Publishers must widen their frame of reference in order fully to understand the change in business models that taking their content online might necessitate – looking beyond traditional pricing models and text formats within their particular field of publishing.

This was one of the key finding of the inaugural Semantico Symposium, held recently in London to discuss implications of the shift to mobile for publishers and information providers. An invited audience of publishing industry leaders debated the issues under Chatham House rules, covering the following three themes:

• Devices and technology
• Business models
• Future strategy options

It was a stimulating event with a high calibre guest list, delegates attending from organisations including Oxford University Press, Nature Publishing Group, Macmillan Education, Wiley-Blackwell, CrossRef, CABI, BSI Group and the Institute of Engineering and Technology. To do justice to the discussion, we’re reporting it over three blog posts. This post is on the theme of business models.

Business as usual?

Publishers putting their content online find a very different commercial environment from that which they are used to in offering their physical, print products. However in some respects, the issues with online are not always that unique, though publishers often need to look outside their own particular niches sometimes to see this – even where mobile is concerned.

One thing that is often held up as a major disruptor is the ‘freebie’ culture of the internet – the widespread expectation that information should be free; an attitude that is opportunistic in some quarters, profoundly ideological in others. Though there are obvious problems with this from a publisher’s point of view, the other side of the coin is that the interconnected, globalised nature of the web offers unprecedented reach for content that is easily discoverable and not sequestered behind a paywall. Mobile holds out the promise of intensifying this reach, since more people have mobile phones than computers. Free presents big opportunities as well as big threats.

How this trade-off between reach and revenue protection will work itself out is currently being watched with great interest in the news publishing market, with Murdoch’s Times Online leading the charge for keeping content behind the paywall. A wide variety of subscription models are being experimented with online, and mobile has slightly upped the ante here through the way it enables micro-payments (fairly seamlessly in the case of Apple). Apps are a micro-payment system, looked at from a certain point of view, and the fact that many apps are offered in both premium and free versions points towards a pricing model that will be familiar to many. Freemium/premium models, if they can be made to work, offer big opportunities for marketing, while safeguarding the value of core content – and in doing this many publishers will feel themselves on (reasonably) familiar ground.

As someone who has recently upgraded his shredder to a more industrial model partly to deal with the quantity of publisher offers that fall through the letterbox on a daily basis, I can testify to the many and various ways in which publishers deploy free and cut-price offers offline.

Free trials, forced free trials, freemium, premium, tiered subscription – all of these physical-world species of offer have their online equivalents in the age of the app; and seeing this point of similarity perhaps provides a more useful way of looking at the whole ‘free’ debate. In the end, it’s a case of plus ça change, perhaps.

Who pays?

One result of the internet’s ‘freebie’ culture, in consumer markets at least, has been a drive towards funding content in different ways, notably through advertising-driven models (Google being the most successful example, of course).

Clearly this is not going to wash in more specialized areas of publishing such as learned journals, but even there we have see something of a ferment, with the Open Access movement proposing a move to an ‘author pays’ model. Although this has failed to make serious inroads to date, nevertheless the issue of ‘who pays’ continues to be a live one in academic publishing, where many markets are three-cornered, involving institutions (or organisations) and end-users as well as authors. At least one of our symposium guests felt that in their view underlying market structures were not in revolution, despite changes in the way people pay for content: ‘basically, the same people end up paying.’

There’s no doubt that online does provide different ways to pay. It has enabled the Big Deal, still a dominant model in institutional sales, although coming under some pressure. Easier micropayments, and more sophisticated access management, hold the promise of a more varied and flexible future for pricing models – even though it is a future in which publishers are going to have to stay on their toes in order to protect the value of their content.

