NISO Recommended Practice on Single Sign-On Authentication Available for Public Comment
Identifies Needed Improvements for Users Authenticating to Licensed Electronic Resources
Baltimore, MD, May 24, 2011 - The National Information Standards Organization (NISO) announces the availability of ESPReSSO: Establishing Suggested Practices Regarding Single Sign-On (NISO RP-11-201x) for a thirty day public comment period ending on June 22, 2011. ESPReSSO identifies practical solutions for improving the use of single sign-on authentication technologies to ensure a seamless experience for the user.
Currently a hybrid environment of authentication practices exists, including older methods of userid/password, IP authentication, or proxy servers along with newer federated authentication protocols such as Athens and Shibboleth. This recommended practice identifies changes that can be made immediately to improve the authentication experience for the user, even in a hybrid situation, while encouraging both publishers/service providers and libraries to transition to the newer Security Assertion Markup Language (SAML)-based authentication, such as Shibboleth.
"With the growing use of mobile devices and remote access, the older authentication methods are not manageable for either the content provider or the library," explains Steve Carmody, IT Architect, Computing and Information Services, at Brown University and co-chair of the NISO ESPReSSO Working Group. "The ESPReSSO recommendations will help bridge the transition to more robust authentication methods that better match the needs of today's users and eliminate the need for multiple identities."
"Libraries are very concerned about protecting the privacy of their patrons," states Harry Kaplanian, Director of Technology, Serials Solutions, Inc., and co-chair of the NISO ESPReSSO Working Group. "These recommendations identify methods that can be used to maintain privacy while still offering users advanced functionality, such as saving searches between sessions."
"NISO is testing various methods for identifying issues in our community where NISO can provide leadership in developing solutions," states Todd Carpenter, Managing Director of NISO. "The ESPReSSO recommended practice is the first outcome of a Chair's Initiative project, where the NISO Board of Directors Chair (then Oliver Pesch from EBSCO Information Services) identifies a specific issue that would benefit from study and the development of a recommended practice or standard."
The draft Recommended Practice and an online comment form is available at: www.niso.org/workrooms/sso/. Publishers and distributors of licensed content as well as licensing organizations, such as libraries, are all encouraged to review and comment on the document.
About the National Information Standards Organization (NISO)
NISO fosters the development and maintenance of standards that facilitate the creation, persistent management, and effective interchange of information so that it can be trusted for use in research and learning. To fulfill this mission, NISO engages libraries, publishers, information aggregators, and other organizations that support learning, research, and scholarship through the creation, organization, management, and curation of knowledge. NISO works with intersecting communities of interest and across the entire lifecycle of an information standard. NISO is a not-for-profit association accredited by the American National Standards Institute (ANSI). More information about NISO is available on its website: www.niso.org.