practical steps to address piracy
Post on 13-Apr-2017
322 Views
Preview:
TRANSCRIPT
Practical Steps to Address Piracy
2017 PSP Annual ConferenceWashington, DC
Chris Shillum, VP Platform and Data Integration
3 Feb 2017
2
Problems we are trying to solve
RA21• Legitimate users sometimes resort to pirated content
because access is too difficult• Publishers and libraries find it difficult to track and manage
security breaches
Scholarly Sharing• Users are not sure what they are able to legitimately share
and where• Scholarly platforms can’t check compliance with publisher
policies
Distributed Usage Logging• Publishers, Authors and Librarians would like to know about
usage on all platforms
Chris Shillum, VP Platform and Data Integration, ElsevierMeltem Dincer, VP Platform Capabilities, John Wiley and Sons
Co-chairs, STM RA21 Taskforce
RA21Resource Access in the 21st Century
4
The Journey from Print to Digital
• Institution to purchase from the publisher• Institution to lend to its users•Single point of entry•Simple transaction•Library cards•Lock the doors at night•Must return after use•Prohibitively expensive to make copies of entire
collections
• Imitate print experience•Optimize for ease of implementation • IP Address Recognition
RA21
5
21st Century
• Technology evolved• Multiple entry points• Mobile and remote access• Cumbersome user experience• Easy to download an entire
library
RA21
How a user experiences access to resources on campus
1
7
How a user experiences access to resources on campus
How a user experiences access to resources off campus
1
9
How a user experiences access to resources off campus
2
10
How a user experiences access to resources off campus
3
11
How a user experiences access to resources off campus
4
12
How a user experiences access to resources off campus
5
13
How a user experiences access to resources off campus
14
Fundamental Expectations of the Community
• Researchers– Seamless access to subscribed resources, from any device, from any location, from any
starting point – A consistent, intuitive user experience across resources– Increased privacy of personal data – Streamlined text and data mining
• Resource Providers – Ability to provide individualized and differentiated access for better reporting to governing
bodies and customers– Ability to offer personalized services to accelerate insight and discovery– Ability to ensure the integrity of content on both institutional and commercial platforms
• Customers– Minimization of administrative burden of providing access to authorized user
communities– Maximization the use of the resources purchased – Protection of the privacy of user communities and advocacy for their security
RA21
15
RA21 Problem Statement
• Access to STM content and resources is traditionally managed via IP address recognition.
• For the past 20 years, this has provided seamless access for users when on campus
• However, with modern expectations of the consumer web, this approach is increasingly problematic:
– Users want seamless access from any device, from any location– Users increasingly start their searches on 3rd party sites (e.g. Google, PubMed)
rather than publisher platforms or library portals and run into access barriers– A patchwork of solutions exist to provide off-campus access: proxy servers,
VPNs, Shibboleth, however the user experience is inconsistent and confusing– Publishers are facing an increasing volume of illegal downloads and piracy, and
fraud is difficult to track and trace because of insufficient information about the end user
– The lack of user data also impedes the development of more user-focused, personalized services by publishers.
– The increase in privacy and fraud also poses a significant risk to campus information security
RA21
16
Hypothesis
1. In part, the ease of resource access within IP ranges makes off campus access so difficult
2. In part, the difficulty of resource outside IP ranges encourages legitimate users to resort to illegitimate means of resource access
∴ It is time to move beyond IP-recognition as the main authentication system for scholarly content while making sure the alternative is as barrier free as possible
RA21
17
STM RA21 Task Force*Work to Date
* Initial RA21 Task Force included representatives from ACS, APA, Brill, CABI, CUP, Elsevier, Emerald, IEEE, IOPP, Kluwer, OUP, SpringerNature, Thieme and Wiley
Apr 2016• Initial proposal to the STM Board
Jun 2016• Face to face task force meeting in 3 locations
Jul 2016• Task force charter approved by the STM Board
Jul – Nov 2016• Ground work by the task force
Dec 2016• Outreach and call for participation
RA21
18
Going Forward – How Will it Work?
