Download - ShibbolethAccess4librarians
Glenn Wearen, HEAnet
Shibboleth Access for Librarians
Identity Provider (IdP)• Authenticates user and provides user data • Personal data and/or non-personal data or none
Service Provider (SP)• Authorises access based on incoming data• Personalises experience based on incoming data• Persists the user experience between sessions• Extends user data with data entered by the user or file
Federation • Trust fabric between IdP and SP, uses SAML protocol
Edugate
And lastly, the User
•Hates being repeatedly asked to login
•Wants one, and only one campus credential (or none at all)
•Will avoid websites that have ‘registration’
•Expects their profile (e.g. search basket, favourite article, alert prefererenes) to available from PC to Mobile Web.
Edugate
Identity Providers• Institutes of Technology• Universities• Research agencies on the HEAnet network• VEC’s
Edugate
– Services Providers ( with a library focus)– Publishers – eBooks, Journals, Databases, Reference Managers
– On-campus services– Repository (eprints, dspace)– Web catalogue (III, Summon)
– Shared services– Collaborations, alliances, groups (e.g MyRI, IReL, LIR,
research.ie)
Edugate
Services Providers currently in progress– Elsevier
Services Providers invited• Westlaw IE
See tracking spreadsheet http://www.edugate.ie/content/edugate-members
Prospective members
How it works?
Library use-cases
Google Search Results.
• Less than 20% of staff start their search on the library website
• 0% in the case of students (http://twitpic.com/c8kakm)
• Where a search result takes a user to a publishers article abstract, and the publisher has ”Institution Login” or ”Shibboleth Login” option for full text of the article.
Library use-cases
Library Systems integrationLMS integration SummonInstitutional Repository (on-campus or hosted)Catalogue integration
A-Z of electronic resources (DCU/CIT/DIT)MARC Record links in catalogue using WAYFless URL or Ezproxy links (Ezproxy supports Shibboleth login)
Reference Manager tools (Endnote Web/RefWorks)OpenAthens LA/MD integration
Edugate on Campus
IT department sets up identity provider service (IdP)
Any other department can opt to accept a federated login (SP)• Teaching and Learning (VLE)
• IT Services (email)
• Library (LMS,IR)
• Same login credential and login session
How to get publishers to participate?
• Have publishers used guest wifi access to justify higher licence costs.
• Has the IReL model licence (which includes Edugate) been used?
• Does the publisher offer personalised features?
• Does the publisher expect users to ‘register’?
• Does the publisher offer a mobile app?
• Your campus is preparing for IPv6
How to get Ezproxy into Edugate?• Ezproxy supports Edugate natively• EZproxy login page uses campus identity provider service
• In production at http://remote.dcu.ie (Login)
How to get Millennium into Edugate?• Native support for Shibboleth not available
• III+SSO+Shibboleth• SSO Module cost? Separate server for module?
• Shibboleth integration 1 day of effort approx.
• Patron and Active Directory account must match
• Even without the module, catalogue links to publishers content can still be changed to a WAYFLess url to bypass WAM
• SSO currently in production at http://library.ucd.ie (Login)
How to get Summon into Edugate?• Native support for Shibboleth not available.
• Summon + Ezproxy + Shibboleth
Authorisation
Questions?