Background
Business Operations Use Cases
Academic and Research Use Cases
Residential Life Use Cases
Main Library Use Cases
Branch Library Use Cases
Guests and Non-Traditional Affiliates Use Cases
Background
A question that we need to ask ourselves is why do we need to document various technology approaches and their associated use cases? The answer is simple, we need to create an understanding of the benefits of using Shibboleth to solve issues of managing resource access. Several other specific reasons that we have identified are: use cases are meant to help make a policy decision to shibboleth enable a resource, use cases also assist in trying to promote this technology to the administration, third it helps people formulate internal policy, and finally use cases are less focused on a specific technology and more focus on the user of the library and how they utilize the library to meet their needs.
We also wish to generate documentation to support cookbook solutions to many of the use cases below. Also as a result of clarifying use cases we hope to attract additional shibboleth enabled (and to-be-shibboleth-enabled) vendors to InCommon and thereby to the member institutions of InCommon. We need to identify additional local applications directly supported by libraries and/or other large intra-university divisions who support various library functions.
A large portion of the use cases touch on various aspects that will require Shibboleth enabling the proxy system. We need to investigate the "friends of the library" & POI groups (as well as others as of yet unidentified groups) into the Shibbolized access to resources (for libraries currently, these groups are only stored in the library ILS system). Eventually we need to reconcile campus federations and the InCommon federation.
Another big issue to investigate are Federated Service Providers. At present there are approximately 100 information providers in the U.K. federation; the U.S. lags in getting vendors into InCommon. At Brown, for example, the librarians believe that getting the 15-20 most-used external resources Shib-enabled would take 90-95 percent of the traffic off the proxy server. On customer surveys, users complain more about the proxy than everything else combined.
Also, regarding ARPs and Privacy Tags, due to the laborious requirements of releasing information fields that are stored in LDAP it would behoove us to look at ways to determine how to handle having users make decisions about which attributes third-party providers will receive. Brown is most of the way through a deployment of uApprove, which allows users to see which attributes are about to be released and to approve/disapprove. These processes will require education of the users as to the process, but also that disapproval will prevent access.
The first product of the following uses cases should be a "Getting Started Guide" which helps to outline what steps a user should take to resolve the issues explored here. Keep in mind that though a lot of these use cases relate specifically to libraries, it is possible to extrapolate to other portions of a university or institution that have similar needs.
Business Operations Use Cases
Like any large organization, libraries must manage employees and finances, purchase equipment and services, and maintain records for their own internal and for external (or regulatory) purposes. A host of access management use cases arise in our business unit, many of which share strong similarities to equivalent use cases in the private sector, but some of which may differ as a result of qualitative differences in the way our institutions conceptualize institutional business processes. Here are some representative use cases that evolve from the business operations environment (note this description was borrowed from the Camp wiki documentation):
- Budget Access by Director and Assistant (Example) - Sarah is the new Director of Facilities Management. As the Director, she has the authority within the institutional ERP system to manage the access rights afforded to other individuals with respect to fund codes within Facilities Management. The Director wishes to have her administrative assistant process monthly budget reconciliation statements for her non-salary fund codes, but wishes to manage her salary fund codes directly. She explicitly grants her administrative assistant access to read and reconcile transactions against her non-salary fund codes in the ERP, but leaves herself as the sole individual with access to her salary fund codes. (Single authority identified by organizational hierarchy grants by fiat to single subject multiple privileges on a single target resource constrained by resource scoping)
Academic and Research Use Cases
Residential Life Use Cases
Main Library Use Cases
Library Patron wishes to access a journal online
- A user accesses the library website in the hopes of using the federated search to identify sources of information on elephants. Et cetera.
- The basic use case for EZProxy integrated with Shibboleth involves a flow for interaction between a user and a Library website containing a listing of various web accessed resources and services, such as, but not limited to, various e-journals and research databases. This website uses the EZProxy application to proxy authorized access for users of the library thus allowing them to utilize resources and services. Users are intended to be able to login via some mechanism to authenticate themselves to a group with certain pre-defined authorization privileges based on a variety of attributes possibly associated with the user. The most basic grouping is an authorized patron or member of the community, which may be construed as including but not limited to staff, faculty, alumni and other groups. The browser user has a variety of possible starting points within the website that may take them to the external resource provider directly or which mediates via EZProxy. The threshold trigger for the event occurs when the interaction flow results in an attempt to access restricted resource."
Note: the following two use cases are adaptations of the "bedtime story," broken down into distinct use cases. Please remove this note once the use cases have been accepted.
Student Access to Library Searches with SSO
- Jane is in the library ready to do research for her Bio 301 class. She has three articles to read that are all available online. Fortunately, the library at Mass State U subscribes to all of the databases she will need. While she doesn't realize it (nor does she need to), each article comes from a different database provider: Elsevier, EBSCO, and JSTOR. The ideal situation is for Jane to be able to reach all three articles directly, without having to sign on to three different services and without having to do a search once she gets to a database (in other words, she access the article's "deep link" directly). She also thinks it would be nice to be able to save her search for future visits.
- Jane now decides that, while she is in search mode, she will look for additional articles for her topic. She goes to MedLine (an abstracts DB), and starts searching. She finds an interesting article, and clicks the OpenURL button. She is able to access the article, again directly and without having to sign in again.
- Still motivated to search, Jane goes to the campus library catalog to look for relevant books. The books she needs are either checked out or are not available locally. She clicks a button and is taken to the inter-library loan system. She is able to order the books via the loan system without having to sign in again.
Professor unable to leave the office and access work online
- Professor Moriarity has a deadline to meet and doesn't have time to get to the campus library. He signs on to the library's catalog from his office computer and does a search for the book and article he needs to complete his NSF proposal. He finds the book in the library catalog and checks a box to take advantage of the library's campus delivery service.
- The prof finds the article in one of the databases to which the library subscribes. He accesses that database without needing to sign in again. He is taken directly to the article, without having to go to the database provider's home page.