SlideShare a Scribd company logo
[AMP meeting title slide] Access Management for Libraries  John Paschoud and Masha Garibyan London School of Economics   Joint Information Systems Committee Supporting education and research Access Management  Programme meeting, May 2007
Why fix what ain’t broke? Our Athens authentication system seems to work quite well, and has done so for several years. Why has JISC decided to change to something different?
Why “Federated Access Management”?   Moves closer to the single sign-on ideal  - users need not remember so many passwords Aligns with international convergence on  Shibboleth/SAML compliant technology - wider market for suppliers Avoids the need to maintain a central Athens-type database - by JISC/Eduserv  and  by participating libraries Open Source and Open Standards –based - so tools can be developed by participants and shared Supports internal applications, collaborative inter-institutional sharing of resources, and virtual organisations
Is that all? Is that all?
Is that all!?!?  Improved security for resources, so publishers happy  - they also don’t have to pay a licence fee (as they do for Athens), nor maintain campus IP address ranges Because the access is role-based rather than identity-based there is improved privacy for users Supports the trend towards a devolved / distributed model for access management Authentication by the end-users’ institution Authorisation by the resource owner Suited to the demands for more mobile access – from home, travelling, or working at other institutions or libraries
So what is Shibboleth? OK, sounds convincing, but what is Shibboleth?
What is Shibboleth?   Actually, “Shibboleth” is just an enabling technology that lets us  do Federated Access Management  but just to satisfy your curiosity… An initiative (of Internet2) to develop an architecture and policy   framework supporting the sharing – between domains – of secured web resources and services A project delivering an open source implementation of the architecture and framework Deliverables: Software for  Identity Providers   (universities, libraries) Software for  Service Providers   (publishers …and universities, libraries) Policy models for  Federations   (scalable trust) … and they have a nice logo!
What are the costs and benefits? What are the costs and benefits  for our library of migrating to  Federated Access Management?
Costs/Benefits of FAM?   Costs: Institution’s directory must be in good shape and set up to support an Identity Provider (IdP) Shibboleth (or compatible) middleware needs installing and maintaining Benefits: Reduced overheads in password support No difference in on-campus and off-campus access More flexible access control – e.g. different categories of users to different levels of access (or none) to a resource
Any other capabilities? Are there things Shibboleth can do that Athens cannot? … sorry! I meant  “Federated Access Management”! What extra things can we do with it?
The Other Capabilities of FAM?   As well as acting as an  Identity Provider , your institution would  be able to set up its repository, e-learning or any other service as a  Service Provider as LSE has done for Exam Papers and other ‘members only’ collections This will facilitate sharing of resources within the academic community you can provide controlled access to users from other institutions, without needing to administer usernames/passwords for them as LSE and Columbia (NY) did for a collaborative Anthropology teaching project (DART) The fine-tuning of access control possible (using directory attributes) can be used to restrict confidential or sensitive data to those whose roles allow this
(the LSE Exam Papers collection – secured with Shibboleth)
So how do we get Shibbolised? What will our library need to have in place and do in order to migrate to Shibboleth?  What ‘infrastructure’ is required?
What infrastructure is required?   Within your Library / Institution: IdentityProvider (IdP) site  – Required Enterprise Infrastructure Authentication service (e.g. Yale-CAS, Pubcookie, or just webserver authentication) Attribute repository (directory) Shibboleth-compliant IdP service (e.g. Shibboleth, Guanxi or AthensIM software) At your Publishers / Aggregators / e-Resource Providers: ServiceProvider (SP) site  - Required Enterprise Infrastructure Webserver (Apache or IIS) Shibboleth-compliant SP service (e.g. Shibboleth, Guanxi or AthensIM software) Logic to make Authorisation decisions based on user attributes collected by SP service (as simple or complex as the service / resources being provided)
Shibboleth IdP architecture GET YOUR LOCAL TECHIE TO DEAL WITH THIS BIT IdP server 8443 Shibboleth SP Web browser (various communications) 443 LDAP server MOD_ SSL Certificate  check MOD_LDAP_ AUTHZ MOD_ JK Apache Tomcat Shibboleth IdP AA (Attribute Authority) HS (Handle Server) idp.xml resolver.xml arp.xml
Is there help out there? What help and support will be  available to our library as we  set about installing and migrating to  Federated Access Management?
What support is there?   JISC information resources at:  http:// www.jisc.ac.uk /federation Including material produced by the extensive programme of Core Middleware and Early Adopters projects The UK Federation has guidance for institutions and publishers wanting to join at:  http://www.ukfederation.org.uk JISC Regional Support Centres, CILIP, CPD25, UCISA, SCONUL and other organisations are running information events Netskills is producing practical training courses for technical staff  Use  JISC-ACCESS- [email_address]   to contact the JISC Support Team
