ra21 problem statement...ra21 problem statement • access to stm content and resources is...
TRANSCRIPT
![Page 1: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/1.jpg)
RA21ProblemStatement• AccesstoSTMcontentandresourcesistradi8onallymanagedviaIPaddressrecogni8on.• Forthepast20years,thishasprovidedseamlessaccessforuserswhenoncampus• However,withmodernexpecta8onsoftheconsumerweb,thisapproachisincreasinglyproblema8c:
– Userswantseamlessaccessfromanydevice,fromanyloca8on– Usersincreasinglystarttheirsearcheson3rdpartysites(e.g.Google,PubMed)rather
thanpublisherplaMormsorlibraryportalsandrunintoaccessbarriers– Apatchworkofsolu8onsexisttoprovideoff-campusaccess:proxyservers,VPNs,
Shibboleth,howevertheuserexperienceisinconsistentandconfusing– Publishersarefacinganincreasingvolumeofillegaldownloadsandpiracy,andfraud
isdifficulttotrackandtracebecauseofinsufficientinforma8onabouttheenduser– Thelackofuserdataalsoimpedesthedevelopmentofmoreuser-focused,
personalizedservicesbypublishers.– Theincreaseinprivacyandfraudalsoposesasignificantrisktocampusinforma8on
security
1
![Page 2: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/2.jpg)
FundamentalExpecta8onsoftheCommunity
• Researchers– Seamlessaccesstosubscribedresources,fromanydevice,fromanyloca8on,fromanystar8ng
point– Aconsistent,intui8veuserexperienceacrossresources– Increasedprivacyofpersonaldata– Streamlinedtextanddatamining
• ResourceProviders– Abilitytoprovideindividualizedanddifferen8atedaccessforbeXerrepor8ngtogoverning
bodiesandcustomers– Abilitytoofferpersonalizedservicestoaccelerateinsightanddiscovery– Abilitytoensuretheintegrityofcontentonbothins8tu8onalandcommercialplaMorms
• Customers– Minimiza8onofadministra8veburdenofprovidingaccesstoauthorizedusercommuni8es– Maximiza8ontheuseoftheresourcespurchased– Protec8onoftheprivacyofusercommuni8esandadvocacyfortheirsecurity
2
![Page 3: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/3.jpg)
RA21GuidingPrinciples1. Theuserexperienceforresearcherswillbeasseamlessaspossible,intui8veand
consistentacrossvariedsystems,andmeetevolvingexpecta8ons.2. Thesolu8onwillworkeffec8velyregardlessoftheresearcher’sstar8ngpoint,physical
loca8on,andpreferreddevice.3. Thesolu8onwillbeconsistentwithemergingprivacyregula8ons,willavoidrequiring
researcherstocreateyetanotherID,andwillachieveanop8malbalancebetweensecurityandusability.
4. Thesystemwillachieveend-to-endtraceability,providingarobust,widelyadoptedmechanismfordetec8ngfraudthatoccursatins8tu8ons,vendorsystems,andpublishingplaMorms.
5. Thecustomerwillnotbeburdenedwithadministra8veworkorexpensesrelatedtoimplementa8onandmaintenance.Theimplementa8onplanshouldallowforgradualtransi8onandaccountfordifferentlevelsoftechnicalandorganiza8onalmaturityinpar8cipa8ngins8tu8ons.
