 synchronous project briefing session of the spring 2021 CNI virtual member meeting. I'm Cliff Lynch, I'm the director of CNI and I will be briefly introducing this session. Let me remind you that we have been making recordings of the sessions from this week of synchronous project briefings and we will be making those public at the end of the member meeting. Let me also just remind you that we're relying more heavily than in the past on prerecorded project briefings to supplement and compliment the synchronous project briefings. We released all of those at the beginning of the week and I invite you to have a look through those I think you'll find a good deal of material of interest. Next week we'll conclude the spring virtual member meeting with a couple of days of plenary sessions taking place next Wednesday, Thursday and Friday and I hope to see many of you there. This session is being recorded as I mentioned along with all of the other sessions from this spring meeting and we will be making it subsequently available. A couple of a couple of reminders. There is a chat please feel free to use that there is also a Q&A tool at the bottom of your screen. Please feel free to pose questions at any point during the presentation and we'll try to get to them all in a Q&A session towards the end. There is also a closed captioning tool and please feel free to use that if that's helpful. I think that's all the mechanical things I need to do. Let me introduce our speakers. Kalichio Carey from Elsevier will be chairing the session and he is joined by Emily McElroy who is from the University of Nebraska Medical Center and Russell Palmer who is from Galileo. This session topic is very timely and fits into a very long standing focus of interest at CNI which is the whole issue around authentication, authorization, federated identity and how that interacts with the use of networked information resources. There's been an awful lot of work that's been going on in this area over the past couple of years. There have been efforts to streamline SAML shibboleth based authentication through what was first called RA-21 and then later RA-21 characterized as seamless access. There has been work on setting up publishers essentially as a role in identity federations and this is a report on one more step in that collection of activity which I think is particularly timely since we know that a lot of our IP based authentication has been under really heavy stress this last year as many campuses have closed and people are working from anywhere and everywhere. And with that I will just thank our speakers for taking the time to share their work with us today. Thank you for joining us and turn it over to Kalichi to lead the discussion. Thanks for being here and over to you. Alright, thank you Cliff for having us. Again, my name is Kalichi Okare. I work at Elsevier as the global director of the seamless access initiative which we'll talk to you about today. Let me just get to it. So this briefing is designed to talk you through what we've been working on since early last year before the pandemic hit on the feasibility of achieving federated access only to Elsevier's products. I'll just give you a brief summary of it and then we'll go into a panel discussion. First, just as a primer for anyone, you know, just as a refresher to make sure that you're all on the same page. Just to talk about what federated access is. Again, it's identity based single sign on access authentication method built on SAML. It's commonly facilitated by Shibboleth, Open Athens and other SAML 2.0 based software. And again, with it credentials persist across campus services like email, learning management systems, costware, and others. Authorization and privacy settings are commonly handled or controlled by the institution's identity provider or referred to as IDP. And with it, it allows access to a resource through any device and no matter where the user is, they gate in, they need to go first to the library's homepage to access the resource and of course the user authenticates directly, can authenticate directly in the resource. Some of the benefits as, you know, when you read the literature that are pointed to are possibilities for things like granular usage reporting and greater personalization for users. So greater granular usage reporting for libraries and greater personalization for the users. But it's not. Sometimes there's a fear that federated access is built for tracking user behavior. So I think it's it's also important to clear that is just simply a method of authentication to resources. I'm always, I always, I've always appreciated Roger Schoenfeld's cogent pieces on any given topic, you know, in a given topic of the day in our industry. And so I appreciated this read out, you know, you read a lot about federated access lately. So I appreciated this read out from 2016 from the universal resource access forum, which was hosted by the copyright clearance center about the forum Roger says in this piece that IP authentication and the opportunities to move beyond it for license for licensed resources was perhaps the important theme. And the main reasons for that are that, you know, so when it points out to why are the arguments that are being made for moving beyond IP authentication with publishers, the concerns about piracy, the desire to build more seamless access for researchers, and also to build in value and greater personalization. Right. So these are some of the things that drive publishers to move beyond IP authentication. For academic librarians, some of it has been poor user experience with IP, especially with off campus access. And I think the pandemic did a lot to bring sharper relief into this aspect of it for for everyone academic librarians for for publishers and also for corporate librarians. But here in this piece he points out that for corporate