Holly Eggleston, UCSD Shibboleth and Library Resources InCommon Library/Shibboleth Project.

Slides:



Advertisements
Similar presentations
eduroam Delegate Authentication System with Shibboleth SSO
Advertisements

EVERY CONNECTION has a starting point. EVERY CONNECTION has a starting point. WorldCat Navigator - Authentication Library Hosted Navigator EZproxy and.
OhioNET EZProxy Service
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.
Remote User Authentication in Digital Libraries
ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Filling the Gap Between Vendor & User Practice Denise Troll Covey Associate University Librarian, Carnegie Mellon DLF Forum, November 2002.
NJVid New Jersey Video Portal 1 Grant partners. NJVid New Jersey Video Portal 2 NJTrust - New Jersey Identity Trust Federation NJViD Advisory Board Meeting.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Online Library Remote Access Through Proxy Server Student: Paruyr Hovakimyan Supervisor: Albert Minasyan Referee: Aram Hajian.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Shibboleth: Improving Access for Library Users InCommon Library/Shibboleth Project Holly Eggleston, UC San Diego.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 STRIDE towards 2-factor Web SSO Rich Graves October 2014 GIAC GSE, GCIA, GCIH, GPEN,
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
University of Kentucky Proxy Service Presentation By Kelly Vickery
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.
Shibboleth Architecture and Requirements Shibboleth A New Approach to Web Based Access Control CNI April 4, 2005.
Single Sign-On Offerings Dustin MacIver EBSCO Publishing 6/4/2011.
Education roaming Secure Wireless Service for Research and Education.
Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.
Copyright JNT Association 2005Copyright JNT Association An Introduction to Access Management and the UK Federation Simon Cooper.
Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.
NELLI - INFORMATION RETRIEVAL PORTAL. NELLI Information retrieval portal National ELectronic Library Interface One interface to all material –Licensed.
Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.
10 years of HEAL-Link Trieste, Italy. Increase of electronic journals accessible to the members of HEAL-Link
GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,
Shibboleth for Real Dave Kennedy
Libraries & Learning Technologies Web Access Management: The AUC Experience Casey Grimmer, Head Daniel Blucker, eResources Research & Information Services.
Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.
David Kennedy, UMD Shibboleth and Library Resources Internet2 Library/Shibboleth Project.
Openness and Extending Blackboard Software Asbed Bedrossian Otto Khera USC.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Shibboleth: An Introduction
MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.
US of A and A Activities Ken Klingenstein, Director Internet2 Middleware Initiative.
Terminal Services Technical Overview Olav Tvedt TVEDT.info Microsoft Speaker Community
1 herbert van de sompel CS 502 Computing Methods for Digital Libraries Cornell University – Computer Science Herbert Van de Sompel
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Shibboleth: OSU Early Adoption Scenarios Scott Cantor April 10, 2003 Scott Cantor April 10, 2003.
Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
Holly Eggleston, UCSD Beyond the IP Address: Shibboleth and Electronic Resources InCommon Library/Shibboleth Project.
Some thoughts on Authentication in general….and Shibboleth in particular James Mouw Asst. Director for Technical and Electronic Services The University.
Federations: The New Infrastructure Speaker Name Here Date Here Speaker Name Here Date Here.
User and Device Management
Shib Enable: Taming the beast Ken Klingenstein Director, Internet2 Middleware and Security.
Jakob Gadegaard Bendixen, Shibboleth protected proxy servers a case study from the Danish library sector.
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)
Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.
ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
LIGO Identity and Access Management
Shibboleth Project at GSU
Third Party Applications: EZproxy
The Move to Hosted Ezproxy Experienced by Texas Tech University
Shibboleth Implementation in EZproxy
Enterprise Single Sign-On
ESA Single Sign On (SSO) and Federated Identity Management
Getting Started.
Linking Users, Resources, & Data Driven Decisions with OpenAthens
IP Filtering is Obsolete Where do we go from here?
Overview and Development Plans
Getting Started.
System Center Marketing
Shibboleth 2.0 IdP Training: Introduction
Presentation transcript:

Holly Eggleston, UCSD Shibboleth and Library Resources InCommon Library/Shibboleth Project

