FAM09 – Closing session

This session by Nate Klingenstein.

Today’s Federated Identity Challenges:

  • Scaling – especially cross-sector and cross national boundaries
  • Getting the user experience right – not just in Higher Education – is going to be even harder than the challenges we face today.
  • Protocol wars – new, powerful players in the area
  • Levels of assurance and attribute support
  • Reconcilation between consumer and enterprise identity – possibly the biggest challenge

‘The Cardiff Giant’ – a statue discovered in Cardiff (New York). Copied  by P.T. Barnum (covertly) and toured. This all showed:

  • Even a fake can be very popular
  • Fake identites and indentity theft are widely recognized, growing problem

Identity is big business – e.g. Doubleclick (acquired by Google) – serving personalised advertising.

Universities house both applications and identities. They are the natural ‘home’ of much user data – e.g. Courses, titles, grades. Universities also host applications – but increasingly these may not be hosted locally. The important players in Academic Identity are:

  • Government
  • Faculty
  • Applications (Commercial and other)
  • Users

What do Governments want?

  • Privacy laws and their enforcement vary wildly from country to country
    • China and the EU offer useful (and possibly polar opposite) examples
    • A situation that needs careful balancing if there will be meaningful enforcement
  • We need recognition of the social importance of trust – some evidence that trust in financial markets drives economic properity?

What do Faculty want?

  • Good learning resources and tools
  • Students undivided attention (possible issue with using external tools e.g. social networks to deliver teaching material)
  • Freely circulated intellectual property?
  • Stronger intellectual property rights?

What do Commercial Applications want?

  • A userbase to monetize
    • page views, successful completion of login, high retention rates, lost of juicy personal details (hence reluctant to engage with federated access management)
    • licensing fees
    • Advertising is a nice plus

What do Other Applications want?

  • They’re often not sure, and would like you to help them
  • Happy to be out of the usr/pwd trap
  • Varying degrees of control over the GUI and authentication process
  • “Security” and “usability”, vaguely
  • Identity services are critical for “cloud” computing

What do Users want?

  • Studies by JISC, Yahoo!, Google and others show that to get users to use the services you offer:
    • You need consistency, consistency, consistency
    • Bifurcation is confusing, particularly if there’s an email address box or user/pass option (i.e. more than one option)
    • Users have no idea what a domain is
    • Even with coaching, outcomes from typing URL-based identity do not improve
    • Buttons are best, but alternatives are okay

Users understand the difference between a professional account and a personal account, work app and personal app – and can generally select between them. Privacy and security are consistently rated as very important – especially in coutnries with weak privacy laws. However LSE study demonstrated – convenience often wins in practice anyway.

Consumer Identity Today

  • Facebook Connect by far the most successful
    • proprietary protocol, single identityt providers
    • inducements for applications – lots of personal data for targeted ads
  • Twitter comes in second, followed by also-rans

Facebook Connect – on Huffington Post, http://money.cnn.com (the latter only supports Facebook connect for commenting). Some interesting stats on various mechanism for logging into the Typepad blogging platform at http://blog.leahculver.com/2009/11/log-in-or-sign-up-with-openid.html

Convergence between Educational Identity and Consumer Identity – It’s already happening! How soon will your students ask for a ‘Facebook Connect’ login to your VLE?

The level of assurance gravitates towards the lowest common denominator – often basically an email address that doesn’t ‘bounce’. Social Networks include a large level of assurance, as you have lots of people ‘vouching’ for you (although questions about how much this is worth, it definitely isn’t worthless). Maybe ‘strongly vetted’ ID is not what Universities should try to provide. Instead we may want to focus on the attributes:

  • Consumer identity world is rapidly realizing that attributes are key
  • Need to solve problems like attribute aggregation
  • Attribute plumbing from the campus to the consumer Identity Provider – Google is trying the business modle

If consumers opt for Facebook, perhaps this is an opportunity for Universities to stop worrying about the ‘discovery’ problem – even if we worry about the implications of Facebook managing this instead.

Preparing for those futures:

  • Be protocol-agnostic
    • OpenID support in the Shibboleth IdP is a good start
  • Expectations and functionality are driven today by commerce and consumer identity
    • Users unlikely to exert change
    • Faculty will use the best tools available
    • Commercial applications like money
  • Discovery is the real control point – if you present a ‘Facebook Connect’ button at this point, users will click it
    • No single right answer
    • eduID or similarly branded login – this is contentious issue
    • Some people want to stop buttons or dedicated discovery entirely
  • Proactively contemplate partnerships with the other identity sources

Current course excellent – we are doing most of the right things – even if for the attributes and policies alone which is 9/10 the effort and value

IceRocket Tags:

Group Management

This session from Caleb Racey and Richard James from Newcastle University.