librarians. Some of the reasons for wanting to move beyond IP authentication are the administrative headaches and the workflow deficiencies that comes with IP authentication. With all of that. Roger mentions in this piece and also I think as we're being discussed at this forum that one alternative direction that seems most likely to gain traction is probably the further roll out of sample based solutions. I think, as Cliff would, as Cliff mentioned, the array 21 project which then the implementation of it was, you know, it's now seamless access has been doing a lot to help facilitate the roll out of of SAML based authentication. Of course, it's an industry wide effort to fine tune federated access to library resources by the development of standards. And one of those standards. I think comes in the form of the entity categories to better support access around which which is now been published by refeds. The anonymous and pseudonymous categories that hopefully will make it easier. You know, for for libraries. So rather than using the RNS research and scholarship categories of old that simply sent more information than necessary and personal identifying information. These categories are now designed for library resources for access to authentication to library resources. And work in progress and this is a working group that I'm happy to be a part of and that is the seamless access working group looking at contract language. To get for federated access so that this way as libraries negotiate contracts with publishers. They could be sort of a common base of contract language to speak from for for trust. So, take all of that it's it's almost like no conversation. You know, lately can happen without the pandemic being inserted into it and of course this is not an exception. Right. So, it brings me to ask a question so I've been focusing on this topic since last year. You know, and it goes without saying to ask the question, is the pandemic. You know, is it or will it help to accelerate move to federated access so, and I think when the changes that a pandemic has brought us studied years from now. Right. I think it will be fair to say that probably more than anything else. The pandemic is probably will probably be among the biggest factors to accelerate the move to federated access. I use first this example by Ralph young and from ACS. And so this is an article in the scholarly kitchen from April last year, where, you know, before the pandemic ACS publications had not enabled that federated access for a lot of their users. You know, he mentions in the article that maybe about a dozen of the 550 universities that are part of the in common have been enabled. And once the pandemic hit that grew to 350 or so. But even before the pandemic some, you know, kind of a precursor was China, where they then enabled the car seat Federation out there. And that saw an explosion because of all the people that were off campus access and resources and couldn't get access. And, you know, through the normal IP ways. At Elsevier we saw a similar thing. Once the pandemic hit. What we saw was something like a 40% drop in IP traffic right. You know, initially we thought, you know, maybe people are home and they're not doing work, but actually, when we first analyzed that we saw that people were trying to get to science track is just that they weren't being authenticated. Right, because of the the clogging in traffic VPN and proxy and all of that. We also saw about 110 or 20% increase in the federated authentication traffic coming to specifically science track. And then the, the chart on the right. It shows you sort of a steady pace before the pandemic the about on average about 4% share of the traffic to science track, you know, came from federated access. But once the pandemic hit that just shot up exponentially. Right. You know, and that pace has more or less stayed steady. Then you look at another piece in the scholarly kitchen by Emily singly towards the end of the year. Right. So talking about why federated access matters and their libraries are pandemic story. Before this article Emily have participated in a webinar that we hosted at Elsevier. And one of the things that she showed was how before the pandemic. The Elsevier resources were the only ones that were set up for federated access and other resources weren't. And what they saw was that overall there was about a 45% decrease in usage for the other, you know, overall in resource usage, but a 35% increase in the usage of the Elsevier resources. And that was because of the federated access enablement. And then I did a very on scientific sampling of, you know, this topic. So I chose the ERNL conference which I attended last year in person. That was the last time I was, you know, in a room with a handful of people. So last year there were two presentations on federated access. One by Ralph Young get introduced in seamless access. And then another by librarians from Texas Medical Center library and one university in Ohio, where they talked about the implementation of open Athens and moving off IP. And then this year, there were six presentations on federated access, right, which also was for me somewhat of an indication that the topic is gain interest. So we take all of that. And with Elsevier, of course, we've been tracking these developments and beginning of last year or actually December of 2019 the company decided that it was time to investigate the feasibility of federated access as a primary authentication method to our resources and maybe at some point in the future as the only authentication method. So once we set that vision we, you know, we thought, you know, how could we get there. And one of the ways of doing that was we thought best to partner with libraries to to test that right all their libraries out there that were on their own moving off IP. What does that involve, right, or