Greater convenience and sophistication in the way content is paid for may well be necessary, however, in order to cope with the way the content itself keeps threatening to transmogrify.

iPad and incunabula

Printed works in physical formats – be they monographs, journals, dictionaries or whatever – owe their form to purely physical constraints that do not obtain online. Why do we turn pages rather than unroll a scroll when we read a book? Because the codex, derived from the wax-covered tablet used by the Romans, supplanted the scroll sometime around the sixth century AD by virtue of its superior compactness, sturdiness, ease of reference and economy (i.e. it used both sides of the paper). On an electronic device, the choice to scroll or click to a new page is dictated only by latency, a restriction that is fast disappearing as bandwidth increases, so that eventually that choice will be a pure design decision.

As this point approaches, with the launch of the iPad, it seems likely that we are seeing new hybrids and evolutionary experiments in the form of text – the equivalent of incunabula.

Though e-books currently mimic the conventions of the printed book, it is not always so clear with other types of text how helpful it really is for a book to preserve its physical-world form. An educational textbook, for instance, looks a lot like a magazine. Would it make sense to format them as such when they end up on iPads? Similarly a learned journal can resemble a database in its essential form more than it does a magazine. With a proliferation of devices with which to access electronic information products, including smartphones, e-readers, touchscreen tablets, netbooks and the (now) old-fashioned desktop, will the device we buy end up being dictated by the type of content we want to access on it?

The choice also exists, with certain reference works, for example, to turn a book into a software application that answers specific questions or helps the user through a specific task in real time, such as diagnosing a medical condition – or finding the nearest Michelin star restaurant – or choosing the wheat crop to grow in a particular type of soil. In this new future, some books will really have very little reason to be books anymore.

New forms, new models

Clearly, new and changed content formats are likely to create a need for new pricing models, and by extension for new business models. But they also put pressure on the traditional fault lines that divide one niche of the publishing industry from another. It is a source of frustration for some ‘techies’ in the online publishing industry that these lines are still so rigidly drawn; that there is a monographs industry and a journals industry, for instance, and never the twain shall meet.

This seems all the more counter-productive as two things are clear from the discussion above. Firstly, that there is a lot to be learned from one area of publishing watching closely what is going on in another, since many of the issues being faced online are common ones for all information providers of whatever stamp. And secondly that the old divisions will increasingly lose meaning as terms like ‘monograph’ and ‘journal’ gradually become irrelevant to the way that information is presented and consumed online.

The debate continues

Tune in next time for a further report from the Symposium, as we move to discuss future strategy.

Are we there yet?

Along the way I’ve surveyed the current landscape and looked at the multi-dimensional influence of Web 2.0. The journey has highlighted tensions caused by Web 2.0, and the new software models of the API-driven web, and the pressure it puts on existing models of identity management which, as I have attempted to show, struggle to cope with the complexity of this new universe.

In this post I want to delve a little deeper into the privacy and security implications of that environment and to look forward to the semantic web, before making some recommendations for how I think identity management needs to develop in order to get us to our goal.

Lock-in, ownership & control

The providers of social network services have been quick to understand the potential of being online identity hubs for their users. This is a natural function of their prime aim of driving up usage; being an identity provider is just one more service that Google or Yahoo can deliver and one which keeps them firmly at the centre of our online worlds.

As we move more of our identity information online it becomes potentially much easier to move that information around. With that ease of moving data around, concern increases that our personal data could be passed on to third parties. At best it might then be used to spam us, or be sold to our competitors. At worst, we might loose control over ownership of our online identity altogether, and it could be used for fraudulent purposes. These data protection issues are furthermore set in a global context where national legal frameworks may no longer make sense.

Who to trust

In this federated environment of identity providers there are a number of important questions that must be addressed, including:

1. How much do we trust these identity providers with our personal details?
2. Who audits services such as Facebook or LinkedIn to ensure security issues are addressed?
3. How much to we trust the downstream sites using these identity services with our personal details?

With these questions in mind, it is possible to imagine an ‘identity supply chain’ where different entities within the chain only know the smallest parts of a given identity that are needed to perform their function. For example, I could log in to a website without the website itself knowing my password. Similarly I could order goods without disclosing my full identity to the shipping agent, and I could leave commentary on a blog without the blog system needing to know my postal address.

