scope:

Purpose and Scope

In recent years, many institutions have moved to take advantage of many benefits afforded by Single Sign On, including access to learning management systems (Blackboard, Sakai), research tools (RefWorks, TurnItIn), and, of course, subscription-based library resources (e-journals, e-books, databases). Making the Single Sign- On (SSO) environment work better and smarter will certainly help increase the success of users getting to the content to which they are entitled. Over the last several years many of the larger service providers (SPs) have implemented SSO technologies. However, it is probably fair to say that many content hosts have not implemented these technologies. Library users are required to operate in an environment that includes a mix of authentication technologies with internet protocol (IP) authentication being the most common. An effective solution needs to address this hybrid environment and, at the very least, take into consideration the needs of IP authentication and proxy servers and how they interoperate with SSO authentication technologies.

The ESPReSSO Recommended Practice document recommends practical solutions and a path forward for improving the success of SSO authentication technologies for providing a seamless experience for the user. It further aims to promote the adoption by campuses and service providers of a family of solutions to make the access improvements a reality. This initiative did not invent any new technology or protocols. Rather, it has developed a set of "best practice" recommendations surrounding the use of existing technologies.

The ESPReSSO Working Group was primarily concerned with the situation where an organization (a company, a campus, a public library, etc.) acquires a license to access specific content that is delivered via the web, and where the browser user is a member of the group authorized to access that content. The working group did not address the situation where an individual, either on his or her own or as part of a group, would obtain a license for personal use and then use a personal account from a major internet account provider to authenticate himself or herself to the service provider. Service providers are reporting that users are not currently requesting this functionality. In addition, supporting this approach requires as much work for the publishers in managing userids and passwords within their sites as it does for the licensee organization. The processes publishers use to sell individual articles was considered to be out of scope for this report.

Best practices for user experience on mobile devices are rapidly evolving. Consequently, this report avoids recommendations for screen layout and use on mobile devices. However, the flows described in later sections will work on mobile devices.

Lastly, as with any web-based system, it is important to address accessibility issues. The recommendations contained in this report describe a number of webpages, and include some sample screen images. However, this report does not recommend any specific implementation. All implementations should meet all Web Content Accessibility Guidelines (WCAG) guidelines.