November 4, 2016 • Charleston Conference
Libraries and Publishers Working Together to
Ensure Access and Limit Misuse
Paul Butler, Laura McNamara, Aaron Wood & Julie Zhu
Introductions
Paul Butler
Library Technologies
Support Analyst
Laura McNamara
Electronic Resources
Librarian
Aaron Wood
Senior Director,
Product Management
Julie Zhu
Manager, Discovery
Service Relations
Agenda
• Security issues and Sci-Hub – Aaron Wood
• Access issues – Julie Zhu
• Opportunities for increased engagement – Paul Butler
• Accessibility & User Experience – Laura McNamara
• Conclusion & Next Steps
Publisher Concerns in an Age of Piracy
Subtitle
Publisher Concerns
Securing content from unauthorized use (non-educational/non-research) and unauthorized users
Ensuring content is easily accessible, not creating further barriers
Supporting legitimate use cases, eg., literature reviews and data-mining like activities, without enabling
bad actors
Level setting security on aggregator, distributor, and other third-party platforms
Balancing anonymity and security
Protecting privacy
All exacerbated by a lack of tools for reacting appropriately to content theft and suspected content theft.
Suspending proxy IP access is a blunt tool helping no one.
Text
Sci-Hub Activity,
February 2016
Sci-Hub
What is it?
Database of full text documents (PDFs)
Federated retrieval system for full text documents
Utility for sharing credentials
Hub for depositing phished credentials
Hub for depositing mass downloads
How is it perceived?
Innocently, as a place for all published knowledge to be openly, freely accessible
Not so innocently, as an easy way for students, academicians, and the public to break copyright and open doors to
institutions’ internal systems. Identify theft and theft of confidential and financial information are not far away
So what is it?
Instrument of cyber crime
Image Credits
http://wcownews.typepad.com/globalmedia/2012/11/piracy-of-media-content-has-been-aroundsince-the-days-of-analog-as-seen-with-cassette-tapes-and-vcr-recordings-but-in-21.html
http://www.sciencemag.org/news/2016/04/whos-downloading-pirated-papers-everyone
https://www.youtube.com/watch?v=HBR8cFmM0u0
Publisher Concerns
for Content Access
and Misuse
Julie Zhu
Discovery Service Relations Manager
2017 Charleston Conference
Libraries and Publishers Working Together to Ensure
Access and Limit Misuse
November 2, 2016
Publisher Concerns for EZproxy
Libraries’ EZproxy configurations for
subscribed publisher content, discovery
services and link resolvers
EZproxy and SSL certificates
EZproxy and IP management
EZproxy IP and misuse threshold
Maintaining EZproxy prefixes in URLs
EZproxy for on-campus and off-campus users
Single sign-on and EZproxy
Tracking referrers from EZproxy sessions
EZproxy vs. WAM Proxy
Publisher Best Practices for EZproxy
Work with OCLC to set up correct publisher stanza for EZproxy
Include Proxy info in Discovery Service Quick Reference Guides
(Summon, etc.)
Publisher Support Center Q&A
Registration forms for IP, Shibboleth, OpenURL, etc.
Others?
Relevant Industry Activities
NISO RP-2005-01 NISO Metasearch Initiative: Ranking
of Authentication and Access Methods Available to the
Metasearch Environment http://www.niso.org/publications/rp/RP2005-01.pdf
Proxy Servers, pp. 27-29
NISO RP-11-2011, ESPReSSO: Establishing Suggested
Practices Regarding Single Sign-On
http://www.niso.org/publications/rp/RP-11-2011_ESPReSSO.pdf
– Proxy Servers: Advantages & Disadvantages, pp. 9-10
– Role of a Proxy Server in Supporting a Hybrid
Environment, p.27
– Rewriting OpenURL, p.27
NISO Tracking Link Origins Working Group (active)
Thank You
Julie Zhu
IEEE - Discovery Service Relations Manager
[email protected]
NISO – Discovery to Delivery Topic Committee, ODI
Standing Committee, KBART Standing Committee,
Tracking Link Origins Working Group
Opportunities For Increased Engagement
Paul Butler
Ball State University
Benefits of Engagement
 Cultivate customer relationships
 Fostering these relationships in advance makes
future communication easier
 Both parties will be better prepared to communicate
needs, expectations, and possible solutions
 Builds brand loyalty, trust, and retention
Ball State University
EZproxy Listserv
 [email protected]
 The EZproxy listserv is an active, publicly
accessible resource
 Engaged and willing partners
 Active involvement by publishers on the EZproxy
listserv is both welcomed and desired by the
community
 Some publishers are participating and actively
engaged
Ball State University
EZproxy Listserv – What to expect
 Expect to learn about…
 How to setup and maintain EZproxy
 How to create and troubleshoot EZproxy stanzas
– the gateway to publisher resources
 EZproxy security
Ball State University
Giving Back To The Community




Share security tips and suggestions
Share with the community referrer information
Share IP addresses used for unauthorized access
Tell your clients about the listserv and these
resources
Ball State University
Final Thoughts
 OCLC could create better documentation for
publishers
 Assign a community liaison or a member of your
security team as a point of contact for the EZproxy
community
 Working as a community, librarians, publishers, and
vendors can make resources more secure while
maintaining accessibility
Ball State University
Thank you
Accessibility &
User Experience
Laura McNamara
Electronic Resources Librarian
Thomas Jefferson University
Security vs Usability?
• Libraries and publishers are approaching similar goal from different
perspectives
• How do we work together to enhance security without sacrificing accessibility
and the end-user experience?
So let’s talk about the enduser experience…
• We need enhanced security to prevent unauthorized use
• But what impact do these measures have on the library’s
authorized users?
Publishers
Libraries
End Users
Libraries
End Users
Publishers
End Users
Education
Communication
Improved Technology
Cooperation
Access
Publishers
Libraries
Authorized Users
• Authorized users’ legitimate research activity can appear “excessive” or
“suspicious” without context
• How much content can be downloaded?
• How can content be shared?
• Is this outlined in the license?
• Identifying on-campus and remote activity
• Procedures for blocking a library’s IP range – how do we work together to
quickly identify activity without blocking all users?
New Technology
• New features or updates may interfere with existing systems.
• Automatic download feature in EndNote can appear as a crawler to publisher security
systems (Authorized users)
• Google CAPTCHA does not work with Ezproxy
• Some publishers’ individual login functions are not compatible with EZproxy
New Technology
• But other developments are improving our experiences
• Data mining, APIs, etc.
• Some publishers can provide advanced usage reports before
blocking access to an institution. Incredibly helpful when
differentiating between authorized and unauthorized use.
• Publishers interrupt access to individual user rather than block
entire institution
• OCLC offers hosted EZproxy option to libraries that cannot
support security efforts in-house
• So let’s keep talking to each other!
How to continue the conversation…
•
Join and participate in the EZproxy listserv
•
Present at an OCLC EZproxy Community webinar
•
Form a group to understand how proxy servers work, the access issues and specific
things the stakeholders (OCLC, Libraries, Publishers/Hosting Platforms) need to do
•
Understanding past industry recommendations and standards
•
Work together to develop:
–
–
–
–
Best practices for proxy server providers
Best practices for publishers & hosting platforms
Best practices for libraries
Training materials and opportunities
Thank you!
Paul Butler, [email protected]
Laura McNamara, [email protected]
Aaron Wood, [email protected]
Julie Zhu, [email protected]
Don Hamparian, [email protected]
Susan Musser, [email protected]