[Fim4l] Fwd: InCites now requires users to supply email address and create a new set of credentials

Jiri Pavlik jiri.pavlik at techlib.cz
Tue Oct 20 10:27:39 CEST 2020 

Hi Peter,

we discussed what we can do on a call with Davide and Peter Schober and
agreed that FIM4L should approach Clarivate regarding bad federated
authentication
implementation. There is a draft what FIM4L could suggest to Clarivate:

https://docs.google.com/document/d/1W1ZhKdJXkBiOvhKcm1PDvcUaPVrbFlKJmKU1_WgKno8/edit?usp=sharing

All the best

               Jiri



On Mon, Oct 19, 2020 at 7:08 PM Peter Gietz <peter.gietz at daasi.de> wrote:

> Hi all,
>
> welcome here Davide, your presence here is much appreciated.
>
> Yes it is obvious that more and more publishers see a value in
> collecting data ...
>
> May be we should think about a page on our website with a list of
> "Publishers that are conformant with the FIM4L recommendations". This
> could be an insentive for publishers to not go the way we observed here.
> Just an idea....
>
> What else could we do to convince publishers to be conformant?
>
> Cheers,
>
> Peter
>
> Am 12.10.2020 um 09:22 schrieb Jos Westerbeke:
> > Hello Davide,
> >
> > Thanks for joining and for your email.
> >
> > Things are coming together at a perfect timing I guess. We're almost
> ready to publish the final version of FIM4L Principles & Recommendations.
> >
> > The idea is that libraries worldwide can refer to a common accepted
> document which describes how we (libraries) want to establish federated SSO
> connections with publishers.
> >
> > Since a few weeks we have a new website where you can find this
> document: https://www.fim4l.org/?page_id=257
> >
> > But be patient: I'll send an announcement to this list, probably by the
> end of this week, with a new graphical update of the FIM4L Principles &
> Recommendations.
> >
> > When all things ready, the official published document will be backed by
> Europe LIBER libraries (400+) and may be of great value for you to refer
> too by speaking with publishers.
> >
> > All the best!
> > Jos
> >
> > Jos Westerbeke
> > Library IT Specialist / Demandmanager  | Erasmus University Rotterdam |
> Burgemeester Oudlaan 50, Library | 3062PA Rotterdam |
> jos.westerbeke at eur.nl | +31 640295513
> >
> >
> > Op 09-10-20 16:43 heeft FIM4L namens Davide Vaghetti <
> fim4l-bounces at lists.daasi.de namens davide.vaghetti at garr.it> geschreven:
> >
> >     Hello Heather,
> >
> >     On 09/10/20 15:54, Heather Flanagan wrote:
> >     > Hello and welcome, Davide!
> >     >
> >     > I’m not sure if you’re asking a question about what Clarivate is
> doing,
> >     > if you’re asking if anyone has knowledge of other similar
> patterns, or
> >     > if this is just an FYI?
> >     >
> >
> >     Yes, good point. Well, the thing is that Clarivate's behavior is the
> >     exact opposite of the FIM4L recommendations, so I'd like the advice
> of
> >     this community in how to deal with this Publisher and possibly doing
> it
> >     not alone.
> >
> >     As Peter was pointing out, Clarivate's additional registration flow
> is
> >     breaking federated access and probably some contracts and privacy
> law as
> >     well, but I'd prefer to restrain from the legalities at least until
> it
> >     strictly necessary. Not to count that IDEM, as other identity
> >     federations, are not direct parties in this type of contracts.
> >
> >     Cheers,
> >     Davide
> >
> >     > Heather Flanagan — Translator of Geek to Human
> >     >
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsphericalcowconsulting.com%2F&data=02%7C01%7Cjos.westerbeke%40eur.nl%7Cec8e9e7e9a91475f9de008d86c619b2b%7C715902d6f63e4b8d929b4bb170bad492%7C0%7C0%7C637378514315287569&sdata=ovaeYQk9zvqBzPynK7y2MDKI2X1ikf7Aoyxb2gvHWz0%3D&reserved=0
