A major pain point for librarians and publishers is the work involved in keeping authentication credentials (IP addresses, Shibboleth and link resolvers) current and ensuring their accuracy. Yet, the infrastructure of the internet has solved similar problems like this before. RedLink Network is a free, community-driven platform, run by a public benefit company. It allows librarians to broadcast their access credentials and branding, track uptake across their publishers and platforms, and solve access issues collaboratively. It also enables mapping of hierarchies (consortia and subsidiaries). This article describes what inspired the creation of RedLink Network, how it benefits librarians and publishers and, ultimately, how it can help ensure access for students, researchers and knowledge workers.
IP auditing firms have estimated that the IP addresses libraries and publishers rely upon to grant access to licensed content can be outdated across the ecosystem a large part of the time.1 Our experience at RedLink with usage analytics through our Publisher Dashboard and Library Dashboard products shows a consistent pattern of misaligned access rights and technical issues, leading to turnaways that are not warranted. These represent access problems for library constituents.
This level of noise in usage data means libraries and publishers may be making purchasing and pricing decisions based on incomplete data. Worse, when access to content is accidentally denied because of the misaligned credentials, students, researchers and knowledge workers do not have access at various times to resources their institutions or employers have paid to provide.
When we examined common practices across many libraries and publishers to see what they do to establish and manage IP addresses and other access credentials, it quickly became apparent that a more efficient system would help alleviate expensive and frustrating problems for everyone. Most of the processes took time and effort, often were focused on the low-hanging fruit so were not comprehensive, and provided no feedback to the librarian so they could know that their credential updates had been implemented.
In many libraries and at many publishers, IP changes are managed manually – the library e-mails set-up information or changes to publishers directly, sometimes using an Excel spreadsheet to share the information, and then the publisher rekeys these credentials into yet another system. In speaking with librarians and publishers about these practices, a number of problems jumped out:
- It is unclear that all publishers are informed of changes at the same time.
- It is unclear to the library when and if the publishers implement the requested changes.
- If errors are made anywhere in the process, it is impossible for both sides to recognize and correct the problem. For example, a miskeyed IP address change in one platform that is correct elsewhere may take weeks or months to detect.
- In addition to publishers, librarians often want to let their consortial or network libraries know of IP changes, yet these attempts at communicating changes only add to the time and effort required to implement credential changes.
- There is no record of what credentials are currently preferred. That is, a publisher who might suspect an error in what they have in their system cannot easily check a library customer’s current and preferred IP, Shibboleth or link resolver credentials.
- Contacts at libraries and publishers can change (people are promoted, find new jobs, retire). Keeping track of the preferred contact at a library or publisher can sometimes be a job unto itself.
These problems can occur together or in succession but inevitably waste time and money. Rather than managing a collection, interacting with patrons, planning new programs, or promoting the value of what they do, library staff have to focus time and attention on this complex and intricate administrative work. Sometimes, IP changes occur unexpectedly and at the worst time (beginning of semester, when a dean is visiting), so that changes have to be implemented hastily, adding to the possibility of errors or oversights.
Some libraries can afford to use a service to manage some of their IP changes. These services add costs to the library’s budget and only shoulder some of the load. The rest of the changes, handled manually, still divert resources and create blind spots around access and availability of content.
Credential problems are frustrating for publishers, as well. Most publishers devote staff to dealing with access credential updates – IP changes, new link resolver configurations, branding updates. Idiosyncratic e-mails – some people do it one way, some do it another way – arrive to be individually sorted and examined, and updates are applied manually through an administrative interface. Errors can occur, e-mails can be lost, communications can be unclear, and other problems can emerge.
The end result from these layers of confusion is a lack of access for students, researchers, teachers and knowledge workers. These are the people who really pay the price for a system that is not currently operating as efficiently as it could.
New insights and a possible solution
When RedLink’s engineers and user-experience experts looked at these challenges, we gained some key insights, reinforcing the value of gaining new perspectives on an old set of problems:
- Social and professional network approaches could be applied to create a system that could be managed by the community itself, decreasing expense while giving the professional teams at libraries and publishers – both of which want to ensure complete access – a tool they could use to meet their mutual goals.
- Using a single, common system could provide a point of reference for librarians and publishers to audit credentials and verify their accuracy across systems.
- Leveraging a mutual interface, both publishers and librarians could monitor uptake, empowering the library in a new way while giving publishers an obvious way to exhibit responsiveness and customer service attentiveness.
- Finally, a modern, secure system of credentials management could give the entire industry a security upgrade, utilizing two-step authentication and other advanced methods of monitoring for breaches and intrusions. Given how Sci-Hub and others recently exploited single-step username and password access to administrative systems,2 two-step authentication and other security measures could be an important way to prevent further liabilities for both libraries and publishers.
With these ideas and ambitions in hand, we began developing RedLink Network. In July 2016, after months of sophisticated software engineering, the service went live.