What resources are Shibbolised? I understand that quite a lot of publishers have already joined the UK Federation… But not all e-resources are going to be accessible via Shibboleth overnight.  Will that be a problem for us? … shouldn’t we wait for another year or so,  until they’ve all converted from Athens?
Ah! There’s a Cunning Plan! The Athens-Federation Gateways Federation  -enabled resources Athens authenticated resources Athens national authentication service Athens enabledusers College IdP FAM enabledusers University IdP FAM enabledusers University IdP FAM enabledusers Athens  Fed Fed   Athens
And the Athens Administrator? We have an Athens Administrator. What happens to that role after migrating to Shibboleth?
Athens Administrator role?   Initially to manage the changeover from ‘classic Athens’ to either ‘Shibbolised’ resources, or via the Gateways, and continue to maintain other ad hoc access methods where neither of these options is available As things settle down, there will be the need to maintain the links in your library’s list of e-resources Closer liaison with your own IT people (who manage your institutional directories) may be needed
What’s a Federation? … and what  exactly  does one of these ‘Federations’ do?
What is a Federation?   A group of organisations with a common purpose (e.g. education and research) who trust each other Not  a subscription-purchasing consortium!  but could be related to one or more of those Federation members…  sign up to a set of rules, including minimum standards for Identity Management practices  May have legal status Needs the trust of suppliers Runs the ‘Where Are You From’ (WAYF)  service
What does Shibboleth access look like? So what does access to an e-resource using Shibboleth look like to the end user?
Demonstration: What does FAM look like to an end-user? Elsevier Science Direct – an ‘early-adopting’ publisher … dealing with a global customer base … needs-to-know only whether user is from a licensed institution http://www.sciencedirect.com/   (and use ‘Athens/Other Institution Login’) LSE Projects wiki – a highly-restricted institutional resource … with users spread across 10+ HE institutions (current project partners) … needs to know personal identity and other user attributes https://gabriel.lse.ac.uk/twiki/bin/view/Projects/AboutJohnPaschoud (and then ‘Edit’ this page) Shibboleth Wiki – a global discussion space https://spaces.internet2.edu/display/SHIB/WebHome   (and use ‘Log In’)
Well Shibboleth  can  look like this: And where  they are  from User knows  URL  of resource and that Shibboleth is used
Or, Shibboleth works invisibly behind the library portal Alternatively, on or off campus, you could just go to the list of e-resources in the library’s portal. In the LSE Library’s case our ‘Electronic Library’ is run from Endeavor’s Encompass system: … but it could just be a list on a ‘hand-crafted’ web page
Shibboleth behind the library portal The expanded list shows a link direct to the Service Provider, in this case  Elsevier
Shibboleth behind the library portal If users prefer the route through the library portal, e-resource usage statistics should become more representative After clicking link in library portal:
What do we tell our users? What should we tell our staff and student library users about the change to Shibboleth?
What to tell your users? As little as possible! There is no Athens-type username and password to distribute (and remind of when forgotten or lost) One strand of the change management will be to remove references to Athens passwords from user guides etc  there should be no need to substitute Shibboleth in Athens’ place During changeover, decreasing reliance will be made on Athens passwords some users may need reassuring the library has not lost access to a super-database called Athens! LSE now tells users that “ your LSE Login ” is the default access for everything  … and provides help with the diminishing number of exceptions
From LSE’s Electronic Library FAQs: Many LSE electronic resources can also be accessed off-campus via your LSE login  (network username and password). The FAQ shows how access to e-resources is getting easier, both on and off-campus.
‘ LSE for You’ provides diminishing passwords: The ‘LSE for You’ page, protected by the LSE login, provides the remaining passwords still required for some e-resources.
How did the LSE do it? You were the first installation of Shibboleth in the UK. How did the LSE Library manage the change to Shibboleth?
How did the LSE do it? Installing the infrastructure was surprisingly easy (once we had the first working version of the software!) We chose a ‘cautious’ changeover from Athens access, with careful quality assurance testing of each resource link We were at the ‘bleeding edge’, with over 150 resource collections being accessed by ‘classic Athens’, Shibboleth, the Athens Gateway and EZproxy, and about 20% by all sorts of ad hoc methods The methods used for these tests, a progress bar and a table of the Shibbolised status of those resources can be found on the  [email_address]  website
Shibboleth@LSE Home
Shibboleth@LSE Shibbolisation Progress
Shibboleth@LSE Table of e-Resources
[JISC Conf title slide] The End Joint Information Systems Committee Supporting education and research Access Management for Libraries
Links, Questions and Conclusions JISC FAM Transition:  www.jisc.ac.uk/federation.html UK Federation:  www.ukfederation.org.uk Shibboleth:  shibboleth.internet2.edu Shibboleth@LSE:  www.angel.ac.uk/ShibbolethAtLSE / Other questions? Other issues for libraries? … you’ll think of them later?  [email_address]   or JISC-ACCESS- [email_address]