Holly Eggleston, UCSD What is the Library/Shibboleth Project? Established 2007 Five universities + Internet2 Campus IT, Library IT, Librarians Adding Shibboleth to existing library services

Holly Eggleston, UCSD Current focus of Library/Shibboleth Access control and licensed electronic resources Identify user scenarios Document business practice and technology issues Test solutions

Holly Eggleston, UCSD Why are we here? Shibboleth adds value to library resources There are issues, but they’re solvable Successful deployment is possible

Holly Eggleston, UCSD Electronic resources backgrounder Ten years of growth Prevalence of home computing Increase in distance education Convenience and user expectation Hundreds of vendors, thousands of resources Significant part of the library collection budget Access and use restrictions Substantial work to integrate this seamlessly

Holly Eggleston, UCSD What's wrong? Remote access is problematic Too many passwords make chaos Maintaining IP’s is time consuming and unreliable

Holly Eggleston, UCSD How can we fix it? Remove need for user-side configuration Single sign on Manage IP’s locally … or not at all

Holly Eggleston, UCSD What do we want? Integrated access to licensed library resources regardless of user location Consistent user experience for authentication Reduced maintenance overhead for library resources Reliable authentication for vendors

Holly Eggleston, UCSD How do we get there?

Holly Eggleston, UCSD Scenario 1 - IP validated resource, on campus User Nature.com IP Validated Resource

Holly Eggleston, UCSD Scenario 2 - IP validated resource, off campus User Nature.com Proxy / VPN IP Validated Resource

Holly Eggleston, UCSD What is Shibboleth? Open source standards-based web single sign-on package Leverages local identity management system Enables access to campus and external applications Protects users’ privacy Helps your service partners Plays well with others

Holly Eggleston, UCSD Scenario 3 - Shib-enabled resource anywhere User Science Direct IdP Shibboleth-enabled resource

Holly Eggleston, UCSD Scenario 4 - Shib-enabled resource, on campus User Science Direct IdP mod auth location Shibboleth-enabled resource Guest / known

Holly Eggleston, UCSD What is EZProxy? Proxy access for off-campus resources Inexpensive Library-focused Server side proxy Acts as virtual server/client Rewriting URL's SSO authentication

Holly Eggleston, UCSD Scenario 5 - Single sign on proxy, off-campus User Science Direct Nature.com EZProxyIdP mod auth location Shibboleth-enabled resource IP validated resource Library Home Page

Holly Eggleston, UCSD Options for access Local Config Needed Proxy Maintenance Vendor IP Maintenance Separate Credentials Web ProxyYes VPNYesNoYes ShibbolethNo Shibboleth + EZProxy NoYesNo

Holly Eggleston, UCSD Library concerns with Shibboleth Communication with campus IT Privacy Privacy with individual vendors Privacy across vendors Session persistence Walk-in users Library patron database integration Are Shibboleth benefits worth the effort?

Holly Eggleston, UCSD Benefits to using Shibboleth in libraries Easier off-campus access of resources Simplified user authentication experience Personalization of services without releasing identity Centralized authentication maintenance

Holly Eggleston, UCSD Currently under investigation Eliminating need for vendor IP maintenance by routing all activity through proxy Using Shibboleth as central "foot traffic" log for measuring resource use Best practices for persistent URL's Role of federation in licensing and enforcement

Holly Eggleston, UCSD Next steps – Library/Shibboleth Project Actively partner with other federations Coordinate with Shibboleth-enabled vendors to join InCommon Encourage adoption of Shibboleth by US institutions and libraries Conducting pilots to validate approaches Recommending best practices and solutions to common use cases Community information sharing

Holly Eggleston, UCSD Shibboleth-enabled information providers American Chemical Society Atypon CSA EBSCO Elsevier Science Direct Exlibris EZProzy JSTOR Literary Encyclopedia OCLC WorldCAT OVID/SilverPlatter Project MUSE Proquest Safari (underway) SCRAN Serials Solutions Springer Thomson Gale Thomson ISI (underway)

Holly Eggleston, UCSD What can you do? Implement Shibboleth locally Explore local issues and concerns with your library Enable SSO with local proxy Pilot existing SSO vendors Discuss interest in SSO to commercial vendors

Holly Eggleston, UCSD More information

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.