Minutes - InC-Library Collaboration - July 24, 2009
*Attending*
Steve Carmody, Brown University (chair)
Paul Hill, MIT
Thomas Howell, Northwestern University
Randy Junus, Michigan State University
Dave Kennedy, Duke University
RL Bob Morgan, University of Washington
Mark Scheible, North Carolina State University
Ann West, Internet2
Foster Zhang, Johns Hopkins University
Fred Zhang, Michigan State University
Dean Woodbeck, Internet2 (scribe)
*************
Vendor Subgroup Report
Dave Kennedy reported that the vendor subgroup has continued its individual investigations and has begun working directly with vendors concerning Shibboleth access to services. The group has started building a registry of Shib-enabled services and has polled the top 10 vendors to get answers on how and what they've implemented. A summary of responses to date is available at https://spaces.at.internet2.edu/x/2IFz
Two of the 10 vendors have indicated an interest in joining InCommon (Thompson Reuters and BioOne). Many of the others are either current InCommon members and/or are established in the Shibboleth community.
In doing this poling and compiling the registry, the subgroup is starting to understand the similarities and differences among the vendors, as well as getting a sense for what libraries would like to see from SPs. The group plans to document best practices for vendors, likely calling on interested vendor representatives to help. The subgroup may also develop recommendations for libraries.
There was a discussion about entitlement values (such as CommonLibTerm) and why they aren't being used. Dave Kennedy commented that he is going to start contacting SPs that Duke works with and ask them to start using the value. Bob Morgan said that communications to SPs by groups of libraries lets the SP know that such things are an issue for those in the federation.
There was also a discussion about walk-in patrons and the creation of the LibraryWalkin value following extensive conversations about a year ago. In fact, the MACE-Dir working group's recommendation is to use the LibraryWalkin and eduPerson affiliation values, but this has not been widely promoted in the right places.
Steven Carmody pointed out some of the factors that led to the creation of entitlement values - including situations where some populations had broader library access rights than the entire community. For example, those associated with medical schools, business schools and law schools, for example, would have access to additional resources, as compared to a typical undergraduate. There has, however, been a lack of momentum in the U.S. library space over this issue in the last couple of years and several European countries are now in the forefront.
The next step in this process might be the idea of microlicensing, in which students in specific courses have access to certain specific articles or other resources. The concept is that an attribute-based approach might enable that.
Steven asked if campuses have these sorts of situations and, if so, whether there is interest in addressing this with Shibboleth. There was interest expressed, not just for professional schools but also for affiliated organizations (such as research labs).
Currently, people try to manage such situations with IP addresses, but that does not work well. With a cooperative vendor, it is feasible to use Shibboleth and attributes to present entitlement values for access to resources by some subset of the campus population. When a user signs in, the SP would receive an entitlement value to filter such access. But there aren't any examples currently of such an arrangement.
There are examples of using Shibboleth and EZProxy to provide such access by creating EZProxy groups and mapping users into these groups based on Shibboleth attributes. Students from the law school, for example, would be part of a "law" group.
Dave Kennedy presented the example of providing only medical students access to a medical journal by using proxies. This model breaks down, however, when the publisher has multiple journals and you want to limit access to just one.
In addition, Paul Hill pointed out that more vendors are providing direct Shibboleth access, which means users don't always have to go through EZProxy. For such situations, MIT is looking at a resolver plug-in on the IdP.
Steven suggested that the use case subgroup identity the set of use cases related to this sort of special permissions for various subsets of a campus population, including identifying the situations that this collaboration group needs to worry about. It would also be useful to figure out if there is an existing campus that is equipped to explore addressing this situation with attributes. In developing this use case, it would be good to describe the situation and constraints, while remaining technology-neutral. So the use case might be "the campus community has access to articles 1-100 from vendor X. The medical faculty also has access to articles 101-150 from the same vendor."
*************
Use Case Subgroup Report
Thomas Howell reported that the use case subgroup is working on adequately describing all of the use cases. They have spent time developing a template for describing use cases as a way to standardize the information. The wiki includes the template, plus use cases developed using the template. At this point, the wiki also divides the use cases into categories of basic and advanced. There is also a place to write up cases that are vendor- or situation-specific.
Two of the areas that have consumed the most time and energy are Shibbolizing EZProxy (at least one campus is working with Refworks on this), and accommodating walk-in library patrons. It seems that there are as many ways to deal with the walk-in situation as there are libraries; however, the group is going to try describe some of the more common and/or generic ways for doing this.
To summarize the subgroups approach, they will 1) start with use cases that would arise from a campus using an EZProxy/Shibboleth hybrid; 2) then write up the more advanced use cases (where some edge cases start to appear); and 3) then worry about vendor-specific approaches.
*************
Next Steps
The consensus was that the subgroups will meet during the next three weeks and the entire collaboration group will convene on August 21.