I had a very interesting discussion yesterday with a colleague about how it might be possible to make federated access management work for public libraries. As usual, it gets down to the the two basic questions of access management:
- Who is managing credential information to allow authentication?
- Who is authorised to access the resource?
I’ll deal with the second question first as it is perhaps the more interesting. I know very little about how public libraries license electronic resources, but I do know that many are underused. To give you an idea of how the extent of information available online at libraries – have a look at Manchester Public Library’s e-resources.
Manchester Public Library currently manages access via library barcode number – i.e. you have to be a member of the library to access that resource. Interestingly, Manchester City Council is actually responsible for the identity management – you get passed to their website to login and then passed on to the resource.
I wonder if the licence for Manchester Public Library is for library members, or is based on some other criteria? The reason that this is an interesting question is that anyone in the UK is entitled to join Manchester Public Library. I can join from my home in Surrey online, and quickly get access to all of those resources. Fantastic for me! Not a great business model for the publishers. The only reason this is not a real issue is because very few people exploit these access paths.
A different model for public libraries may be not to look at licensing for members, but licensing regionally. Pricing is normally agreed based on regional population, but conversely access is offered to members – a set of criteria that does not add up.
So that is authorisation. Now, authentication.
It does make sense for public libraries to look at using FAM. Barcode access processes are often clunky, often insecure and it is yet another system for both libraries and publishers to have to manage.
If public libraries continue to offer access based on membership, the library or a body related to that library would have to run an Identity Provider in a federated access management environment, as they have the membership information. It may be possible for some libraries to make use of the work being undertaken by Local Authorities to provide federated access for schools – but there will still be technical implementation costs.
A more interesting model might be to exploit the planned interfederation between the UK federation and the Government Gateway. This will allow people with a ‘citizen’ credential within the Government Gateway to access resources within the UK federation. If we then assume that these citizen accounts contain some sort of standard location information (i.e. I live or work within the boundaries of Greater Manchester) it would be very easy to authorise all users against a regionally negotiated licence as opposed to a member negotiated licence. This could be achieved with very little expenditure on technical infrastructure by libraries, local authorities or publishers, but would require a change in the way the libraries negotiate licences. That surely has to be an interesting approach to explore?