One new element – a public benefit company
For RedLink, a commercial company, it was important to appreciate what RedLink Network could represent – a community-driven solution. As well-educated engineers and professionals ourselves, we know and respect the value of knowledge. Therefore, we decided to set RedLink Network apart as a public benefit company prior to launch. This allows us to make decisions about RedLink Network that may fly in the face of commercial requirements – for example, it is free for all participants – and that is why we will continue to improve it even though we charge nothing for it.
Public benefit companies represent a new and promising form of corporate formation. They sit somewhere between a traditional 501(c)3 non-profit (or charity, in the UK) and a for-profit company. A very good essay explaining why a company may take this approach was written by the CEO of Kickstarter, which itself became a public benefit company in late 2015.3 In an era where corporate responsibility is paramount, allowing your company to sometimes forgo profits for the sake of a public good or societal benefit makes sense for a variety of reasons. Some are as simple as happier employees and greater trust in the organization. But the main reason is that it reflects a belief that sometimes there are things more important than money, and companies should have the ability to act on these moments without risk.
Sophisticated means easy to use
RedLink Network is an extremely sophisticated service. It is highly contextual. What you see depends on your connections and associations. Based on a trust/authority model, the basis of RedLink Network is that it has been built for our market and flourishes with more use and trusted connections. When you register, you have to use your work e-mail. We then validate that you work at one of the thousands of libraries or hundreds of publishers in the system. Once we have validated this, you receive an invitation to join RedLink Network. You complete a little more information (name, title), and then you have joined.
Once in RedLink Network, you have to request to be associated with your employer, whether this is a library or publisher. If you are the first person from your organization to request an association, we will validate your role and title before approving it. Once your organization has an administrator, that person takes over these duties.
Most libraries will discover invitations to connect from publishers when they join. There are thousands of connection requests awaiting libraries around the world already in RedLink Network. Once you and a publisher are connected, they can receive access credentials and updates from you.
There are four main access credentials you can enter:
- IP addresses and ranges for your institution
- Shibboleth details (if applicable)
- Link resolver details (if applicable)
- Branding (logos in three basic sizes most often used by publishers’ sites).
Libraries can also connect with consortia partners, department libraries that are part of their institution, and affiliate organizations that share access rights. These are all represented on a clear chart showing the hierarchical relationships you establish, and these can be modified as needed.
Once these details are established, you are ready to broadcast changes to all your connected publishers and partners. The beauty of the system should become apparent quickly:
- With one click, changes are sent to dozens or hundreds of publishers simultaneously.
- Librarians can monitor uptake of these changes, and remind publishers who take too long to implement them.
- Publishers can refer back to the credentials you establish to confirm they have the right data.
- Contacts at both libraries and publishers are listed in profiles both sides can see, so everyone knows who is working on the accounts.
The importance of security and efficiency
Stronger security is an important feature of RedLink Network. The site uses 256-bit encryption, the same as most financial institutions. Rather than a single username and password, everyone using the system has to use two-step authentication, meaning that a code or token is passed via e-mail or an authenticator app like Google Authenticator to allow a log-in to complete. This prevents interlopers from gaining access to important access credentials just using a shared username or password. It also allows us to monitor for incursion attempts across a broad swath of academic and scholarly publishers, something that the current piecemeal and local approaches do not allow. Bolstering username and password security around access credentials data can be a major step forward for the industry, and one led by the community. Efficiency is another focus of RedLink Network. RedLink Network is designed to eliminate repetitive data entry, making it a one-stop broadcast hub. This is much more efficient. RedLink Network also has built-in processing and feedback loops to help eliminate errors. For instance, IP entries and other credentials are checked against known formats and practices, as well as claimed IPs, so that errors and overlaps are detected and can be corrected before being promulgated. Then, since publishers approve the IP changes, there is a feedback loop to a single source, so that any errors detected at this point can be identified, corrected, and the revised credentials or IP addresses broadcast again. Rather than incorrect IP addresses or Shibboleth credentials residing in a system for weeks or months, errors are first prevented and, if an error does somehow occur, it can be corrected quickly and for everyone involved. This is a far more efficient workflow.
We are currently integrated with Atypon and Safari/O’Reilly, and are in discussions with other major platforms about integrations. These integrations allow publishers to transmit credential changes – IP updates, new logos – immediately when they accept the changes, so the platforms are current almost immediately afterwards. Taking manual labor out of the process helps everyone.
Ultimately, providing access to content is a community goal. While a growing proportion of content is available via open access, the vast majority of content is still licensed via subscriptions and site licenses. Inefficiencies in access to this paid content decrease the value of the content to universities and other organizations that depend on access to new findings and historical insights.
We are pleased to offer the community a free solution it can implement and manage itself. We think we are delivering something that can shift the paradigm from dependence on fragmented approaches, inefficient updates and frustrating results to a more streamlined, transparent and efficient system, all at no cost to libraries or publishers.