if they if they having yet started to do that, or their libraries that are interested in doing that that seed and assessing doing that. What does that involve for them to get there on their own and also in their interactions with us, what's involved in in in the company making it easier. So we started to investigate that and, you know, to really be able to then validate the benefits of broader use of federated access to resources to then also help us formulate a responsible strategy. You know, and of course, publish our findings. So, to get started, we thought that we ought to outline some areas that we needed to look at, like user experience. We found out that user experience is not that great. And as users are coming to our platforms, the way to optimizing the configuration customer support customer support has been more or less has really been built for IP access. So what changes did we need to make to accommodate federated access. Departmental level usage reporting. You know, could we build that and make that a service to libraries security, and then of course privacy. Some of the learnings from this project. We surveyed 27 libraries. The survey was a lot sent to a lot more than that 27 responded 300 researchers we interviewed about 25 librarians. We analyzed our own internal systems. You know, of course, we discovered that this is a non trivial decision to switch to federated access only. We started to learn that not all vendors offer federated access. So there's a concern there. You know, we also learned that we needed to firm up our own systems and our own business policies around this. We then also enlisted over 15 libraries, among them, University of Nebraska Medical Center Library, where Emily works and and Gallo the Galileo Consortium in Georgia to then just really work in partnership with them to understand better what the implications are right. Some of the things that we've been hearing are that there are, you know, some benefits to be gained around streamlined user experience around security. The idea of, I can never say that word I put it here. Sometimes I can say but I can't ubiquitous seamless access on all devices, especially when you move to countries where much of the user user base are on mobile devices. I was watching I was joined the open Athens access lab conference early in the week. And there was a presenter from Uganda, where he says that about 70% of Internet users in the country use use the Internet on their mobile phones. So how do you then begin to serve those kinds of users when, you know, we know the trouble of gaining access to mobile phones via IP authentication. So these are some of the things that we started to investigate and also very seriously investigate. And then we started to gradually usage reporting as, you know, one of the benefits that can come out of federated access to resources. So, thank you for, for that time to, to take you through this. Turn to Emily to introduce herself and also to talk about, you know, what they're working on that University of Nebraska Medical Center. Thanks, Kolechi. So I'm Emily McLeary, the Dean of McGuggan Health Sciences Library at the University of Nebraska Medical Center. And we often describe the University of Nebraska as one university with four distinct campuses, Lincoln Omaha, Carney and the Medical Center. So across the country, medical libraries are either part of a main campus library fall under or with a health system, or part of their own campus and so we're the latter we're an independent. So we're closely with the other University of Nebraska campuses through the University of Nebraska Consortium of Libraries where we jointly collection software and now a shared aisle. Unlike our sister campuses, we do not have as much overlapping content with with them because of our specialized programs. We want to give a little background on our relationship with our clinical partners, because it provides context on why federated access works for us and some of the issues we faced. We are administratively separate with clinical partners, Nebraska Medicine and our Children's Hospital. We don't have any MOUs around operations with some shared staff, but unless someone has a UNMC appointment they're not part of our license agreement. So as an example, all of the physicians at Nebraska Medicine or Children's have faculty appointments in our College of Medicine so they're covered under our licenses. So it's different for their nursing, allied health or pharmacy colleagues who do not have access unless they have a faculty appointment, which isn't as common. Our situation is not unique for many academic sciences libraries in fact it has become more complicated for many of us whether we are part of the main campus library or not. We have growing clinical options across regional health set up as part of the Affordable Care Act. So that's just a little bit of background on kind of setting the stage for where we're at. Okay, thank you Emily and Russell. Galeo, we act as Georgia's virtual library and we provide licensed content to most of the libraries in the state of Georgia via our Galeo search portal. When I began at Galeo in 2016, our new leadership Lucy Harrison our executive director and our leadership team, and to work on strategic planning and one of the, well two of the major findings of our strategic planning in terms of what our strategies and focus groups discovered as things that our community needed and desired were better authentication, and more personalized services and immediately that led us to take a look at federated access and specifically open Athens for single sign sign on as part of our post strategic planning goal to improve both of those things or to add those things. We are a consortium with a lot of complexity, we support access to huge range of electronic resources for libraries from K 12 through large research