The message below was sent by email to representatives from CNI’s college and university members on June 13, 2016.
Dear CNI Member Representative:
On behalf of CNI, I’m trying to better understand some current technical and policy practices at higher education institutions related to privacy and the management of access to licensed resources such as journals.
In order to gather this information, I have below a brief survey which I hope that your institution can complete. I hope this request for information will not take very long to complete; however, I suspect that you may need to reach out to others at your institution to help gather the answers. A single consolidated response from your institution would be ideal, but if it’s easier to send multiple responses we are happy to try to consolidate them.
We’ll keep the individual results confidential, but will prepare and share a synthesis and summary of what we learn; my tentative plan is to hold a breakout session at the December 2016 Member Meeting in Washington to discuss these findings, as well as doing some kind of publication (which will be announced on the CNI-announce list).
A response by July 17, 2016 would be most helpful. Please send the responses to [xxx]@cni.org; if you or your colleagues have any questions about the survey itself, please be in touch with me at email@example.com.
Thanks very much for your help with this.
CNI Brief Authentication/Authorization Survey
Note: Questions can be answered yes/no, but if yes, a little additional information is very helpful. Thank you.
1. Is your institution doing some kind of attribute-based authentication/authorization (e.g. Shibboleth, InCommon) for external content providers? (If not, skip to question 2)
If your institution is using such a method, what kinds of attributes is it releasing to content providers?
a. Something that individually identifies the user (with or without name attached)?
b. Attributes like “student”, “faculty” “staff” etc?
c. Attributes like “covered under 2016 contract with Publisher X” ?
d. Are you releasing the Research and Scholarship attribute bundle to R&S category service providers (this is part of the InCommon program)?
2. Is your institution still running some kind of proxy service in conjunction with source IP based authentication/authorization to external content providers?
3. Do your institution’s typical contracts with external publishers place limitations on the ability of these publishers to collect, retain, reuse, or resell data about user behavior?
Do they constrain external publisher attempts to de-anonymize these users?
Please send responses to [xxx]@cni.org. Many thanks for your help with this survey!