Why Access Matters and the Challenge Maintaining It
“Stuff that gets used is the easiest stuff to use.”1
Most academic library patrons today grew up with the internet, and being online is very natural to them.2 They expect to be able to easily and quickly access the information they want. A poor access experience with library-provided electronic resources can deter patrons from library use and cause them to consult alternative sources, such as unsecure pirate sites like Sci-Hub, for their research.3
Maintaining electronic resource access in academic library settings is difficult. There are numerous complicating factors, including:
multiple new and legacy technologies that are utilized for resource access, such as IP addresses, VPNs, proxy servers, referring URLs, the SIP2 protocol, federated authentication, and SeamlessAccess/IdP discovery;
the regulatory environment, including data privacy laws like the General Data Protection Regulation and California Consumer Privacy Act, is highly complicated and changes frequently;
upcoming changes to the way browsers handle privacy.4
Introducing the Access Audit Toolkit
At the crossroads of many of these challenges, the SeamlessAccess community proposes the Access Audit Toolkit as one solution. A framework to assess the quality of users’ access experiences, the toolkit currently focuses on usability and privacy. It also provides recommendations on best practices and industry standards, and other advice on how libraries might deliver more effective access experiences. Goals of the toolkit are to enable librarians to easily understand industry best practices, and to provide vendors with information when users have suboptimal access experiences. The toolkit also serves as a communications tool to improve knowledge and awareness of these issues. Finally, this toolkit can help libraries make a business case for investing in improved user access experiences by highlighting any gaps between the current access experience and best practices while identifying any needed improvements.
Usability
The toolkit separates its coverage of usability into three categories. Each category includes examples of questions that help users audit the usability of a service provider’s interface, particularly when users begin from the service provider’s website rather than library discovery or resources pages.
How Obvious Is It to Get Access?
The first usability category addresses whether it is obvious how a user accesses a paywalled resource. A simple way that usability experts test for this is the five-second rule: can a new user figure out what to click on to get access within five seconds of looking at the web page? Service providers should present one clear option to access the content and avoid offering several equally important options. The interface should focus on addressing the majority of use cases and avoid shifting the burden to the user to figure out where to click (Figure 1). Above all, ease of access should be prioritized over marketing opportunities. Three questions are prevalent in this category:
Is the primary access option clearly distinguished from other options?
Do options clearly communicate intent?
Is there a maximum of three alternative options, and are additional options progressively disclosed?
Can I Easily Select My Institutional Affiliation?
The second usability category relates to users selecting their affiliation. Many authentication mechanisms require users to log in with credentials tied to their institution or organization, such as federated authentication, public library cards, or other forms of Security Assertion Markup Language (SAML)-based login. Historically, this has created significant friction for users, as each website uses a different visual layout, vocabulary, and approach to selecting their institution. Users are expected to know the authentication level required (individual vs. organizational) and, ideally, what resources are available once they are authorized (Figure 2). This category contains four questions:
Does the list show all institutions?
Does the list indicate if an institution may not provide access?
Can the complete institutional list be quickly filtered?
Is remembering a selected institution allowed?
Is It Accessible for All Users?
The toolkit’s third usability requirement is accessibility. According to statistics from the United States Centers for Disease Control, over 20 percent of users will have at least one disability that can impair their ability to navigate web pages. Many government regulations such as Section 508 of the Rehabilitation Act mandate that websites be compliant with accessibility standards. Yet many websites fail to comply and many others claim to comply, but few are truly accessible. An annual study of the top one million sites on the internet by a web accessibility non-profit based at the Institute for Disability Research, Policy, and Practice at Utah State University found that 96.8 percent of home pages had detectable WCAG 2 (Web Content Accessibility Guidelines) failures.5 WCAG is a series of standards developed by the Web Accessibility Initiative, which in turn is part of the World Wide Web Consortium (W3C).
Accessibility is not just technical compliance; it is enabling considerate interactions, which are outlined in the toolkit:
Can users navigate the access interface using their keyboard?
Is the appropriate level of contrast used in the color scheme?
Can content be easily magnified?
Is content, including institutional selection, screen-reader-friendly? This enables users with assistive technology to find and select their institution, where all visual cues are also announced verbally and additional guidance is provided.
Does the site support non-English languages?
Usability Resources
SeamlessAccess has created dedicated resources with more information about usability issues inthree major categories, targeted toward librarians:
These pages provide more information about usability questions in these areas and examples of good or bad practice. They also contain links to more technical information that can be shared with vendors and other service providers that are not meeting best practices.
Privacy
The second useful area for evaluating access to resources is privacy, as considered in Article VII of the American Library Association Bill of Rights: “All people, regardless of origin, age, background, or views, possess a right to privacy and confidentiality in their library use.”9 It is the responsibility of the library to understand how patron data is collected, used, shared, and stored.
There are three lenses through which the toolkit examines issues of privacy as it relates to access:
What patron data is shared automatically without patron knowledge?
What data is shared with vendors with patron permission?
What data is collected internally by the library or the library Information Technology Department about patrons?
Privacy Resources
There are numerous resources available to library personnel that address online user privacy. Of note are the Privacy Field Guides for Libraries,10 which are structured to give library workers the tools needed to create and be advocates for a safer, more secure library; and the Vendor Privacy Audit found on the Library Freedom Project.11
Using the Toolkit
When assessing the usability and privacy-preserving practices of a vendor’s platform, the authors suggest emulating off-campus access and that the user begin their research from the open web, which is the use case for most researchers. In this way, authentication is not assumed to have already occurred but is instead established at the point of need. And finally, consider focusing on one vendor’s platform at a time, then focus on one key aspect that is being audited using the toolkit, then evaluate usability, followed by privacy, etc.
Usability
The ease of access to the desired information is generally deemed most important when assessing a publisher’s website for usability, but often this goal is complicated by the authentication process and by establishing one’s institutional affiliation. SeamlessAccess greatly simplifies authentication by providing a consistent and easily recognized link to institutional access. Without SeamlessAccess, it can be difficult for users to locate the appropriate link to obtain access, and many sites make the pay option more prominent than the institutional access option, which further confuses users.
The same issues with authentication are found when establishing institutional affiliation. When a vendor has enabled SeamlessAccess, the IdP discovery flow is consistent and user-friendly; when the user begins entering their institution’s name, the form auto-populates their selection. Without SeamlessAccess, the user encounters different interfaces, functionality, and vocabulary when attempting to establish their institutional affiliation. For example, a user may not understand the prompt “sign in with your OpenAthens account” on a vendor’s website.
Privacy
Privacy considerations are more difficult to assess because the information is not transparent to the user; the user community is largely at the mercy of the vendors and publishers to protect patron privacy and handle personally identifiable information in the manner they describe. Typically, vendors make available online their privacy policies and documentation regarding their use and storage of these data, but many publishers use third-party data and text analytics tools whose policies differ from the publisher’s.
Typically vendors do not require any personally identifiable information (PII) to be stored to access their sites. But if a user does not set up a personal account, which by default shares PII, then they are not able to personalize their experience by saving articles, citations and abstracts, search queries, for example. Also, vendors are increasingly offering users the ability to opt in or opt out of sharing varying levels of information to access their site. There is concern that users are starting to suffer from “consent fatigue,” where they are confronted with numerous pop-up windows that require them to approve or decline prompts to get to their destinations. With upcoming changes to browsers meant to bolster users’ privacy coming soon, this fatigue will only increase.
Summary
Overall, the authors found that the tasks described in the Toolkit are not overly burdensome or time-intensive. Rather than treating these activities like a time-limited project and assigning personnel and resources to the tasks listed above, they can be completed when many of the day’s more urgent priorities have been tended to. As the concepts in this Toolkit are worked through, certain patterns typically emerge and most questions that surface when assessing a publisher’s website are ones that librarians intuitively ask themselves when considering a subscription to a new resource. So this project can be viewed as a much-needed retrospective look at resources that have been around for some time.
By having the information revealed from the activities described throughout this paper in a consistent format, the toolkit offers a way to uniformly document the many questions considered when looking at a new resource in a consistent, formulaic way, and allows for an easier comparison of publisher’s sites. Some additional benefits might include:
Leveraging information collected in this audit to make suggestions and negotiate with vendors
Utilizing this information to assist in publishing an advocacy report and/or privacy statement by the library
Using information gathered as teaching and training aids for helping users understand the value of their online identity. This is especially a need of our Gen Z population, who are surprisingly unaware of the issues surrounding online user privacy and security12
Assisting with operationalizing usability and privacy practices in libraries
As Phase II of this project begins, SeamlessAccess is expanding the scope of the Access Audit Toolkit to cover two additional key areas that impact user access to resources, as well as explore how to share audit findings across the community:
Security: The implications of security for resource access should be considered for all authentication types. Issues include:
How easily can access be hacked or faked?
How easily can fraudulent access be shut down?
Is the access technology using best practices?
Reliability: It seems like old access technologies never die in academia, and this burdens many libraries with legacy access technologies that are less reliable than their modern counterparts. For example:
Is access brittle and/or dependent on other system components such as vendor web applications, browser settings, library infrastructure (e.g., IP addresses, proxy software)? Community Awareness: Phase II will also include developing mechanisms for enabling publishers and librarians to view findings and contribute to the audit process.
Contributor Notes
John Felts is Head of Information Technology and Collections, Coastal Carolina University, Conway, South Carolina.
Heather Staines is Director of Community Engagement & Senior Consultant, Delta Think, Philadelphia, Pennsylvania.
Michelle Urberg is Client Success Manager, LibLynx, Seattle, WA.
Notes
- Anonymous UIUC e-resource librarian, 2023. ⮭
- Emily A. Vogels, Risa Gelles-Watnick, and Navid Massarat, “Teens, Social Media and Technology,” Pew Research Center, August 10, 2022, https://www.pewresearch.org/internet/2022/08/10/teens-social-media-and-technology-2022/. ⮭
- Beatriz B. Ferreira, “Illegal Access to Scholarly Information: Considerations Regarding the Use of Sci-hub and Its Constraints to Academic Libraries,” OSF Preprints, last edited May 17, 2023, https://doi.org/10.31219/osf.io/mer5n. ⮭
- “FAQ on Browser Privacy Changes and Library Resource Access,” SeamlessAccess, accessed November 15, 2022, https://seamlessaccess.org/learning-center/browser-faq-publishers/. ⮭
- “57 Web Accessibility Statistics [Updated for 2024],” DDIY, accessed September 15, 2023, https://ddiy.co/web-accessibility-statistics/. ⮭
- Bojhan Somers, “Clarity of Access Entry Point,” Atlassian, SeamlessAccess, accessed September 21, 2023, https://seamlessaccess.atlassian.net/wiki/spaces/DOCUMENTAT/pages/950632449/Clarity+of+access+entry+point. ⮭
- Bojhan Somers, “Institution Selection,” Atlassian, SeamlessAccess, accessed September 21, 2023, https://seamlessaccess.atlassian.net/wiki/spaces/DOCUMENTAT/pages/950501379/Institution+selection. ⮭
- Bojhan Somers, “Accessibility,” Atlassian, SeamlessAccess, accessed October 1, 2023, https://seamlessaccess.atlassian.net/wiki/spaces/DOCUMENTAT/pages/951582721/Accesssibility. ⮭
- “Library Bill of Rights,” American Library Association, accessed November 26, 2024, https://www.ala.org/advocacy/intfreedom/librarybill. ⮭
- “Privacy Field Guides,” Privacy Field Guides for Libraries, accessed October 2, 2023, https://libraryprivacyguides.org/. ⮭
- “Free Resources,” Library Freedom Project, accessed October 3, 2023, https://libraryfreedom.org/resources/. ⮭
- Roberta Reiff Katz, Chas Grundy, and Jason Griffey, “GenZ, Cybersecurity, and New Security Measures on User-Facing Tech – an SNSI Security Summit,” Choice, Association of College and Research Libraries, October 10, 2023, https://www.choice360.org/webinars/genz-cybersecurity-and-new-security-measures-on-user-facing-tech-an-snsi-security-summit/. ⮭