More Related Content

What's hot (20)

PPTX
OpenAthens Conference 2018 - Adam Snook - Quick wins for an easier user journ...
OpenAthens
 
PPT
Desinging a library portal madhu
kmusthu
 
PPT
Design and development of subject gateways with special reference to lisgateway
kmusthu
 
PPT
Subject information gateway in information technology (sigit) an introduction
kmusthu
 
PPTX
Solving the Challenge of Connecting People and Author Networks
TSoholt
 
PPT
Accessibility Issues
liddy
 
PPT
LOR Characteristics and Considerations
Scott Leslie
 
PPTX
Implementing a Taxonomy in a Content Management Portal
Access Innovations, Inc.
 
PPT
Technical overview of the JISC Information Environment
Andy Powell
 
PPT
Citation Analysis for the Free, Online Literature
Balachandar Radhakrishnan
 
PPT
Object models and object representation
Julie Allinson
 
PPT
Introduction to the Semantic Web
liddy
 
PPT
IR and DSpace - International Seminar, Dhaka University
Md. Zahid Hossain Shoeb
 
PPT
All About E Resources
Louise Penn
 
PPTX
Electronic resources management presentation 2021
chrisokiki69
 
PPTX
Asis&t webinar people directories access innovations
Bert Carelli
 
PPT
From Provider to Portal - a chain of interoperability
Andy Powell
 
PPTX
A&M presentation
Eugenia Beh
 
PPT
Sword Cetis 2007 06 29
Sheila MacNeill
 
PPTX
Jyoti singh
Jyoti Singh
 
OpenAthens Conference 2018 - Adam Snook - Quick wins for an easier user journ...
OpenAthens
 
Desinging a library portal madhu
kmusthu
 
Design and development of subject gateways with special reference to lisgateway
kmusthu
 
Subject information gateway in information technology (sigit) an introduction
kmusthu
 
Solving the Challenge of Connecting People and Author Networks
TSoholt
 
Accessibility Issues
liddy
 
LOR Characteristics and Considerations
Scott Leslie
 
Implementing a Taxonomy in a Content Management Portal
Access Innovations, Inc.
 
Technical overview of the JISC Information Environment
Andy Powell
 
Citation Analysis for the Free, Online Literature
Balachandar Radhakrishnan
 
Object models and object representation
Julie Allinson
 
Introduction to the Semantic Web
liddy
 
IR and DSpace - International Seminar, Dhaka University
Md. Zahid Hossain Shoeb
 
All About E Resources
Louise Penn
 
Electronic resources management presentation 2021
chrisokiki69
 
Asis&t webinar people directories access innovations
Bert Carelli
 
From Provider to Portal - a chain of interoperability
Andy Powell
 
A&M presentation
Eugenia Beh
 
Sword Cetis 2007 06 29
Sheila MacNeill
 
Jyoti singh
Jyoti Singh
 

Similar to Access Management for Libraries by John Paschoud & Masha Garibyan (20)