one institutions. And we also manage discovery across multiple platforms with on the primo and the ebsco discovery service and then we have a plethora of different systems out there so a lot of our work is tied to making things work properly across a lot of different systems. We work a lot with the interoperability of systems and we work to. And part of our work with Elsevier has been working to improve the performance of those of your products in the federated environment on the support side and that's been a very valuable relationship with us. We, in terms of IP access on campus and, and, and elsewhere that'll be a slow process for us will still have proxy servers for some years to come. But we have had several campuses that wanted to make that move. One of our, our twos, certainly was interested in making sure that they could collect data to continue some projects they've been working on correlating student success with library research. And then we had several other institutions that wanted very much to set up customized access to certain resources in order to save money, particularly when it came to things like some of the health sources cell sciences resources and allied health resources that our libraries have to subscribe to being able to use federated access to subscribe for those with the departmental attributes that have an entire campus was immediately seen as a value of an win for federated access. So that's a bit about our ongoing project we're still working to implement all of our institutions we have our, our K 12 schools and our public libraries remaining for implementation. And we look forward to continuing the project and moving all of our libraries to federated access. Great. Thank you Russell. So, for for Emily, I'm wondering. Well, you're not have talked about this but I think, if you don't mind sharing with the audience. Why your library decided to move to federated access. You know, and what was the impact of that then for, you know, for your patrons. So we share campus with Nebraska medicine, which ended up causing licensing and access issues and for many years everything work fine. Nebraska medicine was assigned different IP addresses down to the building and floor level. What's changing for us is when campus it changed the way they distribute IP addresses, and they were no longer geographically connected to you and MC or Nebraska medicine users, and they're mangling of the shared. So we had to implement changes so that we could remain clients with our authorized use and license agreements. Since this happened our it services merged. So it added to the chaos but also to improvements to where we are today. So we started off by changing our easy proxy setup by asking everyone to authenticate on or off campus. And this was a complete and total disaster. Our usage for all resources dropped significantly we were inundated with complaints from people thinking that we had canceled every journal. And we told people they had to go through a website to access journals they balked actually they were enraged would would probably be a better description. Because we had to open access backup. And at this time campus was not using single sign on for many things and we were really in the early days of changing authentic for different campuses. We began licensing and specifically for our clinical partners that we managed, but they paid for so we had all these different user populations. We knew that easy proxy was not a long term solution for us. We couldn't rely on an IP focus solution or make people come to our site environment hit also change, and that over two years, because of the merger of it. We moved to on campus authentication for some systems implemented to factor authentication for many things and then also tighten what people could access when connecting remotely. For example this fall they've started really limiting who could use the VPN, a VPN. Connecting the library was single sign on and moving to federated access removed the need of moving everyone through our website. It resolved issues with our clinical partners, which they appreciated because neither one of us could afford adding them to all of our license content, but it also improved our network and account security. Throughout the fall, many universities and health systems tightened IT security because of potential cyber attacks. And we've always had security reviews at our university for purchases of new software or cloud services, but it decided that they wanted to include all library resources, whether new or a renewal in the security review process. And we panicked. It would have led to massive delays and drop subscriptions around the annual renewal cycle date of January 1. But we were given an exception for any resources using open Athens, because they it viewed it as a modern enhanced authentication system that meets their standards. And if we had been using easy proxy I'm not sure we would have received that approval because it wasn't connected with the campus active directory server. So I support their position as someone who dealt with easy proxy breaches at another institution. And we made this decision right before the pandemic hit and campus went into remote mode but we weren't fully implemented until the start of our fall semester. And for us we, we have not received any complaints, and we have some very vocal users. This allows them to authenticate and bypass our website. 