey.asc
Type: application/pgp-keys
Size: 1753 bytes
Desc: not available
URL: <http://lists.daasi.de/pipermail/fim4l/attachments/20200228/83752749/attachment.bin>

More information about the FIM4L mailing list