PPT
'Connecting poeple to resources' by Nicole Harris at UKSG 2007
JISC.AM
 
PDF
Shibbolise This!
Miles Metcalfe
 
PPT
JISC License Workshop
JISC.AM
 
PPT
Federated Access Management 102
JISC.AM
 
PPT
Federated Access Management (Sconul Access Conference)
JISC.AM
 
PPT
JISC Access and Identity Management: Future Directions
JISC.AM
 
PDF
Leahy Transforming the User Experience with Identity Management and SSO
National Information Standards Organization (NISO)
 
PPTX
Leahy - What can SAML/Shibboleth do for your institution?
National Information Standards Organization (NISO)
 
PPTX
OpenAthens Conference 2018 - Panel session - Sandra Tury (Librarian)
OpenAthens
 
PPTX
What can SAML / Shibboleth do for your institution?
OpenAthens
 
PPT
FAM The Basics 13 Feb08
Mike Moran
 
PDF
Shibboleth: Open Source Distributed Authentication and Authorization
Glen Newton
 
PDF
Singley "Building Privacy Infrastructure - An Academic Library’s Perspective"
National Information Standards Organization (NISO)
 
PDF
Singley "Building Privacy Infrastructure - An Academic Library’s Perspective"
National Information Standards Organization (NISO)
 
PPTX
Federated access management
Mark Cairney
 
PPT
Access Management - the Issues for FE Colleges
Mike Moran
 
PPT
Online Educa: JISC Access and Identity Management
JISC.AM
 
PPTX
Implementing Shibboleth at Dublin Business School Library
dbslibrary
 
PPT
Remote access to electronic resources
mamboxena
 
PPT
Athens, Shibboleth, The Uk Access Management - Single sign-on for your Web site
Eduserv Foundation
 
'Connecting poeple to resources' by Nicole Harris at UKSG 2007
JISC.AM
 
Shibbolise This!
Miles Metcalfe
 
JISC License Workshop
JISC.AM
 
Federated Access Management 102
JISC.AM
 
Federated Access Management (Sconul Access Conference)
JISC.AM
 
JISC Access and Identity Management: Future Directions
JISC.AM
 
Leahy Transforming the User Experience with Identity Management and SSO
National Information Standards Organization (NISO)
 
Leahy - What can SAML/Shibboleth do for your institution?
National Information Standards Organization (NISO)
 
OpenAthens Conference 2018 - Panel session - Sandra Tury (Librarian)
OpenAthens
 
What can SAML / Shibboleth do for your institution?
OpenAthens
 
FAM The Basics 13 Feb08
Mike Moran
 
Shibboleth: Open Source Distributed Authentication and Authorization
Glen Newton
 
Singley "Building Privacy Infrastructure - An Academic Library’s Perspective"
National Information Standards Organization (NISO)
 
Singley "Building Privacy Infrastructure - An Academic Library’s Perspective"
National Information Standards Organization (NISO)
 
Federated access management
Mark Cairney
 
Access Management - the Issues for FE Colleges
Mike Moran
 
Online Educa: JISC Access and Identity Management
JISC.AM
 
Implementing Shibboleth at Dublin Business School Library
dbslibrary
 
Remote access to electronic resources
mamboxena
 
Athens, Shibboleth, The Uk Access Management - Single sign-on for your Web site
Eduserv Foundation
 
Ad

More from JISC.AM (20)