98, maybe 99% of our collections are available through open Athens, and we use their proxy version for the vendors who don't offer federated access. So we go through a long ramp up process and what we noticed was that users started authenticating via open Athens before we turned off IP access via easy proxy. So Elsevier is one example where we saw platform usage via open Athens starting in the spring before we went live in September and turned off that IP access. And we noticed that users were finding their way and some significant numbers without any prompting from us. Great. So, how do you now, and this question is also for for Russell, you can also answer that. Looking back, right with the pandemic, how do you evaluate, you know, that decision to have moved to, you know, federated access. It's a complete relief. Again, the access to the VPN system that allowed a lot of people to bypass going through easy proxy or going through the library's website, whether on or off campus or users are on the same journey when access content accessing content. But just as you mentioned, we also noticed improvement in speed switch to open Athens from using a proxy server. I mean, good for us. I'll just comment to that by saying that just echoing Emily's comment about the accessing before. We even launched some of our larger libraries for example Georgia State University they were getting thousands of transactions via happening via open Athens before we brought them live on on their website. So that is absolutely the case and even so much so that I've heard of I think it was, there was a fairly large consortium in Australia that was coming online with open Athens and they decided just not to announce it at all and just let users discover it on their own which I think was a very bold move but apparently it worked really well. Okay, so to your point about, I can echo also some of your thoughts on health sciences libraries. We have several medical libraries here in the state that we support with open Athens and we were essentially able to save access in the middle of semester during a pandemic. Our medical schools who was relying primarily on VPN for access their VPN was overtaxed we had them about 70% implemented on open Athens in terms of the number of resources activated. And we were able to fast track that implementation and finish finish it within a couple of weeks and get them up and running on an emergency basis, which was amazing to be able to do so. Yes, I think certainly the timing is go to the pandemic. The off campus access is more than warm at the moment still, even with our universities having returned to campus a lot of the faculty members are still teaching online only. And it has really been a benefit to to those users but as Emily mentioned in terms of speed of access consistency of access and and usability. And, and for you, Russell for Galileo given the the scale of the, of the project. Right, I'm wondering. Was it easy to get it funded or how did that happen or, or was there a difficult thing to, to make the case the business case to to get that funded on a statewide basis. Funding for the open Athens project wasn't too challenging for us to come by consortium because we were taking on the responsibility for authentication for the entire consortium, and ultimately we'd be saving our institutions on easy proxy subscriptions. And so that was going to, I mean we still haven't realized full value of that but that certainly was consideration when we went into this we were going to be paying for one authentication pathway or the other, and federated authentication was much more appealing to us going forward than re-upping with easy proxy and IP access. We substantially vetted the product with both Galileo technical staff and the university system technical staff. The idea of Galileo to our governance we have two very substantial governance groups within Galileo, our steering committee which is composed of representation for from our seven sub consortia and our region's academic committee on libraries. And they gave this project their full endorsement, and our vice chancellor for academic affairs, approves a measure. We did do an RFP for authentication services and because of the unique nature. And some of the added features that open Athens offered over and above what we'd be able to get for from easy proxy at the time and then also the more secure environment we were able to do that RFP as single source and then the purchase was made with relative ease. So there's a question in the Q&A. That says, you know, can you describe in general how those federated access actually work IP and easy proxy I understand, can you compare with the back end and the user experience with federated access. So, you know, if you care to take this I can also give it a shot. I'll take a stab at it in simplest terms, essentially, the way the open Athens works. I'll start by removing one of the misconceptions. A lot of our vendors do have offer a federated option, but many still only offer the proxy adoption, both work in the open Athens environment. And there is no difference to the end user in terms of how the resource works. Essentially we contact the vendor and set up the resource to work with federated access. If it's proxied we contact open Athens to set it up in their managed proxy. Essentially what we do is on the library and a link has to be updated to contain the open Athens redirector prefix. And at that point, it routes the transaction through the local identity provider for the institution and let me take a step back as a sort of the first step in setting up an open Athens implementation is working with campus it to set up the link between the identity provider and open Athens. And that is actually pretty minimal work with the it department we've had good and enthusiastic responses there. And it has set up the connection to the local identity provider for logging in is facilitated by that redirector link that essentially acts like a proxy prefix. They're not a one to one, but they're very similar in terms of how they work. I just add that from for us, it is, as Russell said, I mean, it's, I don't work on the back end system and what are my staff say is that it's very simple process, since we worked with Epsco to implement the open Athens so they did all to have a