3
![Page 4: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/4.jpg)
Pilotprogram• PilotprogramthroughQ32017
– Broadspectrumofstakeholders– Addressavarietyofusecases– Includesbothacademicandcorporateefforts
• Selforganized,registeredandtrackedunderthelargerumbrellaofRA21• Feedbackandresultssharedwiththecommunity• Ul8mategoals
– MoveawayfromIPauthen8ca8on–lackofscale– Balancewiththeconceptofprivacy(GeneralDataProtec8onRegula8on2018)– Createasetofbestprac8cerecommenda8onsforiden8tydiscovery
4
Importanttohavemul/plepilotssowecanaddresstheproblemfrommul/pleangles
TheRA21taskforcewillnotbuildaspecifictechnicalsolu/onoranindustry-
wideauthen/ca/onplaAorm
![Page 5: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/5.jpg)
RA21Pilots• CorporatePilot• ThreeAcademicPilots
• TheAcademic(Shared‘Whereareyoufrom’(WAYF))Pilot• PrivacyPreservingPersistentWAYFPilot• Client-basedWAYFPilot
• AllseektoaddresstheUserExperienceforoff-campusaccess
Bytheendoftoday,wearehopingtohavemorepar/cipantsinvolvedineachofthepilots
5
![Page 6: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/6.jpg)
CorporatePilot• Corporatepilotpar8cipants
– PharmaDocumenta8onRing(P-D-R)membercompanies• Roche,GSK,Novar8s,BASF,Abbvie
– Scholarlypublishers• ACS,Elsevier,Springer-Nature,Wiley
• Pilotgoals– Valida8onofSAML-basedfederatedauthen8ca8oninlieuofIP-based
authen8ca8onforaccesstoscholarlyresources.– Poten8allycustomizediden8tyaXributestofacilitategranularusage
repor8ng.– Demonstra8onofaconsistentandstreamlineduserexperienceforuser
authen8ca8onacrossmul8pleSTMpublishersites;regardlessoftheuser’sloca8onanddeviceused.
6
![Page 7: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/7.jpg)
CorporatePilot–Iden8tyLandscape
7
![Page 8: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/8.jpg)
CorporatePilot–Iden8tyLandscape
8
![Page 9: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/9.jpg)
CorporatePilot–Iden8tyLandscapeALLVISITORS
AnonymousAccesstoFreeContent
Ins8tu8onalIden8ty(weknowwhereyou’refrom)
AnonymousEn-tledAccess
IndividualIden8ty(weknowwhoyouare)
KnownUserAccesstoFreeContent+personalizedservices
RA21
Known&En8tledUser
Pseudonymous&En8tledUser
Today’sIPAddressRecogni8on
9
![Page 10: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/10.jpg)
CorporatePilot–ProgressToDate• Pilotofficiallyformedinlate2016• SurveysenttoallP-D-Rcompaniestounderstandiden8ty
managementcapabili8esandreadiness• Part-8mepaidfacilitatorwithsupportfromCCC,GSK,and
par8cipa8ngpublishers• Face-to-facemee8nginMarch2017
– Whiteboardedtheuserexperienceflow• Nowdevelopingclickableprototype• WilltestwithP-D-RusersinMay/June
• Exploringthepossibilityofformingafedera8onamongallP-D-Rcompanies
10
![Page 11: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/11.jpg)
PrivacyPreservingPersistentWAYF(P3W)Pilot
Pilotgoals– ToimprovecurrentShibbolethIden8tyProviderdiscoveryprocess
• Incorporateaddi8onal“WAYFhints”suchasemaildomainandIPaddressintofedera8onmetadata
• Improvesign-inflowusingthoseWAYFhints• Enablecross-providerpersistenceofWAYFchoiceusingbrowserlocalstorage
Pilotpar-cipants(confirmedsofar)– AcademicIns8tu8ons
• MIT– Vendors/ServiceProviders
• PingIden8ty• Proquest• Eduserve
– ScholarlyPublishers• Elsevier
11
![Page 12: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/12.jpg)
CurrentTypicalSignInFlow–Step1
![Page 13: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/13.jpg)
CurrentTypicalSignInFlow–Step2
![Page 14: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/14.jpg)
CurrentTypicalSignInFlow–Step3
![Page 15: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/15.jpg)
CurrentTypicalSignInFlow–Step4
![Page 16: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/16.jpg)
CurrentTypicalSignInFlow–Step5
![Page 17: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/17.jpg)
ImprovedFirst-TimeFlow–Step1
Enteryourins8tu8onalemailordomaintocheckaccess
Emailaddress*
Con8nue
*Youremailaddresswillnotbestored
XRememberthisaccount
![Page 18: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/18.jpg)
ImprovedFirst-TimeFlow–Step2
![Page 19: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/19.jpg)
ImprovedFirst-TimeFlow–Step3