PPT
Identity Assurance Profiles
JISC.AM
 
PPT
Assurance
JISC.AM
 
PPT
I2 Fedsoup
JISC.AM
 
PPT
Cuckoo (Graham Mason, Ed Beddows)
JISC.AM
 
PPT
Federated Futures (Nicole Harris)
JISC.AM
 
PPT
Introduction to Shib 2.0 (Chad La Joie)
JISC.AM
 
PPT
The Identity Project (Rhys Smith)
JISC.AM
 
PPT
Shibboleth 2.0 IdP slides - Installfest (Edited)
JISC.AM
 
PPT
Shibboleth 2.0 SP slides - Installfest
JISC.AM
 
PPT
SARoNGS project (Jens Jensen)
JISC.AM
 
PPT
Names project (Amanda Hill)
JISC.AM
 
PPT
Studies in advanced access mgmt: GFIVO project (Cal Racey)
JISC.AM
 
PDF
Identity: Future directions (David Orrell, Eduserv Foundation)
JISC.AM
 
PDF
Shintau And VPMan proejcts (David Chadwick)
JISC.AM
 
PPT
Identity: Future directions (David Orrell, Eduserv Foundation)
JISC.AM
 
PPT
Internet2 Fall MM 2007 - Jane Charlton
JISC.AM
 
PPT
Openid
JISC.AM
 
PDF
OpenID and Usercentric Identity: It's All About Me
JISC.AM
 
PPT
McShib2: UK federation update
JISC.AM
 
PDF
Talis Insight Presentation
JISC.AM
 
Identity Assurance Profiles
JISC.AM
 
Assurance
JISC.AM
 
I2 Fedsoup
JISC.AM
 
Cuckoo (Graham Mason, Ed Beddows)
JISC.AM
 
Federated Futures (Nicole Harris)
JISC.AM
 
Introduction to Shib 2.0 (Chad La Joie)
JISC.AM
 
The Identity Project (Rhys Smith)
JISC.AM
 
Shibboleth 2.0 IdP slides - Installfest (Edited)
JISC.AM
 
Shibboleth 2.0 SP slides - Installfest
JISC.AM
 
SARoNGS project (Jens Jensen)
JISC.AM
 
Names project (Amanda Hill)
JISC.AM
 
Studies in advanced access mgmt: GFIVO project (Cal Racey)
JISC.AM
 
Identity: Future directions (David Orrell, Eduserv Foundation)
JISC.AM
 
Shintau And VPMan proejcts (David Chadwick)
JISC.AM
 
Identity: Future directions (David Orrell, Eduserv Foundation)
JISC.AM
 
Internet2 Fall MM 2007 - Jane Charlton
JISC.AM
 
Openid
JISC.AM
 
OpenID and Usercentric Identity: It's All About Me
JISC.AM
 
McShib2: UK federation update
JISC.AM
 
Talis Insight Presentation
JISC.AM
 
Ad

Recently uploaded (20)

PDF
Top 10 Corporates in India Investing in Sustainable Energy.pdf
Essar Group
 
PDF
Alan Stalcup - Principal Of GVA Real Estate Investments
Alan Stalcup
 
PDF
SMLE slides.pdf pediatric medical history
hananmahjoob18
 
PDF
Followers to Fees - Social media for Speakers
Corey Perlman, Social Media Speaker and Consultant
 
PPTX
Appreciations - July 25.pptxsdsdsddddddsssss
anushavnayak
 
PDF
Using Innovative Solar Manufacturing to Drive India's Renewable Energy Revolu...
Insolation Energy
 
DOCX
Apply for a Canada Permanent Resident Visa in Delhi with Expert Guidance.docx
WVP International
 
PPTX
Integrative Negotiation: Expanding the Pie
badranomar1990
 
PDF
Retinal Disorder Treatment Market 2030: The Impact of Advanced Diagnostics an...
Kumar Satyam
 
PDF
🚀 Mohit Bansal_ Driving Urban Evolution Through GMI Infra (1).pdf
Mohit Bansal GMI
 
PDF
GenAI for Risk Management: Refresher for the Boards and Executives
Alexei Sidorenko, CRMP
 
PDF
Gregory Felber - An Accomplished Underwater Marine Biologist
Gregory Felber
 
PDF
ANÁLISIS DE COSTO- PAUCAR RIVERA NEISY.pdf
neisypaucarr
 
PDF
Infrastructure and geopolitics.AM.ENG.docx.pdf
Andrea Mennillo
 
DOCX
India's Emerging Global Leadership in Sustainable Energy Production The Rise ...
Insolation Energy
 
PPTX
Struggling to Land a Social Media Marketing Job Here’s How to Navigate the In...
RahulSharma280537
 
PDF
MBA-I-Year-Session-2024-20hzuxutiytidydy
cminati49
 
DOCX
Andrew C. Belton, MBA Resume - July 2025
Andrew C. Belton
 
PDF
How BrainManager.io Boosts Productivity.
brainmanagerious
 
PDF
The Rise of Penfolds Wine_ From Australian Vineyards to Global Fame.pdf
Enterprise world
 