sort of implementation, and it maybe took 15 minutes for it to make that switch. Now if we had gone the shit with route, it would have taken a lot more of it staff time in terms of setting things up. So I would just kind of add that and what we have found is that when you're handling something like easy proxy for users. It's an issue of IP addresses on campus and it doesn't tell you but also their vendors where you would run into error message because the platform wasn't just to their platform or just the way that it was set up. And sometimes you wouldn't know until users would run into a problem and they were really frustrated, and we don't have those issues anymore with open Athens. It's just much easier. And so really if you're on, if I go to any publishers website that we subscribe to I will see a drop down message when I try to read an article and and it asks, you know what institution I'm part of, and it's just very easy to bounce around and then it's also easier users that are sharing links to articles with their collaborators. So again, we have a lot of cross. We have a lot of research partnerships across our system, and it's a lot easier for someone at UNC to share a link to something to our colleague at the Lincoln campus without having to include that whole easy proxy string or anything like that. I will say though that one thing that we noticed in our implementation, we didn't think about canvas. So while we did a lot of communication around a lot of people in the canvas system, a lot of faculty members still had URLs that had that easy proxy string. And so students would contact us because they couldn't get into it. And so we didn't think about that. When we were implementing this about how many of those links were actually out there. So just to comment to those things one of the things that we did to mitigate that issue was we encouraged our institutions to retain their easy proxy for one year so that those links would continue to work for short term while they still figured it all of that out. We're also working. This is a challenge for us, unfortunately, we're, we're working with our, our D2L group here at the university system, and we're slowly going through all the institutions and updating all the proxy links in the D2L learning management system environment so we try our best to make this a concierge level service and we're doing this as a, as a consortium, and they're all of those challenges and all those links to find. But that's, that's absolutely true and it's finding all those links and getting them updated does take take a minute. And it can be a challenge. So, again, we just encourage people to leave their proxy in place for a year after implementation so that we can help them to find and replace those links. So, you know, we've, we've had some conversations about the smaller schools in Georgia, right, that you know when you started this project there were some of those smaller schools that without robust it resources. Which that means that in terms of access to resources, the implications of that for them, you know, varied. How has the open Athens, you know, project help them with access equity. Can you also touch on that. So we do as mentioned we do serve our smaller state colleges, our technical colleges, a lot of very small private colleges and ultimately our k12 schools. And some of our schools do have very limited it infrastructure and maintaining access to local resources and managing a local proxy server. Outside the scope of it departments they didn't fully understand how the proxy environment worked in the library world. And oftentimes those tasks were falling to librarians who had five or six other things on their plate with very little time in the day to manage a local proxy. And they often took them away from other important tasks so by centrally managing the authentication option and we do manage their gallery of central resources what we purchase for them and their local resources are locally purchased items. Access management becomes a shared task, and it's a lot easier to manage, as Emily pointed out in the open Athens environment. And where that task falls to, to us to administer in many cases we're working to get everybody kind of more trained to use the easier processes on the open Athens side to administer resources there. But as far as access equity, you know, as I mentioned, budgets have been limited we had a 14% budget cut across the university system this year, all of our institutions university system and otherwise I've also had budget cuts. And part of the, the equity piece is we've been able to give some of our libraries, the ability to purchase a more resource for a more limited subset of their users. And we're talking about those expensive resources like health sciences allied health and video resources is another big one that we've had a lot of growth and video resources and some of our institutions have gotten nursing specific packages for example, and our technical colleges, we've been able to license those for a smaller group has has kept them from having to drop them. So having an option to limit the license and thus the expense to a specific department or student population has proven advantageous for some schools in this situation. Yeah, you know, and I think also, this is an area that we're looking at as well. You know, libraries and cases like that that you mentioned to license resources for a narrower population. There's always been those cases where, you know, you say okay, there's this resource that is fits for certain populations on a campus but because of the IP wide level of access that we currently have right now. We cannot afford to pay for the entire campus when not the entire campus is going to be using that resource. So we're also looking at that, the possibility of then licensing for much smaller use cases or more smaller user