Versions Compared

Old Version 2

changes.mady.by.user user-e06a9

Saved on

compared with

New Version 3

changes.mady.by.user user-e06a9

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This subtasks deals with the pilots for Libraries. We distinguish three types of pilots to be addressed:

  1. The high level goal of this pilot is to involve end-users (Libraries) in the identification and hands-on implementation of relevant solutions to support their migration from IP-based authentication against publishers' online resources to the SAML (federated) approach: A library might have in place its federated IDP to authenticate users against, and be willing to access both federated and non federated SPs through an SSO-proxy. 
  2. Libraries will have to access both SAML-resources and non-SAML ones; more over, they might make use of contracts in place already with publishers relying on IP-based AuthN, and be willing to access both kind of resources (SAML & non-SAML). Therefore also the case of accessing SAML-resources (SPs) by providing to them attributes released in the base of the IP address is a relevant option for a use case to be demonstrated as a high-level goal for this pilot.
  3. A third high level goal is to evaluate the possibility to demonstrate the use case of a proxy portal in place for many libraries to be willing to access resources based on IP based Authentication.

 

The use case

  • To date, many library resources like journals and tools are not accessible with an institutional account. To restrict access to such resources, libraries still rely on ip-address based access control
  • Libraries need to maintain the correct ip-address ranges themselves but regard this approach as too labor intensive and inaccurate
  • Users are confronted with inconsistent and confusing (if-this- than-that) user interfaces
  • Often, citizen scientists are not affiliated with an institution and lack a verified institutional account to obtain access to restricted library sources

Proposed and piloted solutions to address these issues

  • We established a proxy to be used by libraries to give access to restricted content no matter whether the (content) provider supports SAML or not. This approach is not new and offered as a solution called EZ-proxy but apparently many libraries are not aware of its existence
  • By adding functionality to handle access requests from walk-in users (citizen scientists) we can kill two birds with one stone
  • At the same time a proxy provides clues for "branding" of the access gateways e.g. the national library organisation...



This resulted in the following setup

Image Added

 

A more detailed description of the first part of the pilot (SAML-IPaddress bridge) is available here: EZ proxy as Federated Access Mode Switch - Guide for Libraries

A descriptions of the work that concerns the walk-in user topic will follow soon.