Top 10 Corporates in India Investing in Sustainable Energy.pdf
Essar Group
 
Alan Stalcup - Principal Of GVA Real Estate Investments
Alan Stalcup
 
SMLE slides.pdf pediatric medical history
hananmahjoob18
 
Followers to Fees - Social media for Speakers
Corey Perlman, Social Media Speaker and Consultant
 
Appreciations - July 25.pptxsdsdsddddddsssss
anushavnayak
 
Using Innovative Solar Manufacturing to Drive India's Renewable Energy Revolu...
Insolation Energy
 
Apply for a Canada Permanent Resident Visa in Delhi with Expert Guidance.docx
WVP International
 
Integrative Negotiation: Expanding the Pie
badranomar1990
 
Retinal Disorder Treatment Market 2030: The Impact of Advanced Diagnostics an...
Kumar Satyam
 
🚀 Mohit Bansal_ Driving Urban Evolution Through GMI Infra (1).pdf
Mohit Bansal GMI
 
GenAI for Risk Management: Refresher for the Boards and Executives
Alexei Sidorenko, CRMP
 
Gregory Felber - An Accomplished Underwater Marine Biologist
Gregory Felber
 
ANÁLISIS DE COSTO- PAUCAR RIVERA NEISY.pdf
neisypaucarr
 
Infrastructure and geopolitics.AM.ENG.docx.pdf
Andrea Mennillo
 
India's Emerging Global Leadership in Sustainable Energy Production The Rise ...
Insolation Energy
 
Struggling to Land a Social Media Marketing Job Here’s How to Navigate the In...
RahulSharma280537
 
MBA-I-Year-Session-2024-20hzuxutiytidydy
cminati49
 
Andrew C. Belton, MBA Resume - July 2025
Andrew C. Belton
 
How BrainManager.io Boosts Productivity.
brainmanagerious
 
The Rise of Penfolds Wine_ From Australian Vineyards to Global Fame.pdf
Enterprise world
 