  • FAM requires attributes. For example, if you want to offer resources to (for e.g.) a member of the medical faculty – you need to know which users these are.
  • At Newcastle the systems Grouper and Talend provide this
  • Federated identity is a subset of campus identity

Data management is the key to access control:

  • User identity
  • Unit (granularity) of access contorl
    • Department membership
    • Module enrolment

Identity data is aggregated from several different sources/systems across the University.

What is ‘Grouper’?

  • Toolkit to manage institutional and personal groups
  • Collaborative project from internet2
  • API for managing groups
  • UI + web services + shel interfaces to access API
  • http://www.internet2.edu/grouper/

Newcastle use Grouper to provide access control to different resources – wikis, lecture capture system, room book system. They populate Grouper with the institutional

Grouper has a user-facing interface – gives control to the user, enables local teams to manage memberships of groups etc. Grouper then releases it’s ‘”Groups” to Shibboleth as attributes.

Talend is used to structure the data before import into Grouper – there are more details at http://research.ncl.ac.uk/idmaps/videos.php

IceRocket Tags:

FAM09 – Day 2

Opening the second day is Mark Tysom talking about the UK federation.

There are now 765 members of the UK federation, which has now been operating for 3 years. They now have:

  • 74% of UK FE institutions
  • 100% of UK HE institutions
  • 57% of schools in England
  • 100% of schools in Northern Ireland and Scotland

In this context ‘signup’ just means that they have agreed to the Federation rules – it doesn’t mean they are actively participating in the Federation.

Service Enhancements coming:

Details at http://www.ukfederation.org.uk/content/Documents/DevelopmentRoadMap. Today Mark is going to look at the next 6 months or so:

WAYF Review

  • Provide and independent review of the current WAYF login processes
  • Improve the usability and accessibility for all users and enhance the user experience
  • Conduct user tests with a series of sites to assess the usability of the WAYF interface
  • Identify any other direct enhancements to be made
  • Provide prioritised recommendations for next steps and future development by end July 2010

They have engaged an external company to assess usability of the WAYF, getting evidence from talking to users, and observing how they interact with WAYFs/login. Clearly some crossover with studies such as Publisher Interface study – so they are sharing the outcomes of the study with these other projects.

Portal Best Practice

WAYF is a ‘backstop’ solution – i.e. not the preference. The UK Federation encourage the development of ‘portals’ – I’m not quite clear who they think will develop these ‘portals’ and why users will actually come to resources via portals – this just seems like a backward looking idea to me? Perhaps I’ve misunderstood?

Some clarfication on questioning – it seems that in this sense they mean the UK Federation WAYF as opposed to WAYF as a process generally. I think it is key we assume that users will hit resources from the open web rather than via a system controlled by the library or institution.

Statistics Gathering

  • Provide mechanisms to all the operatiors of IdPs and the federation to visualise how the service is being used
  • Provide mechanism to populat an anonymous central database that can store usage data for these services
  • Review existing mechanisms for gathering federation metrics
  • Incorporate solution into the JANET Netsight2 Service

Mark also mentioned they would be looking at Metadata scaling and running a Satisfaction Survey

Now Mark mentioning a couple of policy areas they are going to be looking at – Inter-federation agreements and Eligibility for membership – the latter looking at interest from other sectors such as NHS, Governments, Museums.

IceRocket Tags:

Shibboleth Developments

Chad La Joie – from SWITCH

Shibboleth 1.3 reaches end of life on June 30th 2010 – there will be absolutely no support after this time – so you should be planning to have upgraded to Shib 2.0 by this date!

Next release of Shibboleth IdP is 3.0 – this is not a major rewrite – do not wait to upgrade! Main goal – to clean up APIs hindering new work. Also includes n-tier delegation support and non-browser based authentication.

Discovery Service 2.0

  • incorporation of feedback from JANET funded usability study
  • support for centralised and page-embedded models
  • HTML/CSS/JavaScript that can be dropped into an SP to render a discovery interface

Chad claims that if you give SPs just a snippet of HTML or JavaScript, they are happy to embed it in their interface (not sure about this – what if they get competing demands from different federations)

N-tier delegation

What? – user logs into the portal, and the portal logs into back-end services as the user – this is delegation

Goals

  • allow service to log in to the back-end server as the user
  • control which services can impersonate the user
  • keep a complete audit trail of impersonation
  • and other stuff …(sorry, missed this)

Attribute Aggregation

What:

  • aggregate user attribute from home organization and other sources such as professional organizations

Goals

  • Allow SP to pull in attribute from multiple attribute authorities (IdPs)
  • use existing attribute release/acceptance policy mechanisms

Status

  • latest SP has support out of the box
  • 2.x IdP has support out of the box
  • currently only identifiers shared by AAs and SPs are supported

Future work

  • determine if non-shared identifiers are usable/supportable
  • determine if IdP aggregated attributes is useful and tenable

How does the SP know where to aggregate attributes from? At the moment can either be hardcoded in SP, or sent from the IdP.