The semantic web

In the web of linked data, identity is centrally important for determining trust, provenance and authenticity. Understanding who made a particular assertion is essential within scientific communication, for example, which is necessarily a continuous debate. In such a discourse, degrees of trust and certainty are necessarily important in evaluating and combining facts from different sources. Identity is needed for:

• Annotation – making commentary and building discussion around facts and data
• Augmentation – adding new data and assertions to existing data sets based on new evidence and experiments
• Refutation – allowing statements to be contradicted according to new evidence or new interpretation of existing evidence, based on different degrees of trust within a system

All of the above types of communication are quite possible using the linked data semantic web model we have today. For example, I am free to publish any kind of statements I like which refer to other statements. However in doing this it is critical that the notion of my identity is preserved in relation to the statements I make, just as its is critical that the identity of the author of the original statements is clear.

Wikipedia or Schizopedia?

The huge success of Wikipedia has shown that collaboration and openness combined with low cost of usage can combine to produce true value. The centralised model of Wikipedia allows the tracking of individual edits but not necessarily on a named or identified user basis. Essentially, the decreased end user cost of building the information resource has been traded against a consequent lack of traceability and provenance.

Compare this with the semantic web linked data model. Here no centralisation is expected (or even possible). I can publish some facts, you can comment, agree, refute or augment these facts, and by publishing your assertions in the linked data cloud you can also join the conversation. So can many other people, with many other agreements, contradictions and additional observations. Here the conversation could start to resemble schizophrenia, with many voices talking at once. Without a solid notion of identity and provenance it is impossible to build a consistent and coherent model of the facts.

New licence models

Many publishers have traditionally licensed their intellectual property to third parties in the form of data sets. This could be, for example, to provide language translation devices to language students, or alternatively to provide an abstract service to complement the primary source materials in a particular discipline. These licence deals inevitably involve the simple transfer of the published content as a set of static files from licensor to licensee.

However, as the service offered by publishers matures to include APIs to their data and services instead of simple file transfer, the need to address identity issues arises. Typical identity issues include:

• The need to ensure the API is used only by the licensee
• The need to record usage metrics by each licensee

Additional issues may include the need to track the licensee’s individual users and their usage patterns. Furthermore if the API delivers services to the licensee’s end users beyond simple search and content retrieval, then it may be necessary to exchange authentication and identity information about the end user of the site.

Conclusions

Drawing all the threads together that I have explored in this and my previous posts on Identity Management I have come up with the following conclusions.

The answer the question ‘are we there yet?’ is of course no, not yet. The more interesting question is whether we are even on the right road to get there. In order for us to reach our destination, a rational and usable system for managing identities on the web, the following needs to happen in my view.

Publishers and information professionals need to collaborate to design an identity framework what meets the needs of all stakeholders including contributors, researchers and institutions. This framework should be built on existing open standards such as OpenID and DOI but must not sacrifice usability. The solution must be built on an organisational infrastructure which is credible and can be trusted across the industry, and should ideally be based on open source software which can be independently audited for security concerns by any interested party.

The starting point for such a collaboration may already be in place with the recently announced ORCID (Open Researcher and Contributor ID) initiative. I for one will be watching this project closely over the coming months and I look forward to their developments and progress.

And in the meantime … keep quiet you kids there in the back!

Personalisation

The ability to personalise and customise web sites is taken for granted in the Web 2.0 world. We are now used to logging on to services such as Twitter, Facebook and Google and being delivered into environments that we can customise and personalise to our own needs.

The expectations of users within this new world provide problems for identity management, which, as we saw in my last post, has to use an infrastructure that was never designed to cope with such user requirements. The danger is that too inflexible a system might act as a brake, or even a deterrent.