groups, you know, to then be able to get people access needed. There's a question in the Q&A that says if SAML to base access occurs through an IDP managed by campus IT such as Azure AD. Do library IT staff and reference librarians still have a role in troubleshooting access to resource to electronic resources. In our case, yes, and yes, we often have any issues that are being experienced with access are surfaced by our librarians. Our support is open and anyone can submit a support to get to Galileo. So we do discover issues both from from librarians and end users. The campus IT certainly that's been a great part of this project is we've really had an opportunity to engage with campus IT. They are more aware of us now and this has helped us out in several areas obviously the troubleshooting piece when something is wrong. And obviously it's a local issue not only is it impacting if it's IDP related not only is it impacting access to Galileo it may well be impacting access to the learning management system and other things. So problems in that in that IDP environment are discovered more quickly and are addressed by by local IT. Also, when things like certificates are changing, you know, across multiple campuses. We have to update multiple systems when that happens and it has forged across the university system and beyond. We've forced much tighter connections and better communication around support for those types of updates by through this project, which has been amazing. And I would say the same is true for us, we will IT while everything is running through IT in terms of the authentication, we're still managing just regular a resource issues. Usually they're just user issues that have nothing to do with authentication, if anything it's probably made it a lot easier in terms of our on campus users. We did see all of those questions or concerns drop off, which freed up time. Our volunteer faculty faculty are currently not authenticating through open app and through the identity server and so that still get a lot of those questions for us when really still an IT issue. We're trying to move them to so that they can also use open Athens, just so that we can also drop down in terms of the number of requests that we get from them, but I would just say it's been a shift in terms of the type of questions we answer. Great. There's so much for us to talk about what time is running now. I'll ask this question and then there's, there's a question in the Q&A that I'll pick up after that with your open Athens fully implemented now. You know, and Russell I know that across Galileo, you know your members are at various stages of the implementation. Do you, Emily, turned off IP, and with, you know, Russell at Galileo have some of those members turned off IP. And if so what's been what's been the impact on users overall. We, we did turn off IP. And then we just had the recent situation actually with Elsevier where we noticed that. On our end, we thought IP access is gone we easy proxy is kind of dead. And, but the camp, but the publishers still had some remnants of our IP address this. When we purchased or renewed a resource all of a sudden it's reinstituted that IP access. So we had to go through a process with Elsevier saying no please just permanently remove our IP information from your website, or from your back end systems. So that wouldn't happen again. It's actually a really good test case, just to see if we notice any changes in making that but otherwise really in September is when we did cut off easy. We have turned it off for probably. I'm guessing guessing about five institutions of those five. They're all academic institutions at this point. They have been absolutely fine with it, primarily because they were already requiring a login on campus to access library resources. I mentioned the example before, one of our, our two institutions is has a long ongoing study where they were using easy proxy logs to correlate access to library resources with student success across different departments, using attributes, and they have been able to continue that research more easily within the open Athens statistics platform so they have had no problems, either with their project and their ongoing monitoring of student success, nor with on campus access. We have had no complaints for from any of the institutions that have chosen to go IP only with only one anecdote but share on that where an institution did have complaints. The larger ones, they turned off IP access they let everybody on campus know, but what was discovered is the faculty hated it because, even though open Athens sets an eight hour access cookie. That wasn't long enough for some faculty members they did not like coming back to their desks in the middle of a Google scholar research session, and then discovering that they couldn't automatically or through seamless access quickly access an article through Google scholar. So, that institution wound up turning IP access back on because of those complaints. But other than that it's it's been those have turned it off and it's it is it has remained off and has not been a problem. Great. And this will probably be our last question and of course we couldn't finish this discussion without question on privacy. And this question says, would publishers and aggregators have more access to user information and usage. Can you speak to concerns about control of that info and privacy. So, I think that you have a touch on this but I'll let you go first. So, you know, we're, of course we're always worried about user privacy and I would say it is on the library in terms of the attributes that you want to share. Well, first of all, it tells us what we can use, but then also what we share then with open Athens. So it really is up to the library. And I would also say I kind of view it this in a couple of different ways. So I've been in