Access Management for Libraries by John Paschoud & Masha Garibyan

  • 1. [AMP meeting title slide] Access Management for Libraries  John Paschoud and Masha Garibyan London School of Economics Joint Information Systems Committee Supporting education and research Access Management Programme meeting, May 2007
  • 2. Why fix what ain’t broke? Our Athens authentication system seems to work quite well, and has done so for several years. Why has JISC decided to change to something different?
  • 3. Why “Federated Access Management”? Moves closer to the single sign-on ideal - users need not remember so many passwords Aligns with international convergence on Shibboleth/SAML compliant technology - wider market for suppliers Avoids the need to maintain a central Athens-type database - by JISC/Eduserv and by participating libraries Open Source and Open Standards –based - so tools can be developed by participants and shared Supports internal applications, collaborative inter-institutional sharing of resources, and virtual organisations
  • 4. Is that all? Is that all?
  • 5. Is that all!?!? Improved security for resources, so publishers happy - they also don’t have to pay a licence fee (as they do for Athens), nor maintain campus IP address ranges Because the access is role-based rather than identity-based there is improved privacy for users Supports the trend towards a devolved / distributed model for access management Authentication by the end-users’ institution Authorisation by the resource owner Suited to the demands for more mobile access – from home, travelling, or working at other institutions or libraries
  • 6. So what is Shibboleth? OK, sounds convincing, but what is Shibboleth?
  • 7. What is Shibboleth? Actually, “Shibboleth” is just an enabling technology that lets us do Federated Access Management but just to satisfy your curiosity… An initiative (of Internet2) to develop an architecture and policy framework supporting the sharing – between domains – of secured web resources and services A project delivering an open source implementation of the architecture and framework Deliverables: Software for Identity Providers (universities, libraries) Software for Service Providers (publishers …and universities, libraries) Policy models for Federations (scalable trust) … and they have a nice logo!
  • 8. What are the costs and benefits? What are the costs and benefits for our library of migrating to Federated Access Management?
  • 9. Costs/Benefits of FAM? Costs: Institution’s directory must be in good shape and set up to support an Identity Provider (IdP) Shibboleth (or compatible) middleware needs installing and maintaining Benefits: Reduced overheads in password support No difference in on-campus and off-campus access More flexible access control – e.g. different categories of users to different levels of access (or none) to a resource
  • 10. Any other capabilities? Are there things Shibboleth can do that Athens cannot? … sorry! I meant “Federated Access Management”! What extra things can we do with it?
  • 11. The Other Capabilities of FAM? As well as acting as an Identity Provider , your institution would be able to set up its repository, e-learning or any other service as a Service Provider as LSE has done for Exam Papers and other ‘members only’ collections This will facilitate sharing of resources within the academic community you can provide controlled access to users from other institutions, without needing to administer usernames/passwords for them as LSE and Columbia (NY) did for a collaborative Anthropology teaching project (DART) The fine-tuning of access control possible (using directory attributes) can be used to restrict confidential or sensitive data to those whose roles allow this
  • 12. (the LSE Exam Papers collection – secured with Shibboleth)
  • 13. So how do we get Shibbolised? What will our library need to have in place and do in order to migrate to Shibboleth? What ‘infrastructure’ is required?
  • 14. What infrastructure is required? Within your Library / Institution: IdentityProvider (IdP) site – Required Enterprise Infrastructure Authentication service (e.g. Yale-CAS, Pubcookie, or just webserver authentication) Attribute repository (directory) Shibboleth-compliant IdP service (e.g. Shibboleth, Guanxi or AthensIM software) At your Publishers / Aggregators / e-Resource Providers: ServiceProvider (SP) site - Required Enterprise Infrastructure Webserver (Apache or IIS) Shibboleth-compliant SP service (e.g. Shibboleth, Guanxi or AthensIM software) Logic to make Authorisation decisions based on user attributes collected by SP service (as simple or complex as the service / resources being provided)
  • 15. Shibboleth IdP architecture GET YOUR LOCAL TECHIE TO DEAL WITH THIS BIT IdP server 8443 Shibboleth SP Web browser (various communications) 443 LDAP server MOD_ SSL Certificate check MOD_LDAP_ AUTHZ MOD_ JK Apache Tomcat Shibboleth IdP AA (Attribute Authority) HS (Handle Server) idp.xml resolver.xml arp.xml
  • 16. Is there help out there? What help and support will be available to our library as we set about installing and migrating to Federated Access Management?
  • 17. What support is there? JISC information resources at: http:// www.jisc.ac.uk /federation Including material produced by the extensive programme of Core Middleware and Early Adopters projects The UK Federation has guidance for institutions and publishers wanting to join at: http://www.ukfederation.org.uk JISC Regional Support Centres, CILIP, CPD25, UCISA, SCONUL and other organisations are running information events Netskills is producing practical training courses for technical staff Use JISC-ACCESS- [email_address] to contact the JISC Support Team
  • 18. What resources are Shibbolised? I understand that quite a lot of publishers have already joined the UK Federation… But not all e-resources are going to be accessible via Shibboleth overnight. Will that be a problem for us? … shouldn’t we wait for another year or so, until they’ve all converted from Athens?
