Skip to end of metadata
Go to start of metadata

Phase 1 -- Understanding the Problem

Use Cases and Technology Recommendations

Focus: InC-Library was formed by a group of institutions willing to examine issues relating to access to protected libraray resources. The focus was to improve access to licensed electronic resources, identity user scenarios, document business practice and technology issues, and test proposed solutions.

The collaboration developed use cases for deploying Shibboleth, a single sign-on and federating software, for accessing protected library resources, with a particular interest in accommodating various user groups -- students, faculty and staff, walk-in library users -- as well as methods for providing remote access for users with university credentials.

Technologies: The collaboration explored federated access to protected library resources, using Shibboleth; as well as using a Shibboleth-enabled rewrite proxy (EZProxy and WebVPN).

  • Shibboleth is attractive because it leverages the university's existing identity database, protects user privacy, and provides fine-grained access control to protected content, depending on the vendor's license with the university. Shibboleth also provides single sign-on access to internal campus and library resources.
  • Libraries are concerned, however, about the differences in user experiences for on-campus users, that walk-in users don't have SSO accounts, and how to integrate any existing library patron databases.
  • EZProxy provides a solution for off-campus access to resources and is widely used for remote access. One benefit of using EZProxy is the ability to integrate Shibboleth and single sign-on authentication.
  • WebVPN is being used by UC-San Diego as a rewrite proxy, but this technology is not as widely used as EZProxy and is more expensive.

Benefits: The Shibboleth/EZProxy (SSO-enabled rewrite proxy) solution offers benefits to

  • users -- single userID and password.
  • librarians -- reduced cost and support, with far less IP and proxy maintenance. Also, permits roll-out of addtional Shib-enabled resources while keeping the user experience consistent.
  • library administration -- providing central usage statistics.
  • vendors -- no maintenance of password information (since Shib leverages the university's identity management system), authoritative validation, and quick breach investigation.

For a comprehensive overview of issues, scenarios and proposed solutions, please see this summary presentation about the collaborative's work [PDF].

Result: The pilot enumerated basic use cases, identified barriers to library adoption, tested the feasibility of various solutions, and tested the hybrid solution on different campuses with several vendors.

Use Cases

Presentations

A list of presentations and abstracts, with links to the presentation files can be found here.

What is Shibboleth

Shibboleth is an open-source, standards-based single-sign on technology. Shibboleth provides the ability to access both campus and external applications using the local identity management system. The institution provides an anonymous unique identifier to the resource, ensuring user privacy, while permitting access to resources based on internally-held criteria. Maintaining user authentication information at the institution allows increased reliability for vendors by ensuring current user affiliation with the institution, and reduces the need for password maintenance by the vendor, and need for multiple passwords by the user. For more information on Shibboleth, please see the Shibboleth web page at http://shibboleth.internet2.edu/

Resource/Service Providers active in other federations: This is a good place to start when looking for vendors that already run Shibboleth.

Joining a Federation

Federations provide a way for member institutions and vendors to define a standard for how Shibboleth authentication information will be transferred between member institutions. This saves time in the vendor negotiation process, as all attributes are agreed upon by the federation members.

Conference Call Minutes

If you are interested in the background of InC-Library, you are welcome to peruse the Conference Call Minutes.

Highlights: Understanding the Problem

Use Cases - Why campuses consider the hybrid option.

Presentations - Background on Shibboleth, EZProxy and the hybrid solution, and how it all works.

Shibboleth - This open-source software provides single sign-on convenience and the ability to leverage your local identity system for user access to protected resources.

EZProxy - The widely-used rewrite proxy.

Background -  Reasons for adopting Shibboleth and the hybrid solution.

Resource/Service Providers active in other federations

Conference Call Minutes - The record of the collaboration's discussions and decisions.