![Page 20: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/20.jpg)
ImprovedNext-TimeFlow–Step1
Choseanaccounttocheckaccess
mit.edu>
+AddAccount
![Page 21: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/21.jpg)
ImprovedNext-TimeFlow–Step2
![Page 22: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/22.jpg)
PreservingPrivacyTechnique Challenge
OnlydomainpartofemailaddressneedstobetransmiXedfrombrowsertopublisherplaMormtoselectIDP
NeedtodefineandtestastandardizedUIthatmakesthiscleartousers
IdPpreferenceisstoredlocallyinthebrowser,retrievedusingcentrallyservedjavascript,notonacentralserver
NeedtoadaptAccountChoosemechanismtosupportSAMLIdPsvsOpenIDConnectAuthoriza8onServers
![Page 23: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/23.jpg)
AchievingthevisionObjec-ve WorkforCoreTeam* Workfor
Par-cipa-ngLibraries
WorkforPar-cipa-ngPublishers
Incorporateaddi8onal“WAYFhints”federa8onmetadata
• AgreeschemaforWAYFhints
• AddnewaXributestoIdPmetadata
• ReadnewaXributesfromIdPmetadata
Improvesign-inflowusingthoseWAYFhints
• DesignnewUIflow(canborrowandadaptfromURApilot)
• TestnewUIflowwithendusersandcollectedfeedback
• ImplementnewUIflowinplaMorm(atleastasaprototype)
Enablecross-providerpersistenceofWAYFchoiceusingbrowserlocalstorage
• AdaptAccountChooserjavascript
• HostmodifiedAccountChooserjavascript
• Educateusers • IncorporateAccountChooserintoUIflow(atleastasaprototype)
*Coreteam=Vendors,PublishersandLibrariesinterestedindefiningtheUXandbuildingthetechnologyforthispilot
![Page 24: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/24.jpg)
Deliverables
• Asetofrecommenda8onsforWAYFhintstobeincorporatedintofedera8onmetadata
• Arecommenda8ononastreamlinedWAYFUIflow
• Aworkingadapta8onoftheAccountChoosersoxwaretomeettheneedsofthepilot
• Areportonexperiencelearnedduringthepilotandthepros/consoftakingitforwardintoproduc8on
![Page 25: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/25.jpg)
WorkBreakdownStructureTherewillbetwoindependentworkstreamsthatcanproceedinparallel:• Incorpora8onofaddi8onalWAYFhintssuchasemaildomain
andIPaddressrangesintopar8cipa8ngfedera8on’sIdPmetadata,andu8liza8onofthismetadatainstreamlinedIdPdiscoveryworkflowsbypar8cipa8ngServiceProviders
• DeploymentofasharedWAYFservicewhichallowsanend-user’spreferredIdPaccounttobeselectedandstoredsecurelyintheirbrowser,andforthischoicetobesecurelyaccessedbypar8cipa8ngSPsthusallowingtheuser’sWAYFchoicetobepersistedacrosssites.
25
![Page 26: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/26.jpg)
Schedule
• ThepilotwillcommenceinQ22017andaimtoprovidefinalrecommenda8onsbytheendof2017
![Page 27: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/27.jpg)
Resources
Thecoregroupwillneedtoincludeindividualswiththefollowingskills/experience• SoxwaredeveloperswithexperienceofSAML,OpenIDConnectand/orwebapplica8ondevelopment
• UI/UXexperts• Individualswithexper8seinSAMLmetadataschemesandstandards
• Projectmanagement
![Page 28: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/28.jpg)
SharedWAYF
![Page 29: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/29.jpg)
Organiza8onalLogin
Publisher
wayf?
![Page 30: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/30.jpg)
Organiza8onalLogin
![Page 31: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/31.jpg)
Organiza8onalLogin
Not a great user experience … but it can be improved!
![Page 32: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/32.jpg)
Organiza8onalLogin…acrosspublishers
Publisher Publisher
wayf? wayf?
![Page 33: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/33.jpg)
UserPerspec8ve
Publisher Publisher Publisher Publisher
wayf? wayf? wayf?
wayf?
![Page 34: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/34.jpg)
UserPerspec8ve
Publisher Publisher Publisher Publisher
wayf? wayf? wayf?
wayf?
➡ Poor Experience!
![Page 35: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/35.jpg)
SharedWAYFPilot
why don’t publishers ask each other
instead of
all asking the user
![Page 36: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/36.jpg)
wayf-cloud
Publisher Publisher Publisher Publisher
wayf? wayf? wayf?
wayf-cloud
wayf?
![Page 37: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/37.jpg)
UserExperiencePossibili8es*
*even for first time visitors
![Page 38: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/38.jpg)
SharedWHAT?
publisher1
en8tyID
randomnumber
randomnumber
publisherid publisherspecificdeviceid
wayf-clouddeviceid
IdPID
![Page 39: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/39.jpg)
UserControl
![Page 40: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/40.jpg)
UserControl
![Page 41: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/41.jpg)
Privacy• non-personaluserdata
• usercontrol
• opt-inop8on
![Page 42: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/42.jpg)
OpenDevelopment
• WAYF-cloudsourcecodeisavailableinapublicrepositoryonGithub
– availablewithanOpensourceSoxwareLicense(Apache2.0)
– nocodeyetpromotedfromthedevelopmentbranchtothemasterbranch
– hXps://github.com/atypon/wayf-cloud/tree/development.
• Why?
– Transparency/Trust/Adop8on
– Novendorlock
– Communitydrivenevolu8on
![Page 43: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/43.jpg)
PilotObjec8ves
• wayf-clouddevelopment
– embraceOpensourceSoxwaredevelopmentmodel
• Easyintegra8ontopublisherplaMorms
• Seamlessuseraccessacrosspublishers
– leverageorganisa8onalauthen8ca8onsystems
– U8lizesharedwayfdata
![Page 44: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/44.jpg)
PilotPar8cipa8on
• Publisherswiththeabilityto
- integratetheirpublisherplaMormsusingthewyaf-cloudAPI
- adaptorganiza8onalloginUIfromsharedWAYFdata
• Organiza8ons&Ins8tu8onswithorganisa8onalauthen8ca8onsystems-alreadyintegratedwithpublisherpar8cipants(orwillingtointegrate)
![Page 45: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/45.jpg)
UXexamples
![Page 46: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/46.jpg)
![Page 47: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/47.jpg)
![Page 48: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/48.jpg)
![Page 49: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/49.jpg)
![Page 50: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/50.jpg)
![Page 51: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/51.jpg)
![Page 52: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/52.jpg)
![Page 53: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/53.jpg)
![Page 54: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/54.jpg)
Architecture
![Page 55: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/55.jpg)
Architecture(Elements)
WAYF Widget
WAYF Cloud
Publisher Platform
client component! Server components!
Institutional IdP
![Page 56: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/56.jpg)
Architecture(Interfaces)
WAYF Widget
WAYF Cloud
Publisher Platform
client component! Server components!
Institutional IdP
![Page 57: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/57.jpg)
WAYFWidget
• Includedincontentsites
![Page 58: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/58.jpg)
web-browser!
URAWidget-inac8on
web-server!
GET https://www.awesomepublisher.com
200 OK index.html set-cookie: localID=xxxx
<!DOCTYPE html> <html> <head> <script src="https://www.wayf-cloud.com/widget.js" async></script> <title>Welcome Page</title> </head> <body> Hello World! </body> </html>
![Page 59: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/59.jpg)
web-browser!
URAWidget-inac8on
web-server!
GET https://berkeley.edu/shibboleth
200 OK index.html set-cookie: localID=xxxx
WAYFcloud
GET https://wayf-cloud.org/ura-widget.js
load widget
<!DOCTYPE html> <html> <head> <script src="https://www.wayf-cloud.com/widget.js" async></script> <title>Welcome Page</title> </head> <body> Hello World! </body> </html>
![Page 60: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/60.jpg)
web-browser!
URAWidget-inac8on
web-server!
GET https://berkeley.edu/shibboleth
200 OK index.html set-cookie: localID=xxxx
WAYFcloud
POST https://wayf-cloud.org/ura/session
body: { localID: xxxxx }
widget execution
GET https://wayf-cloud.org/ura-widget.js load widget
<!DOCTYPE html> <html> <head> <script src="https://www.wayf-cloud.com/widget.js" async></script> <title>Welcome Page</title> </head> <body> Hello World! </body> </html>
![Page 61: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/61.jpg)
WYAFCloud• CloudServiceoperatedbyandagreeduponen8ty• CreatesdevicespecificglobalIDs-storedinacookieinthedomainnameoftheWYAFcloudserver
• MaintainsdevicedataperglobaldeviceID
• Interfaceswith• WAYFWidget
• PublisherPlaMorms
![Page 62: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/62.jpg)
web-browser!
