Resource Access for the 21st Century, RA21 Update: Pilots Advance to Improve Authentication and Authorization for Content by Elsevier's Chris Shillum and Ann Gabriel reported on the effort by the oligopoly publishers to replace IP address authorization with Shibboleth. Below the fold, some commentary.
RA21 is presented as primarily a way to improve the user experience, and secondarily as a way of making life simpler for the customers (libraries). But in reality it is an attempt to cut off the supply of content to Sci-Hub. As such, it got a fairly rough reception, for three main reasons:
- In an open access world, there's no need for authorization. Thus this is yet more of the publishers' efforts to co-opt librarians into being "personal shoppers moonlighting as border guards" as Barbara Fister puts it. As someone who has been involved in implementing Shibboleth and connecting to institution's identity infrastructure I can testify that the switch to Shibboleth might in the long run make librarians lives easier but between now and the long run there stands a whole lot of work. Since it is intended to protect their bottom lines, the publishers should pay for this work. But instead they are apparently seeking grant funding for their pilot program, which is pretty cheeky. Maintaining their bottom line is not exactly in the public, or the funding agencies, interest.
- The analysis of the user experience problem on which the PR for this effort is based is flawed, because it is publisher-centric. Sure, Shibboleth could potentially reduce the burden on the off-campus user of logging in to many different publisher Web sites. But if that is the problem, there are much simpler solutions to hand that libraries, rather than publishers, can implement. Simply proxy everything, as Sam Kome (see here) reported the Claremont Colleges do successfully, or use VPNs (which would have the additional benefit of making off-campus users much safer). But, as studies of the use of Sci-Hub show, the real problem is the existence of the many different publisher Web sites, not the need to log into them. What readers want is a single portal providing access to the entire academic literature, so they only have to learn one user interface. Yet another example of the power of increasing returns to scale in the Web world.
- Even if in an ideal world the use of Shibboleth could completely prevent the use of compromised credentials to supply sites such as Sci-Hub, which in the real world it can't, doing so is in no-one's interest. The presence of copies on these sites is not a problem for readers, whether or not they use those copies. The presence of copies on those sites is in the librarian's interests, as they may exert downward pressure on publisher prices. If copies elsewhere were really a serious problem, ResearchGate's 100M copies, about half of which are apparently copyright violations, would be twice as big a threat as Sci-Hub. None of those copyright violations are the result of compromised credentials, so Shibboleth implementation wouldn't cut them off. Publishers seem content to live with ResearchGate.