OpenID Support

Goals:

  • support XRD 1.0, Open ID 2.0, PAPE, Simpler Registration, Attribute Exchange
  • use existing trust layer to create trust between OpenID entities
  • use existing attribute release mechanism

Status

  • XRD 1.0 now out of community review
  • basic support for OpenID 2.0 and PAPE support via proof-of-concept IdP plug-in
  • trust equal to standard deployment of Shibboleth
    • OpenID protocol dos not support certain advanced trust models
  • No SP support planned

Future Work

  • develop real IdP plugin based on IdP v3

Buzzwords: User-centric identity

  • Two views of user-centric identity
    • 1. Purist – all data about a person is property of, should be kept by, and should be released by the person – i.e. OpenID model
    • 2. Identity 2.0: User picks which account and associated data should be used with which service – i.e. Cardspace model
  • But – users aren’t authoritative – or trustable source of, for most of their data
  • most user’s can’t run their own identity provider
  • most user’s have a hard time understanding relationships between attributes and the service provider

The goal should probably be a release consent model added to the Identity 2.0 view – e.g. Shibboleth + uApprove  (http://www.switch.ch/aai/support/tools/uApprove.html)

Buzzwords: Cardspace

CardSpace generally refers to two things:

  • Microsoft’s evolution of Passport in to a decentralized service – know by MS as the ‘identity metasystem’
  • Microsoft’s client for the service is the the only thing that Microsoft calls CardSpace

Primary focus on avoiding phishing.

However – now Microsoft now doing server-side implementation called ‘Geneva’ – which is the non-interoperable, spiritual successor to ADFS. This does not currently interoperate with other products – including MS own Cardspace selector.

MS-hosted ‘cloud’ Exchange, SharePoint and storage service have Geneva support – and SharePoint 2010 will have support as well.

MS have asked Shibboleth team to add Geneva support – which they would do if MS would actually make the specification available!

Buzzwords: OAuth

OAuth is an access delegation protocol:

  • You login to Service B. Service B wants your information from Service A. You login to A, get a token, and give it to B. B uses  the token to get information from A.
  • OAuth is independent of the means by which a user is authenticated of the format of the token
    • so OAuth is orthogonal to federated identity management (although you could use things like n-tier delegation to achieve this)
  • OAuth is current under-specified
IceRocket Tags:

Federated Access: The Library Experience

A three part presentation – first up Sarah Pearson from the University of Birmingham on their experience:

Authentication overview:

  • Mixture of Shibboleth, IP and username/password authentication
  • EZProxy used for off-campus (recently implemented)
  • SSO to Metalib (federated search), Shibboleth and EZProxy
  • Extra sign-on needed between Portal, WebCT and Metalib

Authentication – setup, maintenance and troubleshooting – needs involvement from:

  • Serials Team (Library services)
  • Digital Library team (IT Services)
  • Networks team (IT Services)

Shibboleth implementation relatively straightforward as already had good quality data in directory

Implementation timescale at B’ham

  • Jan 08 – decided to implement Shibboleth for July 2008
  • Jan-Mar 08 – tested current authentication, set up IdP and shibbolized Metalib
  • Mar-Apr 08 – Prioritised ‘Athens only’ resources with Shibboleth
  • July 08 – changed all links in Metalib to Shibboleth
    • decided to retain Athens for 1 year as some resources not supporting Shib
    • Migration of remaining Athens resources to other methods
  • July 09 – ended Athens subscription but implemented EZProxy

Decisions made

  • Athens only and IP/Athens authenticated resources to be moved to Shibboleth
  • WAYFless URLs where possible
  • Shibboleth preferred over IP
  • Shibbolized metalib
  • Extended Athens subscription for 1 yr

Implementation process

  • Contacting service providers
  • Knowing which information to provide
  • Obtaining and testing WAYFless URLs was time consuming
  • Adding new URLs to Metalib (library portal/federated search)
  • Adding notes for specific resources

Issues and Challenges

  • SP discoverability / navigation issues – not everyone comes to the resource from the library website/portal
  • Dual authentication and personalisation
    • Although University of B’ham prefer Shibboleth to IP authentication – some resources us IP as a preference
  • WAYFless URLs
    • different suppliers use different constructions
    • Some support
  • SFX (OpenURL resolver) integration – providers don’t necessarily support deep linking in a consistent or good way
  • IdP downtime – have introduced a single point of failure

Secondly Francis Lowry from Nottingham Trent University

NTU approx 25,000 FTEs across 3 campuses

  • NTU was a early adopter of Shibboleth – in 2005
  • Shibboleth ‘just worked’ – it has been very stable
  • Currently on Shib 1.3, going to upgrade to 2.0 in Summer 2010
  • Shibboleth not a panacea – managing expectations was a big issue – e.g. Shib is not a SSO solution

Now Richard Cross takes up the story from the library side:

  • NTU Library do not talk about ