Step 2: platform upgrade

The assessment done in step one will inform the amount of change your team will need to implement before you could proceed further.

Team gathered around desk

What kind of upgrades might you expect?

Install OpenID Connect on your platform

OpenID Connect allows publishers and service providers to verify the identity of the user based on the authentication performed by an authorization server. It also allows you to obtain basic profile information about the end-user in an interoperable and REST-like manner.

Learn more about OpenID Connect

Make sure your subscriptions management system can handle attributes

Your subscriptions management system will need to be enhanced to handle the institutional identifiers (attributes) passed by OpenAthens for authorisation in addition to the existing ways of authorising users.

Learn more about attributes

Implement WAYFless and deeplinking

In identity federations, the publisher or service provider platform needs to know where to send the end-user for authentication. This is called discovery. There are two ways to achieve it and doing both is recommended.

Learn more about WAYFless and deeplinking

Attributes, personalization and privacy

In essence, attributes are data points exchanged between your platform and the institution during authorization.

Standard attributes allow you to differentiate between individual users by maintaining their privacy at the same time. Extended attributes like name or email are often used to provide personalization features. But you need to make sure your privacy policy and agreement with your customer allows you to process personal data about the users.

More on standard and extended attributes

Standard attributes

One of the major advantages of an identity federation is that a standard set of attribute names can be defined. This means that in most cases, both identity providers and service providers can use generic set-ups and do not need to maintain hundreds of separate configurations.

Extended attributes

Whilst you can make use of these attributes, you should neither expect nor require them. This is because local data protection laws, policies, user objections, or other restraints may prevent an identity provider from releasing these to you. Consequently, you must not use them for authorization.

Ready for the next step?

Take me to step 3