Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jakob Gadegaard Bendixen, Shibboleth protected proxy servers a case study from the Danish library sector.

Published byClarissa Dennis Modified over 8 years ago

Similar presentations

Presentation on theme: "Jakob Gadegaard Bendixen, Shibboleth protected proxy servers a case study from the Danish library sector."— Presentation transcript:

1 Jakob Gadegaard Bendixen, jgb@statsbiblioteket.dk Shibboleth protected proxy servers a case study from the Danish library sector

2 Jakob gadegaard bendixen, jgb@statsbiblioteket.dk DEFF Denmark's Electronic Research library Founded in 1998 to provide a joint IT strategy for the Danish research libraries Provides infrastructure and middleware for the libraries

3 Jakob gadegaard bendixen, jgb@statsbiblioteket.dk AAI One of the original visions was to provide a standardized way to handle user administration and access control across institutional borders Did anyone say federation…

4 Jakob gadegaard bendixen, jgb@statsbiblioteket.dk The DEF key This vision was attempted realized through an ambitious project called ‘The DEF key’. A lot of effort was done but the project was dropped due to conflict of interest

5 Jakob gadegaard bendixen, jgb@statsbiblioteket.dk DEFF Services DEFF negotiates licenses for accessing article databases and electronic periodicals for the research libraries Most of these are campus wide licenses and the access control is IP based

6 Jakob gadegaard bendixen, jgb@statsbiblioteket.dk Challenge How do we provide home access for the users such that Only registered users have access Access through ordinary web browser No need for changing browser settings (necessary with ordinary proxy servers)

7 Jakob gadegaard bendixen, jgb@statsbiblioteket.dk LDAP 2001 In 2001 a new project was launched to meet this specific challenge The lesson learned at the DEF key project was that it failed because it tried to be as general as possible So this time one of the goals was to design a solution which met only this specific challenge

8 Jakob gadegaard bendixen, jgb@statsbiblioteket.dk The Solution A network of LDAP servers (one for each involved institution) providing data for a centralized login controlling the access to a farm of rewriting proxy servers

9 Jakob gadegaard bendixen, jgb@statsbiblioteket.dk Central login LDAP Proxy server Service Provider Service Provider Service Provider

10 Jakob gadegaard bendixen, jgb@statsbiblioteket.dk Some Statistics ZZZZZ We have a solution running in production with 40+ user organizations ~ 250.000 users providing access to several hundred databases Configuration lists more than 7.000 domains

11 Jakob gadegaard bendixen, jgb@statsbiblioteket.dk Is it perfect A short answer: no, but it is working 2 single points of failure (login and proxy) Centralized login = potential security issue Performance issue URL exchanging issue

12 Jakob gadegaard bendixen, jgb@statsbiblioteket.dk Shibbolizing the setup In 2005 we ran a pilot project to try to put Shibboleth access control on our proxy farm The EZProxy has already been Shibbolized by the vendor. This version does however not meet our requirements fully

13 Jakob gadegaard bendixen, jgb@statsbiblioteket.dk Identity Provider WAYF Proxy server Service Provider Service Provider Service Provider

14 Jakob gadegaard bendixen, jgb@statsbiblioteket.dk Have you implemented it The short answer: no The building of a Danish federation DK-AAI is in progress and we are awaiting the outcome of this project

15 Jakob gadegaard bendixen, jgb@statsbiblioteket.dk Why use proxies at all Allows to progress in building our federation without having to wait for the resource- providers to get Shibboleth ready Some resource providers probably will not be ready in this decade

16 Jakob gadegaard bendixen, jgb@statsbiblioteket.dk Identity Provider WAYF Proxy server Service Provider Service Provider Service Provider

17 Jakob gadegaard bendixen, jgb@statsbiblioteket.dk Questions and answers jgb@statsbiblioteket.dk www.statsbiblioteket.dk www.deff.dk www.deff.dk/aai

Download ppt "Jakob Gadegaard Bendixen, Shibboleth protected proxy servers a case study from the Danish library sector."

Similar presentations

Athens and Shibboleth ® : the choices Phil Leahy Athens Product Manager.

Athens and Shibboleth ® : the choices Phil Leahy Athens Product Manager.
Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
Joint Information Systems Committee 01/04/2014 | slide 1 Access Management and e-Portfolios What are we trying to protect??? Joint Information Systems.

Joint Information Systems Committee 01/04/2014 | slide 1 Access Management and e-Portfolios What are we trying to protect??? Joint Information Systems.
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
Shibbolising UK Census and ESDS services Lucy Bell Associate Director, Head of Information Systems and Preservation, UKDA 26 May 2005.

Shibbolising UK Census and ESDS services Lucy Bell Associate Director, Head of Information Systems and Preservation, UKDA 26 May 2005.
OhioNET EZProxy Service

OhioNET EZProxy Service
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library

Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library
Remote User Authentication in Digital Libraries

Remote User Authentication in Digital Libraries
ELAG Trondheim 2004 1 Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.

Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.
JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.

JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.
Norman Wiseman JISC Head of Programmes Presentation to CNI Seattle, December 1998 ATHENS ATHENS One Year On Joint Information Systems Committee.

Norman Wiseman JISC Head of Programmes Presentation to CNI Seattle, December 1998 ATHENS ATHENS One Year On Joint Information Systems Committee.
5/25/2015 AEB/Yleisesittely Roaming network access using Shibboleth in University of Helsinki Fall 2004 Internet2 Member Meeting 29th of September, 2004.

5/25/2015 AEB/Yleisesittely Roaming network access using Shibboleth in University of Helsinki Fall 2004 Internet2 Member Meeting 29th of September, 2004.
Deliver your Technology-Based Labs with VMware Lab Manager 5/6/2010 Michael Fudge.

Deliver your Technology-Based Labs with VMware Lab Manager 5/6/2010 Michael Fudge.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.

May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Using a Third-Party Proxy System with the Innovative Patron API Emalee Craft, Jennifer Ward University of Washington Libraries Innovative Users Group Meeting,

Using a Third-Party Proxy System with the Innovative Patron API Emalee Craft, Jennifer Ward University of Washington Libraries Innovative Users Group Meeting,

Similar presentations

Ads by Google