WAYFCloud-inac8onweb-server!
GET https://www.awesomepublisher.com
200 OK index.html
WAYF cloud!
POST https://wayf-cloud.org/ura/session
body: { localID: xxxxx }
200 OK set-cookie: ura/gid=R1.0
<!DOCTYPE html> <html> <head> <script src="https://www.wayf-cloud.com/widget.js" async></script> <title>Welcome Page</title> </head> <body> Hello World! </body> </html>
![Page 63: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/63.jpg)
WAYFCloud-inac8on
Singledevicethatvisitedmul8pleweb-servers(wheretheWAYFwidgetisinstalled)
![Page 64: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/64.jpg)
PublisherPlaMorm
• ConsumesWYAFcloudservices:
– GETdevicedata– PUTdevicedata
• DirectsvisitoruserstoIdPstheyhaveusedinthepast
![Page 65: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/65.jpg)
PublisherPlaMorms-inac8on
platform 1 - localID: B131
{ host: pub1, timestamp: DD-MM-YYYY-HH-MM-SS, sso: { protocol: SAML, entityID: https://xyz.com/shibboleth } }
PUT
![Page 66: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/66.jpg)
PublisherPlaMorms-inac8on
platform 1 - localID: B131
{ host: pub1, timestamp: DD-MM-YYYY-HH-MM-SS, sso: { protocol: SAML, entityID: https://xyz.com/shibboleth } }
platform 2 - localID: A-123
PUTGET
![Page 67: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/67.jpg)
FullExample
![Page 68: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/68.jpg)
samlbitsWAYF
• samlbitsdiscoveryobjec8ves– ImproveIden8tyProvider(IdP)discoveryprocesses
• Useashareddiscoveryservicethatusesbothbrowserinforma8onandsharedmetadatahintstonarrowdownIdPop8onsfortheuserwithouttrackingtheuser
– DeterminethebestwaytopopulatethemetadataregistrywithhintsfromtheServiceProvidersregardingwhatIdPsarelikelytoworkinanauthoriza8onscenario
68
![Page 69: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/69.jpg)
Process–userperspec8ve• Stepone:discoveryservicechecksthebrowser’slocalstoreanddisplaysthelastIdP(orsetofIdPs)usedbytheuser.
• Steptwo:ifthelocalbrowserstoreisempty,oriftheuserchoosesnottouseanyoftheIdPsoffered,theuserwillbepresentedwithasearchinterfaceoralistthatisbuiltbasedonthedatabaseofIdPsthatwillbeknowntoworkwiththatSP(thesamlbitscomponent)
![Page 70: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/70.jpg)
![Page 71: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/71.jpg)
![Page 72: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/72.jpg)
![Page 73: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/73.jpg)
Process–PublisherPerspec8ve• Gooddiscoveryexperiencereliesontwothings:
– Accuratelypredic8nguserneeds• don’tpresentmoreUIthannecessary• understandusercontext• integratewiththewebplaMorm• domobile
– Correctlyrepresen8ngthepublisher-customerlink• makesearchcount• don’tdisappointtheuser
![Page 74: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/74.jpg)
Process–LibraryPerspec8ve• LibrariesmightbetheIdP
– thentheydon’thavetodoanythingotherthanbeanIdP
• Librariesaregoingtobecri8calfortheUXguidance– theUIneedstobebeXeratdisplayingIdPsthatareNOTknowntoworkwithanSP
![Page 75: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/75.jpg)
Moreinforma8on
• hXp://ra21.org/index.php/pilot-programs/client-based-wayf-pilot/
![Page 76: RA21 Problem Statement...RA21 Problem Statement • Access to STM content and resources is tradi8onally managed via IP address recogni8on. • For the past 20 years, this has provided](https://reader034.vdocuments.us/reader034/viewer/2022052521/60a16357bbfc10318c0191dc/html5/thumbnails/76.jpg)
NextSteps
• Followupwiththepilotcoordinatorsandpilotleads– needdevelopers,testers,UIfeedback