Flexible identity management solutions are critical to the uptake of personalisation services because they lower the barriers to access to new services. Commenting on a blog post must be made as simple as possible, yet in order to preserve my online identity in any comments I make it is essential that I can authenticate myself. The barrier here in many cases is that I don’t want to register yet another username and password with each blog site I visit in order to identify myself. One solution to this is the OpenID protocol which allows me to log into participating third party sites using the identity that I’ve already established using an identity provider such as Google, Yahoo or Flickr. Few publishers have so far adopted the OpenID standard; notably Reed-Elsevier have set up an OpenID identity provider, IDkee; let’s hope OpenID authentication is soon to be implemented for their flagship site Science Direct.

Many current publisher sites provide personalisation features but these functions tend to exist exclusively within the publisher’s own silo. If I store bookmarks or reading lists within one publisher silo, there is no way to share these with my social contacts across the web. If I contribute to a discussion within one publisher platform, that discussion tends to stay behind the paywall of the silo. Why can’t I call up a view that shows my comments across all the publisher sites I use on the web?

Usage metrics

If the multiple identities we all have to maintain within the Web 2.0 world provide problems for users trying to access services, they also cause snarl-ups at the back-end of the process – with the tracking of usage by providers of those services.

Usage metrics are important for publishers. Mainstream web analytics software and techniques tend to focus on general trends and usage patterns because it is not straightforward to reliably identify individual users, but for publishers, identifying institutional users and correctly accounting for their usage is critical in delivering industry reports compliant with the COUNTER standard.

However, the COUNTER model does not even begin to address the complexities that can arise when multiple identities are in play. For example, I might need to express three different levels of identity at the same time:

1. My own personal account, for content I have purchased for my own private use.
2. My department’s subscription to an information resource (not shared with the rest of the institution)
3. My institution’s identity and its subscription rights to an online resource.

In this scenario, when I access a piece of content online in a publisher platform, the access could be accounted for at any one of the three levels above. The COUNTER standards do not currently cover this type of compound identity problem.

The semantic web also presents a serious challenge for usage metrics. Once facts are published in the linked data cloud, measurement of usage becomes impossible: those facts could reside in any system or platform and are no longer under the control of one publisher.

Usage metrics are important for publishers not only as an accounting tool – they also help publishers to improve the usability of their services. And usability is another critical issue bearing on access management.

The Shibboleth protocol was set up as a way of making things easier for users accessing services, and to streamline this question of multiple identities somewhat. However, Shibboleth itself has turned out to have some usability problems.

Usability issues

If Wikipedia required users to login with a personal username and password how much would it affect usage?

This question aside, the federated nature of the Shibboleth single-sign-on system means that in order to log in users first have to confirm where they come from, in order that they can be directed to the correct identity provider. This problem is further compounded by the large number of identity providers in the Shibboleth system (740 in the UK Federation alone). Asking a user to select from a list of 740 places is clearly a significant barrier to usability.

OpenID based systems don’t have the problem of large federations, since anyone, potentially, can set up an identity provider service. The usability challenge here is to pick the simplest list of providers and give the user an alternative way of entering a full OpenID URL if their provider is not on the list. Again, another usability challenge most users would rather not face.

Finally, and not to be forgotten, is the thorny problem of logging users out of a service. In a single-sign-on environment the problems with single log-out are surprisingly complex. It requires coordination between all the sites a user has visited and, combined with the difficulty in educating users that logging out is even necessary, presents another usability challenge.

Conclusion

Identity management plays a key role in the Web 2.0 world and this being so, Web 2.0 tools need to step up to the privacy and security challenges raised by the new software models of the API-driven web. In particular, thought needs to be given to these key issues of personalisation, usage metrics and usability.

I have one further post to deliver on the subject of online identity. This will consider the question of how close we are in reality to delivering on what has been called Online Identity 2.0. And I’ll also be examining a further trio of key issues key for the semantic web: provenance, trust and authenticity.

The web as it exists today suffers from the lack of a consistent way of managing identity. There are challenges in both identifying myself to the sites I visit and in identifying those sites myself. Without any standard mechanism to deal with this, web developers have devised an array of different and incompatible schemes to manage identity. This presents serious challenges, since authenticity and trust are critically important concerns for publishers and information providers.

