Across our community, efforts to help users manage their identity and access personalized services are growing steadily. Academic institutions and their libraries, scholarly publishers, standards bodies, discovery services, and other intermediaries have developed dozens, perhaps hundreds, of user identifiers and accounts. Each attempts to serve the needs of faculty members, students, and other users, in the context of a single organizational setting or service offering. Collectively, they present several difficult problems for academia and scholarly research. The best solution for research, teaching, and learning would be a single account for each user, controlled by that individual, and accepted portably across services and platforms.
In recent years, a number of services have been developed or expanded to help scholarly identity, and user accounts, become more portable and powerful. ORCID offers a standard way to track the scholarly contributions of an individual, provides an interchange across proprietary author services products, and serves as the basis for a growing array of new services. Through Eduroam, scholars and students visiting universities where they are not affiliated can use their own university credentials for seamless internet access. The Shibboleth federated identity service improves offsite access to licensed e-resources. And in a more proprietary but surely no less powerful move, Elsevier is linking Mendeley user accounts with those on Scopus and ScienceDirect, which should allow more effective services by tracking scholars across these important platforms. Each of these initiatives is generating real value, but none solves the underlying problem.
The underlying problem is straightforward: Academics’ expectations for user experience are set not by reference to improvements relative to the past but increasingly in comparison with their experiences on consumer internet services and mobile devices.
Social login, the use of an identity service provided by Facebook, Apple, Google, or Twitter to personalize features of a third party service without requiring a separate username or password, is a common and relevant example. The providers of these identity services (and associated wallet functionalities) are delighted to learn more about user preferences and activities to drive their advertising and platform businesses. Users have one less password to remember. Social login – the ability to use some kind of account portably to login elsewhere – ideally would provide access to licensed e-resources but at a minimum would provide personalized services. Social login is a base-case user expectation – one where academic libraries and scholarly publishers fall unambiguously short.
Personalized discovery is another remarkable growth area, driving Facebook and Twitter but also a variety of Google services. Scientists are busy creating a raft of personalized and anticipatory discovery services for themselves – such as ScienceScape and Sparrho. They are acting to fill a void that publishers (which typically provide TOC and keyword alerts) seem unable to address, perhaps because even the largest publishers lack the required scale needed. Library discovery systems may have the scale but have not yet offered such services. Even so, anticipatory discovery is emerging as a requirement for researchers as sure as social login.
Today, Google is finally moving into what has long seemed to me to be the inevitable addition of social login to its apps for higher education business, allowing seamless offsite login to Gale resources through the Gmail directory information.
This development should catch the attention of librarians and publishers alike. Social login is a convenience for users, to be sure, but social login to scholarly resources controlled by an advertising company should raise concerns about privacy. Moreover, depending on who controls social login and how it is offered, it can provide an unprecedented understanding of user practices and behavior that would provide an enormous competitive advantage for discovery, alt-metrics, content editorial, advertising, and more. Google’s steady inroads into higher education through Scholar, Books, and Apps (including Classroom), provide important context for those who would be concerned about supporting the competition.
Far better than a single user account controlled by Google or Elsevier (should the rumored use of Mendeley accounts for certain types of social login purposes be realized) would be a single user account controlled by users themselves. Such a user account could have several key characteristics:
- Affiliation: It could be paired with not only a single institutional affiliation but would recognize the multiple affiliations so many of us carry concurrently, maximizing our legitimate authorizations to content, while providing a vehicle for Maintaining Relationships with Readers as They Cross Affiliations
- Appropriate copy: By moving beyond the idea of a single institutional affiliation, it would necessarily moot the notion of an institutional link resolver and could allow individual users to express their own preferences for preferred sources among authorized content.
- Authorization: It would carry login credentials to whatever platform a user would wish to access, allowing for seamless access and vastly improved workflows and interfaces.
- Personalization: It would carry usage data and preferences, allowing services to deposit data into this account that could (with permission) be carried across platforms, allowing for personalized discovery experiences, commenting and annotation, and a variety of other sophisticated research support services, which only make sense for users if they can be offered on a cross-platform basis
- Opt-In: The user would choose whether to use this account at all. While some providers might require it for off-campus access, it can co-exist with traditional IP-based authentication for on-campus access.
