Draft Minutes, InC-Library Collaboration, Phase 2 March 20, 2009
*Attending*
Steve Carmody, Brown University (chair)
Jim Austin WRLC (Washington Research Library Consortium)
Karim Boughida, David Bietila and Sandesh Anand George Washington Universty
Tom Barton, University of Chicago
Matt Bockol Carleton College
Tony Byers, Michigan State University
Angus Campbell, OCLC
Adam Chandler, Cornell University
Gary Chapman, New York University
Matt Decker, Wayne State University
Eric Dau, Wayne State University
Lynn Garrison, Penn State University
Sam Hooker, University of Vermont
Thomas Howell, Northwestern University Library
Dave Huth, University of Utah
Barry Johnson, Clemson University
Dave Kennedy, Duke University
John Kiser, University of Pennsylvania
Tobias Kreidl, Northern Arizona University
Jonathan Lavigne, Stanford University
Dan Malone, Cal Poly San Luis Obispo
Ben Morgan, University of North Carolina School for the Arts
Tim Mori, North Carolina State University Tod Olson, University of Chicago
Brian Owen, Simon Frasier University
Kent Percival, University of Guelph
Mark Scheible, North Carolina State University
Renee Shuey, Penn State University
Paul Soderdahl, University of Iowa
Gordon Springer, University of Missouri
Shubin Wang, Johns Hopkins University Library School of Medicine
Rich Wenger, MIT
Ann West, Internet2
Rhonda Whithaus, University of Missouri
Breck Witte, Columbia
Maurice York, North Carolina State University
Jason Zavar, OCLC
Dongming Zhang, Johns Hopkins University Library School of Medicine
Foster Zhang, Johns Hopkins University Library (System Office)
Dean Woodbeck, Internet2 (scribe)
--------
Action Items
(AI) All - Develop use cases prior to the next call - how we want this hybrid to look to the user and to the librarian. (email to Dean Woodbeck - woodbeck@internet2.edu)
(AI) All - Provide ideas as to the business case that you would present to the library and IT organizations to justify this project. (email to Dean Woodbeck - woodbeck@internet2.edu)
(AI) All - List the top 10 outside library vendors that you'd like to see Shib-enabled. (email to Dean Woodbeck - woodbeck@internet2.edu)
(AI) Rich Winger will email the list outlining this issue: how to account for access to systems that may need a more-secure level of authorization.
(AI) Ken Percival will email the list: how libraries are adding value to EZproxy.
(AI) Dean Woodbeck will develop the wiki space and add the initial information from participants as it comes in via email.
--------
Phase 1 Review
Steven Carmody reviewed the result of Phase 1 of the library project, in which six campuses explored options for improving the user experience for accessing library resources. Phase 1 proposed a Shibboleth/EZproxy hybrid as the best method, given the prevalence of EZproxy in the library space and the usefulness of using attributes (vs. IP address ranges) for authentication and authorization.
The charter for Phase 2 is to take this hybrid into production, providing a service and making for a better experience for both users and librarians.
--------
Summaries from Call Participants
Please note: These are in alphabetical order. If I mischaracterized what you said on the call, please email Dean (woodbeck@internet2.edu)
Buffalo - Has a number of services Shibbolized and is testing a Shibboleth/EZproxy combination. Hoping to roll into production by the end of the semester.
Cal. Poly San Luis Obispo- Has Shib in a development environment and joined InCommon last
week. The library uses EZproxy. Looking to the library as a pilot for Shib.
Carleton - The library uses LDAP with EZproxy. The campus has started using Shibboleth for other services and is looking to use Shib authentication with EZproxy.
Chicago - Is in production with a Shibbolized EZproxy.
Clemson - Has Shib in place and uses EZproxy. Here to listen and gather information.
Columbia - Uses a non-Shib SSO for access to EZproxy. Not unhappy with the arrangement, but wondering if there is an opportunity here.
Cornell - Has Shib working with ILLiad and Jstore. Interested in pairing Shib with EZproxy. Also interested in the current NISO authN effort aimed at content providers; specifically developing best practices for login locations on SP websites (so users can easily find them).
Duke - Has Shibboleth and EZproxy in use; the library uses Shib to authenticate for one e-resource. Looking to use EZproxy and Shib together for SSO.
Guelph - Currently has EZproxy integrated with the LDAP. The campus has Shibboleth deployed and library is looking at moving to Shibboleth and federating.
