[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NISO Publishes Recommended Practice on Single Sign-on Authentication



NISO Publishes Recommended Practice on Single Sign-on 
Authentication Identifies Needed Improvements for Users 
Authenticating to Licensed Electronic Resources

Baltimore, MD, November 7, 2011 - The National Information 
Standards Organization (NISO) announces the publication of a new 
Recommended Practice, ESPReSSO: Establishing Suggested Practices 
Regarding Single Sign-On (NISO RP-11-2011), that identifies 
practical solutions for improving the use of single sign-on 
authentication technologies to ensure a seamless experience for 
the user. This recommended practice is the result of the NISO 
Chair's Initiative-a project of the chair of NISO's Board of 
Directors, focusing on a specific issue that would benefit from 
study and the development of a recommended practice or standard. 
Oliver Pesch, Chief Strategist for E-Resource Access and 
Management Services at EBSCO Information Services and the 
2008-2009 Chair of NISO's Board of Directors, chose the issue of 
standardizing seamless, item-level linking through single sign-on 
(SSO) authentication technologies in a networked information 
environment, which resulted in the formation of the ESPReSSO 
Working Group.

Currently a hybrid environment of authentication practices 
exists, including older methods of userid/password, IP 
authentication, and/or proxy servers along with newer federated 
authentication protocols such as Athens and Shibboleth. The 
ESPReSSO recommended practice identifies changes that can be made 
immediately to improve the authentication experience for the 
user, even in a hybrid situation, while encouraging both 
publishers/service providers and libraries to transition to the 
newer Security Assertion Markup Language (SAML)-based 
authentication, such as Shibboleth. "With the growing use of 
mobile devices and remote access, the older authentication 
methods are not manageable for either the content provider or the 
library," explains Steve Carmody, IT Architect, Computing and 
Information Services, at Brown University and co-chair of the 
NISO ESPReSSO Working Group. "The ESPReSSO recommendations will 
help bridge the transition to more robust authentication methods 
that better match the needs of today's users and eliminate the 
need for multiple identities."

"The growing use of web discovery services over the older 
federated search method have only increased the need for single 
sign-on authentication and consistency of access and context for 
the user," states Harry Kaplanian, Director of Technology, 
Serials Solutions, Inc., and co-chair of the NISO ESPReSSO 
Working Group. "With a discovery service portal, users are often 
unaware that they will ultimately be accessing resources across a 
broad spectrum of platforms and providers, and the multiple 
back-end logins that occur can be both confusing and frustrating. 
In addition to addressing this situation, the ESPReSSO 
recommendations also identify methods that can be used to 
maintain users' privacy while still offering them advanced 
functionality, such as saving searches between sessions."

"The ESPReSSO Working Group has produced a very forward-looking 
document," states Todd Carpenter, Managing Director of NISO. "It 
provides recommendations that can be implemented immediately in 
today's hybrid environment and will also transition the community 
towards the preferred single sign-on methodology."

The ESPReSSO Recommended Practice is available for free download 
from the NISO website at: www.niso.org/publications/rp.


Cynthia Hodgson
Technical Editor / Consultant
National Information Standards Organization
chodgson@niso.org