In the beginning, the internet was a place of implicit trust. Networks were small, and users were trusted with not abusing services. During the rapid growth of the network, many security and identity problems with the underlying network protocols and subsystems were discovered and solved. However the web itself has followed a different path of evolution.

Hypertext and identity

Early hypertext systems were firmly based on the idea that all users would need to be able to read and write documents. The models built into the first systems, such as Xanadu, allowed users to compose their own documents and to annotate documents authored by others. This functionality naturally required users to authenticate and identify themselves.

However, when Tim Berners-Lee invented the web in the late 1980s the distributed authentication services to support the read/write web did not yet exist. He simplified the original hypertext vision in order to make it easier to implement by removing the composition and annotation elements. This in turn removed the need for identity management systems which significantly reduced the complexity of the software needed. This simplification allowed the web to grow quickly at the cost of initially making it into an essentially read only environment for most users.

Visitors and residents

Recent JISC research into how people use online services has started to focus on the distinction between ‘visitors’ and ‘residents’ (proposed as a more useful replacement for the previous talk of ‘natives’ and ‘immigrants’). Those who use the web as a tool for specific tasks can be seen as visitors whereas those who spend a large amount of time online can be categorised as residents. Residents clearly have a strong need to maintain their online identity, since their presence on the web is an essential part of their overall social interactions. Visitors still need to manage identity, though their needs are more in the context of being able to authenticate themselves and the sites they visit.

This distinction between visitors and residents is in reality more of a spectrum of different behaviours, but it’s critical that publishers understand the common needs for identity and authentication services. As the participative read/write web returns with the move towards Web 2.0 services the traditional roles within publishing of author and reader are disrupted, and again this is exactly the point where online identity, and trust in that identity, is centrally important.

Publisher platforms

Current publisher platforms provide a good example of the patchwork of different services and approaches to authentication and identity management developed over the past decade. Most feature a combination of the following approaches:

1. IP authentication to identify a user’s home institution. This works well for on-campus users as it allows invisible authentication and thus provides the lowest possible barrier to usage. However this scheme is useless for remote users.
2. Federated authentication to identify an individual user within an institution. This covers both the historical Athens protocol used within the UK and the Shibboleth protocol now gaining significant traction in the UK and America. This works equally well for on and off campus users at the cost of a sometimes difficult user experience.
3. Other username/password schemes. Individual identity outside of the institutional context is invariably handled by requiring users to create their own account within a publisher’s system.
4. Other remote access schemes. Schemes such as EZproxy or referrer authentication allow remote users to identify their institution to a publisher platform by first logging into their institutional home page. Again, usability is compromised by having to go through the institutional portal to gain access to the resource.
5. Personalisation log-in. In order to uniquely identify individual users within an organisation it has often been necessary to have a second level of log-in within a publisher platform. This requires users to create and maintain yet another identity within the publisher platform.

These approaches cannot usually be combined or aggregated, which acts as a further barrier to usability and usage. For instance, to access individual purchases it may be necessary to log-out of the institutional account and log-in again as an individual user.

Publishers are increasingly looking for business models which allow them to combine different levels of institutional access rights (e.g. school, department and college) with individual access rights. The existing infrastructure is in many cases not able to support these new models and so new solutions are needed.

Contributor identity

As the distinction between reader and author becomes increasingly fluid both parties need to be able to manage their online identity to interact with the read/write web. The CrossRef ContributorID project is focused on providing an identity framework designed to address the issues around knowledge discovery and authentication for the scholarly publishing community.

Conclusion

I’ve attempted to provide a survey of the existing landscape here, but where Online Identity is going next is a much bigger question – not to mention our ideas for where it should end up! Next month I want to discuss the influence of trends associated with Web 2.0 and how they are affecting the field, as we move towards Online Identity 2.0.