- Control: The user would have the ability to see transparently what is inside the account, to determine what components of that account would be shared with any service provider (publisher, library, discovery service, etc), and to delete any components permanently at any time, yielding far more robust privacy protections than any balance likely to be set through formal policy.
- Choice: Users could select from a number of different trusted partners to provide their account, rather than relying on an agent presuming to act on their behalf, providing greater assurance that their interests would be protected.
Taking on the work to develop such a system would be extremely beneficial. Compared with the numerous on-platform user accounts and the challenges researchers face in accessing these platforms from off campus, it would substantially improve the researcher experience. It would change the ownership and control of user data, empowering individuals rather than institutions, and as such is highly user-centric. And it would thereby provide a vehicle for offering a variety of advanced personalized services, which libraries, publishers, and intermediaries have been generally unwilling to do, either for fear of tackling privacy issues or because their scale is too small. In this sense, it would push back against the powerful scale effects of data, providing a level playing field for smaller content platforms and services. It would also provide a stronger framework for gathering the massive aggregations of data about academic activity are increasingly important to universities’ efforts to improve undergraduate success.
Others have attempted or considered open user accounts systems in other settings (my thanks to Peter Murray for calling my attention to this post). Keyrings and certificates were explored for such purposes in the past, but other approaches may be available for such an initiative today. There is much good work and infrastructure that could be leveraged.
This proposal might be daunting for a variety of reasons. New systems architecture would certainly be required, and although this approach offers real benefits from a privacy perspective, further vetting of privacy implications are needed. Perhaps the greatest challenge, however, is the need for trusted parties to define, if not actually manage, the user accounts themselves. Nevertheless, given the potential to create value for users and the alternatives that otherwise may take hold, it is a vision worthy of consideration.
15 Thoughts on "A Single User Account"
Would this be a logical extension for ORCID? Given that ORCID is already working with institutions to issue identifiers to staff and students, it would seem intuitive to then link these to the institution’s subscriptions. Follow that up with linking society memberships to ORCID and integrating with the submissions system vendors (which already capture ORCID information), and you’re part way there.
Given institutions typically already have a way of authenticating faculty and students, maybe an easier build-out case than ORCID creating authentication capacity (especially given ORCID let’s individuals claim IDs without any vouching authority) would be institutions building out ability for users to register their personal memberships to the institutional authorization system. Doesn’t solve the multi-institutional affiliation problem but for many scholars single-sign on to resources both from the institution/library and society memberships would be a great step forward.
“Single sign-on” and related topics have definitely broken into the top tier of interests among publishers that HighWire works with. We annually survey HighWire publishers, and the results from the June survey bear this out. In the case of society publishers, the interest is often in linking sign on in publishing (whether for reading or for submitting articles) with other society services (membership, meetings, CME, etc.).
In previous interviews (2014) with researchers, we found that the barrier of getting signed in to institutional access from off-campus was just too great during literature review work (when you often want to look at dozens of different sources), so researchers would simply go to the lowest-barrier copy of a resource they needed (which could be an author preprint, or some non-final-form version, unlinked to data sets or corrections or references/citations, etc.). But the irritation factor of getting access to all the different publication sites is real.
So there is definitely interest in this topic from multiple stakeholders (libraries, researchers, publishers, societies…). But that is the source of some of the complexity as well.
Thanks for raising this topic, Roger.
Thank you for an interesting article that addresses a very important issue. ORCID deserves careful consideration in this respect for several reasons:
* ORCID is a not-for-profit membership organization. (Better than having a scholarly sign-on controlled by any individual commercial entity).
* A firm policy of ORCID is that the record is controlled by the user.
* ORICD is based on OAuth – exactly the same social sign-in technology layer used by FB, Google, etc.
* ORCID is already used for sign-on to different platforms including Editorial Manager, Publons, eJP and CrossRef. With peer review systems, this enables sign-on to a growing number of publisher peer review platforms such as PLOS, BMC, eLife, Springer, Cambridge University press.
* ORCID is already well-established with 1.5m registrations and recent national adoptions in Europe, with many more coming.
* ORCID provides a mechanism for tying the ORCID ID to the institutional affiliation – for example Southampton University in the UK has done this.
ORCID still needs a SAML layer to fully exploit the potential, but that may already be in hand.
ORCID is the solution that is hiding in plain sight.
