InC-Library Phase 1 Summary

Why should I implement the Shibboleth-enabled Rewrite Proxy?

Enabling Shibboleth authentication for the rewrite proxy has a number of immediate advantages

Benefits to users

  • Single password for campus and proxy access
  • No user-side configuration needed - this is a great benefit particularly in lockdown environments

Benefits to librarians

  • Reduced cost of support from user side configuration and lost passwords

Benefit to library administration

  • The rewrite proxy provides a source of central usage statistics ("foot traffic") that can be used independently or in conjunction with vendor-provided usage statistics.

Why should I provide access to Shibboleth-enabled vendors with the Rewrite Proxy?

Taking the first step of enabling Shibboleth for the rewrite proxy solves a number of problems with providing remote access to resources, but accessing individual vendors with Shibboleth provides additional functionality and decreased support and maintenance costs

Benefits to users

  • Single password for campus service and proxy access
  • No user-side configuration needed
  • Integration with personalized vendor functionality - in addition to a single password for remote access, they can use the same password to access their personalized features on the vendor site

Benefits to librarians

  • Reduced cost of support
  • Less IP and proxy maintenance with 80% case - by providing Shibboleth access to high-traffic resources, libraries can route all traffic through the local proxy, reducing the need to maintain large IP lists with the vendor.
  • Permits a gradual rollout of Shib-enabled resources while keeping user experience consistent

Benefits to vendors

  • Authoritative validation
  • Easier breach investigation
  • No maintenance of password information

Benefit to library administration

  • Central usage statistics ("foot traffic") - depending on your data collection and privacy policies, the proxy proivdes a central foot traffic log, as does Shibboleth. In addition, Shibboleth can provide additional data to permit summarizing access information by demographics and attributes.

If I have a Shib-enabled rewrite proxy, why access resources through Shib?

  • Don't have to maintain IP's with Shib resources
  • If 80 percent of cases handled through Shib, possible to route the rest of the functionality through a router, effectively eliminating the need for IP maintenance

Benefits to users:

  • In addition to a single password for remote access now a single password to also access their personalized features

Benefits to our librarians

  • By using shibboleth for the high traffic resources, can route all traffic through local proxy, reducing the need to maintain large IP lists with the vendor.
  • SSO enabled proxy allows for gradual integration of Shibboleth-enabled resources with a minimum of impact to the user

Benefits to Vendors

  • Authoritative validation
  • Being able to more quickly identify and resolve breach issues
  • No maintenance of passwords by the vendor

Benefit to library administration

  • Depending on your data collection and privacy policies, the proxy provides a central foot traffic log, as does Shibboleth. In addition, Shibboleth can provide additional data to permit summarizing demographic information.

Basic Use Cases

  • Connecting from known URL (library)
  • Connecting from unknown URL (Google scholar, email link)
  • Moving between resources
  • Using federated search

Basic Use Cases - Configuration

  • Walk-in user on library public machine
  • Known user on a library public machine
  • Known user on campus-assigned machine
  • Known user on off-campus personal machine
  • Known user on off-campus lockdown machine

Licensing configuration scenarios

  • Restricted to subset of authorized users
  • Restricted to subset of locations

Current issues and barriers to adoption

  • Implementing at campuses
    • Communication with IT
    • Available technological expertise/technical overhead
  • Streamlining activation process
  • SP membership in federation
  • SP functionality
    • Consistency - implementations vary widely among vendors. User experience needs to be consistent and intuitive
    • Process
    • Seamlessness of hybrid situation
  • Shibboleth functionality

Recommendation for Focusing Efforts

  • Identify popular resources (i.e. 15-18 vendors represent 80 percent of traffic)
    • Shib-enabled?
    • InCommon participant? Provide info and use cases
  • Developing best practices for content providers
    • Support for the unique identifier for personalized functionality
    • Implementation consistency
      • WAYF appearance
      • Login easily visible
      • WAYF-less interface
  • Learn from UK Federation
  • No labels