  • 19. Ah! There’s a Cunning Plan! The Athens-Federation Gateways Federation -enabled resources Athens authenticated resources Athens national authentication service Athens enabledusers College IdP FAM enabledusers University IdP FAM enabledusers University IdP FAM enabledusers Athens  Fed Fed  Athens
  • 20. And the Athens Administrator? We have an Athens Administrator. What happens to that role after migrating to Shibboleth?
  • 21. Athens Administrator role? Initially to manage the changeover from ‘classic Athens’ to either ‘Shibbolised’ resources, or via the Gateways, and continue to maintain other ad hoc access methods where neither of these options is available As things settle down, there will be the need to maintain the links in your library’s list of e-resources Closer liaison with your own IT people (who manage your institutional directories) may be needed
  • 22. What’s a Federation? … and what exactly does one of these ‘Federations’ do?
  • 23. What is a Federation? A group of organisations with a common purpose (e.g. education and research) who trust each other Not a subscription-purchasing consortium! but could be related to one or more of those Federation members… sign up to a set of rules, including minimum standards for Identity Management practices May have legal status Needs the trust of suppliers Runs the ‘Where Are You From’ (WAYF) service
  • 24. What does Shibboleth access look like? So what does access to an e-resource using Shibboleth look like to the end user?
  • 25. Demonstration: What does FAM look like to an end-user? Elsevier Science Direct – an ‘early-adopting’ publisher … dealing with a global customer base … needs-to-know only whether user is from a licensed institution http://www.sciencedirect.com/ (and use ‘Athens/Other Institution Login’) LSE Projects wiki – a highly-restricted institutional resource … with users spread across 10+ HE institutions (current project partners) … needs to know personal identity and other user attributes https://gabriel.lse.ac.uk/twiki/bin/view/Projects/AboutJohnPaschoud (and then ‘Edit’ this page) Shibboleth Wiki – a global discussion space https://spaces.internet2.edu/display/SHIB/WebHome (and use ‘Log In’)
  • 26. Well Shibboleth can look like this: And where they are from User knows URL of resource and that Shibboleth is used
  • 27. Or, Shibboleth works invisibly behind the library portal Alternatively, on or off campus, you could just go to the list of e-resources in the library’s portal. In the LSE Library’s case our ‘Electronic Library’ is run from Endeavor’s Encompass system: … but it could just be a list on a ‘hand-crafted’ web page
  • 28. Shibboleth behind the library portal The expanded list shows a link direct to the Service Provider, in this case Elsevier
  • 29. Shibboleth behind the library portal If users prefer the route through the library portal, e-resource usage statistics should become more representative After clicking link in library portal:
  • 30. What do we tell our users? What should we tell our staff and student library users about the change to Shibboleth?
  • 31. What to tell your users? As little as possible! There is no Athens-type username and password to distribute (and remind of when forgotten or lost) One strand of the change management will be to remove references to Athens passwords from user guides etc there should be no need to substitute Shibboleth in Athens’ place During changeover, decreasing reliance will be made on Athens passwords some users may need reassuring the library has not lost access to a super-database called Athens! LSE now tells users that “ your LSE Login ” is the default access for everything … and provides help with the diminishing number of exceptions
  • 32. From LSE’s Electronic Library FAQs: Many LSE electronic resources can also be accessed off-campus via your LSE login (network username and password). The FAQ shows how access to e-resources is getting easier, both on and off-campus.
  • 33. ‘ LSE for You’ provides diminishing passwords: The ‘LSE for You’ page, protected by the LSE login, provides the remaining passwords still required for some e-resources.
  • 34. How did the LSE do it? You were the first installation of Shibboleth in the UK. How did the LSE Library manage the change to Shibboleth?
  • 35. How did the LSE do it? Installing the infrastructure was surprisingly easy (once we had the first working version of the software!) We chose a ‘cautious’ changeover from Athens access, with careful quality assurance testing of each resource link We were at the ‘bleeding edge’, with over 150 resource collections being accessed by ‘classic Athens’, Shibboleth, the Athens Gateway and EZproxy, and about 20% by all sorts of ad hoc methods The methods used for these tests, a progress bar and a table of the Shibbolised status of those resources can be found on the [email_address] website
  • 38. Shibboleth@LSE Table of e-Resources
  • 39. [JISC Conf title slide] The End Joint Information Systems Committee Supporting education and research Access Management for Libraries
  • 40. Links, Questions and Conclusions JISC FAM Transition: www.jisc.ac.uk/federation.html UK Federation: www.ukfederation.org.uk Shibboleth: shibboleth.internet2.edu Shibboleth@LSE: www.angel.ac.uk/ShibbolethAtLSE / Other questions? Other issues for libraries? … you’ll think of them later? [email_address] or JISC-ACCESS- [email_address]

Editor's Notes

  • #2: Session B: Change Management for Libraries (11.00 – 12.00) Speakers: John Paschoud and Peter Spring, London School of Economics This session is aimed at institutional library staff and Athens administrators. Adopting federated access management will require a change to the way in which students are trained in using access management. This will have an impact on institutional libraries in a variety of ways: updating user guides, training staff to answer queries, updating electronic catalogue links etc. This presentation will be run by institutions that have already started that process, and give guidance on how to manage the necessary change.