situations not at UNMC but another institution where we were we received multiple requests from campus asking for data from easy proxy, and what people had access. And so, using that actually tighten privacy on our end, we don't have those logs. And the only reason we have those logs at that time was because of the ongoing proxy server breaches that we had at that time. And I think that there is that issue where looking at that overall security in terms of something like easy proxy versus open Athens and we feel that open Athens is is far more secure and and helps our users in terms of privacy but also work with publishers. The other part related to privacy is considering what vendors, all of our user data and not just the authentication data but looking at all the personalized features. So our users love personalized features whether it's on science direct service or something like up to date that we use. And so I think that also needs to be rolled into the conversation on privacy and how data is is used. I really look at it as vendors are partners, along with looking at the organizations that are setting up standards such as what was released earlier this week. And so I think this is another opportunity for us to work together on joint solutions to make sure that that information is protected. Absolutely. And just to our check on this was early on in the implementation planning process for open Athens we began looking at our privacy statements and that statement was reviewed and approved by both university system information security group and university system legal. And to make sure that our policies were in line with the change and authentication method. The USG IT group as a whole adheres to which we're a part of adheres to GDPR principles as part of our agreement with open Athens we comply with GDPR with our authentication setups. So for example things like statistical reports from within open Athens are only maintained for a year. And we were just talking about this yesterday but inactive users are purged after one year of inactivity in open Athens so you're not really holding on to a lot of unused user data. Like Gallio in another sense we do act as a service provider in this environment as well. We have basically a vendor account because we do maintain our portal and our portal is set up for access via open Athens. So our users are asking, as Emily mentioned, they want more and more customization and personalization within that Gallio portal platform. And also our faculty are working with things like curriculum builder from EBSCO and are looking for a closer integration of research tools that we offer in that in that learning management system environment as well. So, again among the benefits of federated access is the ability to authenticate and recognize specific users and give them the option and I think that's important to create those personalized environments. The thing that we create going forward in the Gallio environment would be an opt in option. We're aware of our users privacy needs, and we will only, again provide those services on an opt in basis. But the complexities of creating a personalization environment are going to also be very meticulous challenge for us we're nowhere near there yet. But we will approach it with great care in a high level of user input and a huge consideration for user privacy. And this is a final thought on that any vendor that did not provide a clear opt in option with their personalization would be subject to review from us. If we discover a vendor was using data for to be as purposes beyond personalization certainly that would be a line of the sand for us. We haven't seen that it would be a violation of our agreements with our vendors in those cases. And I think that, you know, we, we, we don't think that we're having major problems with our users for privacy. So that's, that's our point of view on the Gallio side with that. I'm going to just add quickly since we were just winding down as a publisher for us since we embarked on this on this project. I personally was a chair in the group for the past nine months just looking at our privacy principles, around federated access and, and one of the things that that has caused us to do is to really examine, you know what we do, and for us, it's a matter of only accepting the information that's necessary, or collecting, taking information that's necessary to authenticate a user, you know, nothing more. But in general, just to really question and examine more fully. You know what what we are policies around user privacy and making sure that they can be trusted and that they can also be transparent. If we are to get, you know, libraries accepting this authentication method. So I think that's it. I think Diane wanted to also say something to close this out so I want to thank everyone for joining us today. Yes, indeed. Thank you to all our attendees for joining us and thank you so much to our panelists for wonderful discussion on a topic that is of great interest to our community, and for the great questions from our audience. So I'm going to go ahead and close down the public portion of this session I'll stop the recording, but I will invite any attendees who are still with us if they'd like to remain on the zoom. Hi Emily and Russell have agreed to hang around a little bit longer. If you'd like to approach the podium so to speak and ask, ask a question, make a comment have a chat, just raise your hand and I will be happy to enable your microphone. So with that I'm closing down the project briefing live project briefing portion of our meeting for the spring 2021 CNI membership meeting. We will not be having programming on Monday or Tuesday of next week and we will resume with our plenary sessions on Wednesday. We hope you'll check out some of our recorded sessions. Thanks everyone. Have a great weekend. Take care. Bye bye.