How OpenAthens helps protect content from misuse

Content misuse is a persistent headache for both libraries and publishers. When content is accessed in a way that falls outside the terms of a licensing agreement, it can lead to loss of revenue for publishers – but also wasted time for libraries and their IT teams.

And although not all content misuse is deliberate, and some examples are much more serious than others, the knock-on effects can be damaging.

As a publisher who uses IP recognition to confirm that users are on site at a relevant library, for example, you’re unable to distinguish between users who may access content from that site. That means you may be unable to detect misuse at the user level. Or, if you do spot it, you may be forced to deny access to an entire organization while the issue is addressed. That could lead to authorized users being unable to access the content they rely on.

In our recent webinar for Cyber Security Month, we outline how OpenAthens can help protect content from misuse in a more targeted way – thanks to the benefits of federated access.

How federated access helps protect against misuse

Under federated access, users sign in to content as individuals. To enable this, the federation provides a "network of trust" between Identity Providers (libraries) and Service Providers (publishers).

From a content security point of view, the benefit is that libraries know and manage user identities. This means misuse can be traced back to an individual, and dealt with without disrupting the experience of others.

To make everything work, pseudonymous attributes are shared with the publisher. Some libraries are worried this creates a privacy issue. Yet OpenAthens only shares minimal attributes by default, and allows libraries to control the sharing of any additional attributes.

The role of OpenAthens in the security ecosystem

Because OpenAthens sits in the middle of the authentication flow between library and publisher, we play an active role in preventing misuse.

As well as offering admin tools for the purpose of response, we use a range of security features. For example, we enforce strong passwords and monitor user activity to detect suspicious behavior.

If our system suspects misuse, it temporarily prevents the user from logging in. As a library admin, you can then either unblock the account or block it permanently.

But federated access is an ecosystem – so for effective protection against misuse, libraries, OpenAthens and publishers need to work together.

As a library, of course, security means managing identities effectively. That means having good access control policies and enforcing them. You would need to make sure, for example, that there are clear systems and processes for onboarding and offboarding, so that only the right users retain access to content.

(For customers who use OpenAthens as their directory, we also offer account lockout tools to help with identity management.)

Publishers, too, need to secure platforms so that they only authorize authenticated users. And that means having their own misuse detection policies.

Federated access is, after all, a network of trust. While we’re continuously learning to help improve security, it requires all players to help protect against misuse.