Tuesday, May 24, 2011

NISO Recommended Practice on Single Sign-On Authentication Available for Public Comment

News from NISO.
Identifies Needed Improvements for Users Authenticating to Licensed Electronic Resources

NISO announces the availability of ESPReSSO: Establishing Suggested Practices Regarding Single Sign-On (NISO RP-11-201x) for a thirty day public comment period ending on June 22, 2011. ESPReSSO identifies practical solutions for improving the use of single sign-on authentication technologies to ensure a seamless experience for the user.

Currently a hybrid environment of authentication practices exists, including older methods of userid/password, IP authentication, or proxy servers along with newer federated authentication protocols such as Athens and Shibboleth. This recommended practice identifies changes that can be made immediately to improve the authentication experience for the user, even in a hybrid situation, while encouraging both publishers/service providers and libraries to transition to the newer Security Assertion Markup Language (SAML)-based authentication, such as Shibboleth....

“NISO is testing various methods for identifying issues in our community where NISO can provide leadership in developing solutions,” states Todd Carpenter, Managing Director of NISO. “The ESPReSSO recommended practice is the first outcome of a Chair’s Initiative project, where the NISO Board of Directors Chair (then Oliver Pesch from EBSCO Information Services) identifies a specific issue that would benefit from study and the development of a recommended practice or standard.”

The draft Recommended Practice and an online comment form are available at: www.niso.org/workrooms/sso/. Publishers and distributors of licensed content as well as licensing organizations, such as libraries, are all encouraged to review and comment on the document.

No comments: