Contract Language Model License Agreement 1.0
The Contract Language Working Group is pleased to release the Federated Authentication Contract Language Model License Agreement 1.0. From the introduction:
“Existing contract language between resource providers and libraries is almost universally focused on authentication and authorization via IP address. Reference to federated access is most often with language that refers to “secure networks”, and the authorization of users that are on said network to access resources. As more and more resources move to federated access, this language is no longer sufficient. Users will instead be on various local networks (home, coffee shop, etc.), and will no longer be proxied ‘into’ the organization’s network in order to achieve access to resources. Therefore, contracts will need to begin to take into account federated access more explicitly with new language specific to the nature of federated access and recent developments around it.”
There are two documents that the Working Group would like to provide as a part of this release. The first is the Model License itself, a version of the Library Model License Agreement 5.0 from the Center for Research Libraries which was edited to provide federated authentication specific language where needed.
Federated Authentication Contract Language Model License Agreement 1.0 https://docs.google.com/document/d/1scLrPQMDTtl4j7F7oqnQCPPQFBa2IB9P8dlJe2XYDUs/edit?usp=sharing
The second is a document with only the altered language, pulled out of context of the license as a whole, but perhaps more useful for those libraries who have existing license language they would prefer to continue to use. With this, those libraries could borrow language where necessary without needing to incorporate the entirety of a new license.
Seamless Access Model License Language - Isolated FedAuth Language https://docs.google.com/document/d/1d7TFFphRlKwAE3CsvGBtiS7s2XVcPD4fr1PaJV6Ikt4/edit?usp=sharing
This MLA builds on the earlier work of this group to provide Entity Category Use Case Scenarios for libraries and publishers to use when determining which attributes should be shared during federated authentication.
The goal of this work is to provide libraries and publishers common language to use in license agreements, and we hope that it makes the process of making user access to remote resources via federated authentication easier to implement for everyone. If you have any questions about this document, feel free to contact the chair of the working group, Jason Griffey.
The Working Group would like to acknowledge that much of the feedback from the library community revolved around the need for privacy-specific language updates throughout the broader, unchanged license text. We agree that a language review along that front is warranted, but this working group was focused on the federated authentication aspects of the license. We feel that those aspects are strongly privacy-preserving when implemented as outlined. We strongly encourage a privacy-focused library group to review the underlying license document to bring it into line regarding privacy best practices, and would gladly update our version of the license here when that review becomes available.