Iowa - Has Shib and EZproxy both in place and now wants to see about connecting the two. Looking for the benefits and pay-off for doing so.
Johns Hopkins - Using Shibboleth with EZproxy; looking at issues with resources licensed only to certain campuses (the university has five campuses).
MIT - The goal is use SSO across any number of systems. The campus is integrating Shibboleth into the library system, which already uses EZproxy. This may also apply to a project with a local library consortium.
Michigan State - Currently using the Shib apache module to protect EZproxy access.
Missouri - using LDAP and EZproxy. The library uses Shibboleth, but with EZproxy or ILLiad systems.
New York University - Using OpenSSO and would like to integrate that with Shib, as well as EZproxy.
Univ. of North Carolina School of Arts - All UNC campuses implemented Shib. The School of Arts campus uses EZproxy to authenticate to e-resources, and would like to take advantage of a Shib/EZproxy tie-in later this year.
N.C. State - The campus is deploying Shib for SSO. The library uses EZproxy and a home-grown login. Would like to streamline the login and also accommodate access for a secondary list of users.
Northern Arizona University - Has been using EZproxy and currently using an in-house system for authentication tied to CAS and LDAP. The campus is using Shib with InCommon.
Northwestern - Uses EZproxy and a non-Shib SSO product. The main campus is implementing Shib and the library would like more fine-grained control over resources. There may be a Shib/EZproxy project in the next few months.
OCLC - Is interested in this project succeeding; very interested in this integration. Want to learn how OCLC can make the whole thing easier.
Penn - The campus central computing is bringing up Shib 2.1 for some SSO and will integrate with EZproxy. The goal is to provide a non-federated SSO means for authentication and authorization through EZproxy.
Penn State - Uses Shibboleth and EZproxy and wants to begin federating.
Simon Fraser University - The library uses EZproxy and campus computing has Shibboleth in testing. Looking to Shibbolize EZproxy.
Stanford - Three library organizations use EZproxy. The campus has a central Shib implementation and looking to tie these together. Also want to Shibbolize ILLiad.
Utah - Both Shib and EZproxy have been in place for at least two years, but the two are not linked. Interested in the progress here and how Shib might be used with EZproxy and also to implement SSO across the university.
Vermont- Has deployed Shib and uses EZproxy.
Washington Research Library Consortium - This is a consortium of eight libraries that are heavy users of EZproxy with a home-grown SSO. Looking to solve a variety of problems with the SSO and also allow for broader integration.
Wayne State - Uses EZproxy and has a Shibboeth server, but does not have Shibboleth in production. Want to simplify library services for researchers.
--------
Themes
Judging by these institutional summaries, there seems to be a lot of overlap - looking at the same problem (but mapping it to the local campus culture).
Themes that emerged from the institutional summaries:
• What is the business case? What value will this deliver to librarians?
• Improving SSO
• Integrating Shib with other library services (e.g. ILLiad)
• Fine-grained access control
• What is the model for combining all of these things?
• What is the relationship between IT and the library as these projects move forward?
--------
Potential Pilot Sites
Sites were asked if they had at least preliminary interest in serving as active working pilots. These include:
--MIT
--Johns Hopkins
--NC State
--Penn
--Penn State
--George Washington
--Carleton
--Clemson
--Duke
--Stanford
--Chicago
--Utah (interested, but in the middle of a library system conversion)
--Cornell
There may also be some Canadian interest (particularly University of Guelph) as the new access federation is rolled out.
--------
Methods for moving forward
The group discussed ways to begin this process. After discussion, it was agreed that participants will:
• (AI) Participants will develop use cases prior to the next call - how we want this hybrid to look to the user and to the librarian.
• (AI) Participants will provide ideas as to the business case that you would present to the library and IT organizations to justify this project.
• (AI) Participants will list the top 10 outside library vendors that you'd like to see Shib-enabled.
Other issues to address:
• developing a list of how you take services using EZproxy and gradually migrate them to Shib
• Accounting for access to systems that may need a more secure level of authorization. (AI) Rich Winger will compose an email outlining this issue.
• Understanding how libraries are adding value through EZproxy and how that may be affected by a transition to Shib. (AI) Ken Percival will send an email to the list detailing how libraries are adding value to EZproxy.
--------
Next Call - Friday, April 3, 2009, 1 p.m. (EDT)