Richard, we federated login is on our 2015 roadmap. We’ve made substantial progress on the technical and legal aspects, including working with IdP federations to join as a Service Provider. A focus of this effort is to support the community asking for ORCID iDs to be included as an attribute in federated login processes. Folks interested in following progress to launch can subscribe to our Federated Login card on the ORCID trello board, at https://trello.com/orcid2.
I agree that ORCID would be, at least, a part of any solution. I am interested in whether it can be extended to gather and carry usage data portably in a user-controlled “account” or whether it would need to be connected to some other type of service in order to be able to provide this type of functionality.
ORCID could be extended to gather the type of data you refer to above for discovery, altmetric, and advertising use, but ideally the user would have a choice of providers for this. For example, I’m using my WordPress login here, on other OpenID-enabled sites I might use an ID provided by various OpenID providers, or even provided by software I install and run on my own server.
However, it is important to note that many of the use cases for this data are realized only in the aggregate. The number of visits I’ve made to a particular journal is of little use to me, but aggregated with millions of other visits by many other people, that data can be used to provide discovery services to me and to the other people. This data has to be aggregated somewhere by an entity that is motivated to develop such services, so we can’t rely on the non-profit nature of one entity like ORCID to be our protection from malfeasance here. Rather, if we want good quality services which are maintained over time, we must have a functional marketplace for these services. Mendeley might be one such provider, ORCID may be another, Thomson Reuters might be another, Google, etc.
You also raise a very good point about privacy. People have become accustomed to trading privacy for services such as those provided by Google and Facebook, but hopefully we can do one better with our implementations in the scholarly sphere. The last thing we need is “one ring to rule them all”, as there would be a suppressive effect on scholarship from underprivileged/oppressed scholars if One True Identity were required, but thankfully there are some smart implementations of variable levels of identity, including identity brokers, which can be of use here. To give an illustrative example: let’s say a company wanted to give an online discount to the residents of a given neighborhood. The residents of that neighborhood wouldn’t necessarily want to give their full names and addresses to the company, and the company couldn’t necessarily trust the given data, but the company could partner with a credit card company, for example, which could vouch that the person has a billing address in the neighborhood, but wouldn’t have to give the details of the address to the company. There are other examples like this where identity can be obtained and used in a persistent fashion without necessarily collapsing all a person’s identities into one identity.
I have a Facebook ID, Twitter ID, Amazon ID, Google ID, etc. but heaven forbid an academic has to enter his/her ID more than once. Oh, the inconvenience of it all! We truly are creating a pampered class!
I don’t think the issue is entering more than once (though streamlining that would be good) – I think the issue is platforms being able to reliably offer users an authentication mechanism that connects to a registry that has authorization credentials when the user doesn’t come to the site via a library or society proxy link/login. In my opinion, JSTOR does this about as well as can be done and in a fairly friendly way given the current environment but it is still confusing for many users. But, at the moment, users are not able to get access in a way that makes any sense in many cases – it would be great if it was also convenient but right now I’m looking for access solutions rather than turn-aways.
Lisa is right. Single-sign-on is an incidental side benefit. The more significant implication is that computer systems can “talk” to each other reliably, based on an agreed and verified ID. It’s about getting the “plumbing” right so that software vendors have a mechanism to solve chronic problems efficiently.
I think there are a lot of benefits of to a single sign on scheme. One would be solving some of the horrible authentication issues with mobile apps for library-subscribed resources. If you combine it with Adobe IDs as well, it could turn downloading library eBooks off campus from a 3 login process (proxy server, ebook platform, ADE) to a one login process.
As far as link resolvers though, I think what it would actually do is get rid of the link resolver menu, rather than the link resolver as a whole. Libraries would still need to maintain a knowledge base of holdings, there would still need to be OpenURL to get between different sources, especially for those that do not use DOI and are not crawled by Google. However, this could be made a lot more invisible to users, who could simply be given a more reliable link to a preferred full text provider.
Great vision, post and comments. Thanks Roger and all. Excited to see that this topic is on the ORCID roadmap too!
Centralizing identity management has advantages for academics as authors, not just as researchers – which is the root purpose of ORCiD. Simply authoring and publishing isn’t enough for a successful academic career – one must demonstrate impact. Open access and permissive distribution of digital scholarship are forces that make tracking usage difficult for authors and their evaluators. It’s less of a concern if there’s a way to unambiguously tie a work (wherever it appears and however it’s accessed) to an author and, in turn, to the body of their work.