InC-Library Use Case Subgroup Notes - May 29, 2009
----------
*Attending*
Thomas Howell, Northwestern (chair)
Steve Carmody, Brown University
Andy Dale, OCLC
Lynn Garrison, Penn State
Paul Hill, MIT
Tim Mori, North Carolina State University
Rich Wenger, MIT
Heather Townes White, University of Saskatchewan
Dean Woodbeck, Internet2
----------
*Discussion*
Use Case subgroup wiki:https://spaces.at.internet2.edu/display/inclibrary/Use+Case+Subgroup
Andy Dale - will be writing up user profiles and place on the wiki (in Category 5)
Rich Wenger - Meeting next week with licensing people. He will have a clearer definition of use cases and will post those to the wiki (in Category 6)
Paul Hill has added extensive discussions from the MACE-Dir mailing list from awhile ago:https://spaces.at.internet2.edu/display/inclibrary/MACE-Dir+discussion+extracts
Paul has also added the initial email sent to the walk-in subgroup:https://spaces.at.internet2.edu/display/inclibrary/walk-in+initial+thoughts+4-29-09
Steve Carmody has notes from the initial walk-in call and will post to the wiki (Cateogry 1, walk-in page)
----------
*Other Use Cases*
A user tried to authenticate with something like OpenID? Exampel: A visiting HS student is in the patron database and has access to some things, but not others.
MIT - Library looking to affiliate with various quasi-formal groups outside of MIT. Some people may authN through OpenID or InCommon and MIT needs to make some fairly granular decisions as to who can get to what, depending on licenses.
A visiting scholar wants access to materials at their host institution, but they are authenticating with the credentials from their their home institution.
Can Shibboleth handle a case in which the library has an IdP separate from the campus IdP?
----------
A number of other potential use cases were discussed. Most are now listed under Category 7 and Category 8 on the wiki:
Category 7: Abstracted Library Authentication and Authorization Models
• We have mediating authentication/authorization application
• We have individual staff/back office access versus individual user/client/patron access
• Differentiated experiences for two groups of users because their grouping information/attributes have been exposed.
• Non-differentiated experiences for two groups because their grouping information/attributes have been hidden.
Category 8: Uncategorized Cases
• On-phone or in-person user verification - Phone in problems to library staff and needs help with access or an action like putting a book on hold and the librarian wants to verification.
• User goes to external service (abstracts), does a search, finds a useful open link hit, goes back to campus, goes directly to the referenced article. Do this from home to a Shib-enabled resource.
• Circe Dynex: Shib-enabling a java app.
• Replacing existing Java applications which store user password tables in the clear (either DB or in file on the file system)
• Shib-enable staff access in addition to patron users
• Instructor wants to add a deep link to a course in an LMS system and we want the link to work no matter where the user happens to be. The link has to be durable from year to year.
• Blackboard
• An instructor chooses a list of books in the OPAC and then wants them to be automatically pushed into the eShelf of students so that they can view them while inside the LMS.
• Federated Search which returns results that a user is allowed to view.
• Federated Search which returns results that are based on facets related to a group (or other Shib attribute)
• Refworks
• Two separate federations accessing the same SP
• Two separate Shib-enabled IDs, ie. I have campus credentials and I also have an account with some other organization, like the ALA or ACM
• How to link two identities (i.e. - a user has credentials from two different IdPs. Can the access that each identity provides be cumulative?)
Additional questions:
• Primary and tertiary sets of attributes
• uApprove (developed by Swiss federation) - allows users to approve/disapprove attribute release
• How does a user know which sites should be properly accessible via Shib?
• How does a user know the state of their various cookies as associated with their ID?