Identity & Access management (IAM) used to be relatively simple for publishers – business models were largely subscription based and authentication was largely based on IP ranges and username/password.

However, IAM is getting a lot more complex and the following 3 access management trends are impacting future sales and usage growth opportunities for publishers. Publishers should review their existing IAM strategy in light of these developments and determine whether they have adequate plans in place to support future growth.


1Enabling new growth opportunities

Publishers have several potential engines for growth in a crowded market, including developing new products and business models, opening up new market segments, and acquiring existing products and businesses. However, all of these options require more agile and powerful IAM systems:

  • Additional authentication methods will be needed to maximize the range of user types that can be addressed, such as academic institutions (e.g. Shibboleth), public libraries (e.g. SIP2) or individuals (e.g. ORCID or social identities such as Facebook).
  • New authorization logic will be needed to support alternative business models, such as concurrent users, pre-paid vouchers or metered access.
  • Agile IAM systems make it easy to integrate new acquisitions on 3rd party platforms/technology. The alternative is leaving users with a suboptimal access experience as they jump in and out of legacy IAM systems.

2Supporting more varied access scenarios

The increasingly complex ecosystem in which users discover and access information can mean that researchers ‘encounter archipelagos of content bridged by infrastructure that is insufficient and often outdated’. For example, off-network users are increasingly using mobile devices to access an infrastructure designed for on- network desktop computers. This leads to two problems:

  • Off-campus users bypass automatic IP recognition and will need to login via a WAYF (where are you from?) page that can often use confusing terminology (Shibboleth?) and require users to login twice: initially to access their institutional account and then again to access their individual account with that publisher.
  • Users on mobile devices often have to navigate access interfaces designed for a large screen that are confusing and hard to read on smaller device.

“users who change institutional affiliation … can find it problematic to access their individual account”

Similarly, users who change institutional affiliation or wish to access while visiting another institution can find it problematic to access their individual account and, in practice, can end up having to create multiple accounts. Instead of each platform requiring users to register an account (and an institution) it would be more advantageous for users to manage their own user account data so that they could use it seamlessly to authenticate themselves as they move around the information ecosystem. Persistent, unique identifiers such as ORCID, which is already used by many journals to authenticate users for manuscript submission and peer review, could be used to facilitate such an arrangement.

“a user may jump in and out of a variety of open access and access-controlled publisher interfaces”

Finally, a user may jump in and out of a variety of open access and access-controlled publisher interfaces during a single session, including content delivered from third-party institutions that offer access via consortial licensing arrangements. This can lead to a bewildering array of authentication requests for users that can, ultimately, push them simply to avoid access controlled content. While the largest publishers are building increasingly seamless interactions across their diverse service and content offerings, solutions that work across the entire industry will require greater cooperation. For example, initiatives such as eduGAIN that create identity inter-federations make it easier for Shibboleth-authenticated users to move across institutional boundaries.


3Adding identity into the mix

Finally, there is the issue of identity. Most institutional users access online publications anonymously thanks to the shift over the last decade or so from individual to institutional licences. Even where SSO authentication is used, publishers rarely make use of anonymous institutional identifiers such as the eduPersonTargetedID attribute that can be used to uniquely identify repeat visitors without exposing personally identifiable information.

“publishers are left with a huge gap in their knowledge of user needs”

As a result, publishers are left with a huge gap in their knowledge of user needs. Although they can access usage statistics down to the individual session, more fundamental questions, such as who are their users, and what are their individual tastes, are left to a mixture of judgment, guesswork, and user research. While extensive data mining can provide a lot of answers, all this makes it harder (more expensive) to develop new products and services, and maximize the value of existing ones.
In turn, users are left with a suboptimal experience that is increasingly at odds with their experience of consumer services. They are largely left to discover content themselves without the benefit of the publisher recommending relevant resources based on their previous browsing history. Their interfaces do not automatically adapt to their needs, forcing publishers to guess what features are/are not relevant. As noted above, they typically have to maintain additional individual publisher accounts in order to provide what little personalization is available, such as favorites lists and recently accessed content. And, to the extent that their users are not getting everything they want, this ultimately impacts the value of the online resource to the organization paying for it.

“Users are increasingly comfortable with trading personal information for an experience that delivers more value to them”

Publishers need identity strategies that enable them to make effective use of anonymous identifiers while also providing users with mechanisms and incentives for personalizing their experience more directly. Users are increasingly comfortable with trading personal information for an experience that delivers more value to them, as long as the organization collecting that information is transparent about their use of it and trusted. However, none of this can be fully realized without an IAM system that systematically, and efficiently, collects and tracks individual identity.

Please contact us if you would like to explore how LibLynx can help you understand and meet your future IAM needs.

The content of this post is from a longer article published in the October 2015 Edition of Learned Publishing, the journal of the Association of Learned and Professional Society Publishers, published in collaboration with the Society for Scholarly Publishing (Learned Publishing, 28: 292–297). Click here to view the full article

Credits

Image adapted from Padlocks by Stephen Cleary (used and adapted under cc-by-2.0 licence)