• Adopt a diverse, inclusive approach and achieve consensus across stakeholder groups
• Recommend new solutions for access strategies beyond IP recognition practices
• Explain the standard measures that publishers, libraries and end-users should undertake for better protocols and security
• Test and improve solutions by organizing pilots in a variety of environments for the creation of best practice recommendations
Note: The task force will not build a specific technical solution or an industry-wide authentication platform
Dec 2016- Outreach meetings:
STM & CNI- Website and Survey launch
- Call for participation
Feb 2017- Survey and Participation Call deadline
Apr 2017- Invitations for Sounding
Boards- Technical meetings
May–Sep 2017
- Running Pilots
Oct 2017- Gathering
results- Best
Practice recommendati
ons
Dec 2017- Presenting
results at meetings - Inviting feedback
RA21
19
RA21 Draft Principles
1. The user experience for researchers will be as seamless as possible, intuitive and consistent across varied systems, and meet evolving expectations.
2. The solution will work effectively regardless of the researcher’s starting point, physical location, and preferred device.
3. The solution will be consistent with emerging privacy regulations, will avoid requiring researchers to create yet another ID, and will achieve an optimal balance between security and usability.
4. The system will achieve end-to-end traceability, providing a robust, widely adopted mechanism for detecting fraud that occurs at institutions, vendor systems, and publishing platforms.
5. The customer will not be burdened with administrative work or expenses related to implementation and maintenance.
6. The implementation plan should allow for gradual transition and account for different levels of technical and organizational maturity in participating
RA21
20
Aspects of the Problem Aspects of the solution
1. Only the user’s home institution can validate their access to purchased content and services:
So, We need to do Contextual, Federated Authentication
Federated authentication using SAML
• The only IDM standard that supports contextual rather than just individual authentication
• Solves key aspects of the problem including distributed trust, support for anonymity and metadata exchange
• SAML federations reduce many–many agreements to many–one–many agreements
2. The user can start their journey from anywhere on the web, on any device, from any physical location:
So, We need to solve the WAYF (Where Are You From) question
Standard for universal session awareness
• Don’t ask the user to authenticate if they are already authenticated
Layered approach to WAYF “signposting”
• Use whatever you already know about the user (cookies, IP range, email address) to point them back to the correct authentication point if not already signed in
3. We all want access to be as barrier free as possible:
So, We need to make it as simple as possible for the user to understand what they need to do
Standardized user experiences and workflows
• Nothing will be as seamless as IP, but users will get used it if they have to do the same thing every time.
Solution Outline
RA21
21
Testing the Hypothesis
• Pilot program through Q3 2017• Broad spectrum of stakeholders
– STM member Task Force– Standards bodies, esp. NISO– Libraries– Research and Education federation operators– Technology managers– Aggregators– Proxy server providers– Vendors– Researchers– Customers– Other interested parties
• Address a variety of use cases• Self organized, yet, registered and tracked under the larger umbrella• Feedback and results shared with the community
RA21
22
What to Do Next?
• Visit: http://www.stm-assoc.org/standards-technology/ra21-resource-access-21st-century/
• Librarians and other customers – have your technical staff complete the survey: https://www.surveymonkey.com/r/RA21
• Everyone: Register your interest in participation by emailing: smit@stm-assoc.org
c.shillum@elsevier.com
@cshillum
mdincer@wiley.com
#RA21
RA21
Nikko Goncharof, Springer NatureWouter Haak, Elsevier
Co-chairs, STM SCN TWG
Voluntary principles for article sharing
24
Voluntary principles for article sharing on SCNs
In 2015, after conducting an open consultation, STM established a core set of principles that:
– clarify how, where, and what content should be shared using Scholarly Collaboration Networks (SCNs),
– improve the experience for all stakeholders,– encourage publishers and SCNs to work together to facilitate sharing,
benefiting researchers, institutions, and society as a whole.The principles, endorsements, FAQs, DOI tool and more, can be accessed on How Can I Share It? www.howcanishareit.com
25
Principles > key points
• Publishers commit to facilitate the dissemination and discovery of their authors’ scholarly articles
• Sharing should be allowed within a research collaboration group• Publishers and libraries should extend their collective use of
standards such as COUNTER to quantify article use on networks
• Publishers and standards organizations should continue to work together on tools that facilitate sharing (article versioning and access rights metadata)
• Publisher policies on research collaboration group sharing and public posting of articles should be clear and easily discoverable
26
Next steps
1. Publishing houses to make their sharing policies more explicit and easy to find
2. Technical support group looking into the development of a prototype system based on metadata tags in article PDFs to facilitate simple and seamless sharing consistent with publisher policies
3. Crossref’s Distributed Usage Logging (DUL) project will enable non-publisher platforms like SCNs to report on usage according the COUNTER standards
27
Next step #1 > How can I share it?
• Since the publication of the Principles a number of endorsing publishing houses have updated their policies
• STM has launched a website – www.howcanishareit.com – with additional information about the Principles, endorsing publishing houses and SCNs, etc.
• The website hosts links to participating publishers’ policy pages • The website hosts a DOI tool “Where can I share it” that can be
used to find clear-cut answers on which SCNs articles can be shared.
• Participating publishers: – Brill – Elsevier– IOPP– Oxford University Press – Taylor & Francis– Thieme – Wiley
More publishing houses will be added shortly
28
Next step #2: Technical support group (TSG)
• GoalThe goal of the working group is to devise a simple and pragmatic mechanism to enable Scholarly Collaboration Networks (SCNs) to determine what their users are permitted to do with publisher copies of scholarly content within the SCN platform - even when the platform does not have a direct agreement with the publisher of the content in question
• ProposalI. Embed DOI and JAV
tags in article PDFs > SCNs identify the article version
II. Add sharing policy identifiers to the existing Crossref Metadata API> SCNs obtain article-level sharing terms
Distributed Usage Logging
The Problem
• Researchers are increasingly using “alternative” (non-publisher) platforms to store, access and share the literature
– Institutional and subject repositories– Aggregator platforms (EBSCOhost, IngentaConnect)– Researcher-oriented social-networking sites (e.g. Academia.edu,
ResearchGate, Mendeley)– Reading environments and tools (e.g. ReadCube, Utopia Documents)
• Usage on these platforms is often legitimate, i.e. from researchers who have access to the content via institutional subscription agreements, however because the usage does not occur on the publishers’ own platforms, it cannot be captured in the COUNTER-compliant usage reports sent to subscribing customers, meaning that:
– Publishers are not able to demonstrate to their customers the true value of their subscription holdings and are not able to provide authors will a full picture of usage of their articles.
– Institutions are not able to make a full and accurate assessment of the usage of the content they subscribe to when making purchasing decisions.
30
Distributed Usage Logging
The Idea• Build on the Crossref infrastructure to create a framework which allows usage
information to flow from the point of usage (the alternative platforms) to the publishers, from where the data can be aggregated and incorporated into existing COUNTER usage reporting streams.
31
1. Researchers read articles on site of choice
2. Sites log usage via generic CrossRef API Including DOI, IP address, Institutional ID
3. CrossRef redirects logging call to publisher’s usage logging API
4. Publishers include third-party site usage in COUNTER reports sent to customers
Publisher A
Publisher C
Publisher BCrossRef
COUNTER
Institutional Repository
Social Networking
Site
Reading Environment
Institution
Publishers register usage logging API
URLs with CrossRef
COUNTER certifies participants
Distributed Usage Logging
32
Taking the Initiative Forward
Role of COUNTER• Define semantics of
usage logging messages
• Validate participants in the scheme
• Define CoP and oversee compliance auditing process
Role of CrossRef• Define syntax of usage
logging messages• Build and operate
technical infrastructure• Define technical API
specs• Provide training and
documentation on technical integration
Role of Platform Vendors• Integrate with logging
API• Send usage events via
API to CrossRef framework
• Adhere to COUNTER defined CoP
Role of Publishers• Integrate with logging
API• Receive usage events
from API• Incorporate into
existing COUNTER-compliant usage reporting stream
Distributed Usage Logging
33
Current status
• Crossref working group – Initial pilot conducted demonstrating message passing between SCNs
and Publishers– Privacy concerns → proposal to only share truncated IP– Crossref working on mechanism for message authentication to prevent
usage click fraud• COUNTER technical advisory group (TAG)
– Survey and focus groups conducted confirming strong interest in receiving usage information across platforms.
– Draft policy on participation created– DUL to be included in next COUNTER Code of Practice as optional
element (COP5)
Distributed Usage Logging
34
More Info
www.stm-assoc.org/standards-technology/ra21-resource-access-21st-century/
Register your interest in participation by emailing: smit@stm-assoc.org
www.howcanishareit.com
blog.crossref.org/2015/12/private-channel-dul.html
c.shillum@elsevier.com
@cshillum
RA21
Distributed Usage Logging
top related