> >     > On Oct 9, 2020, 2:45 AM -0700, Davide Vaghetti
> >     > <davide.vaghetti at garr.it>, wrote:
> >     >> Hello everyone,
> >     >>
> >     >> I've sent this message to the FOG mailing list about Clarivate's
> InCites
> >     >> additional registration flow, but some Colleagues suggested that
> FIM4L
> >     >> would have been a better venue for the topic.
> >     >>
> >     >> Regards,
> >     >> Davide
> >     >>
> >     >> -------- Forwarded Message --------
> >     >> Subject: InCites now requires users to supply email address and
> create a
> >     >> new set of credentials
> >     >> Date: Wed, 7 Oct 2020 19:18:52 +0200
> >     >> From: Davide Vaghetti <davide.vaghetti at garr.it>
> >     >> To: fog at lists.refeds.org
> >     >>
> >     >> Hello everyone,
> >     >>
> >     >> some IdP admins and Librarians alerted us about Clarivate's
> InCites
> >     >> requiring an additional users registration after the Institutional
> >     >> login. The flow is similar to what Elsevier introduced in
> sciencedirect,
> >     >> but then rolled back, last year:
> >     >>
> >     >> - it starts on
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fincites.clarivate.com%2F&data=02%7C01%7Cjos.westerbeke%40eur.nl%7Cec8e9e7e9a91475f9de008d86c619b2b%7C715902d6f63e4b8d929b4bb170bad492%7C0%7C0%7C637378514315287569&sdata=9hMtWuW25Dw6Yjjs3F3oGq48q6rJvx%2FDpsbx63FYPrg%3D&reserved=0
> >     >> - a user select "Sign in" and then "Institutional (Shibboleth)
> Sign In"
> >     >> - once the authN flow is finished, the user is requested to
> register an
> >     >> email address and then to set a password to access InCites
> >     >>
> >     >> As in the case of Elsevier, the above has not been anticipated in
> any
> >     >> way from Clarivate, which so far was letting users in with just a
> >     >> transient nameid and ePSA.
> >     >>
> >     >> Regards,
> >     >> Davide
> >     >> --
> >     >> Davide Vaghetti
> >     >> Consortium GARR
> >     >> Tel: +390502213158
> >     >> Mobile: +393357779542
> >     >> Skype: daserzw
> >     >> _______________________________________________
> >     >> FIM4L mailing list
> >     >> FIM4L at lists.daasi.de
> >     >>
> https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.daasi.de%2Flistinfo%2Ffim4l&data=02%7C01%7Cjos.westerbeke%40eur.nl%7Cec8e9e7e9a91475f9de008d86c619b2b%7C715902d6f63e4b8d929b4bb170bad492%7C0%7C0%7C637378514315287569&sdata=Pk1uf0zSFCUACtQ8k%2BtHGq0Upv%2F5SQhN9%2BgdP%2F5xfwM%3D&reserved=0
> >
> >     --
> >     Davide Vaghetti
> >     Consortium GARR
> >     Tel: +390502213158
> >     Mobile: +393357779542
> >     Skype: daserzw
> >     _______________________________________________
> >     FIM4L mailing list
> >     FIM4L at lists.daasi.de
> >
> https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.daasi.de%2Flistinfo%2Ffim4l&data=02%7C01%7Cjos.westerbeke%40eur.nl%7Cec8e9e7e9a91475f9de008d86c619b2b%7C715902d6f63e4b8d929b4bb170bad492%7C0%7C0%7C637378514315287569&sdata=Pk1uf0zSFCUACtQ8k%2BtHGq0Upv%2F5SQhN9%2BgdP%2F5xfwM%3D&reserved=0
> >
> >
> > _______________________________________________
> > FIM4L mailing list
> > FIM4L at lists.daasi.de
> > http://lists.daasi.de/listinfo/fim4l
>
> --
>
> Peter Gietz, CEO
>
> DAASI International GmbH
> Europaplatz 3
> D-72072 Tübingen
> Germany
>
> phone: +49 7071 407109-0
> fax:   +49 7071 407109-9
> email: peter.gietz at daasi.de
> web:   www.daasi.de
>
> Sitz der Gesellschaft: Tübingen
> Registergericht: Amtsgericht Stuttgart, HRB 382175
> Geschäftsleitung: Peter Gietz
>
> _______________________________________________
> FIM4L mailing list
> FIM4L at lists.daasi.de
> http://lists.daasi.de/listinfo/fim4l
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.daasi.de/pipermail/fim4l/attachments/20201020/22f89454/attachment-0001.html>

More information about the FIM4L mailing list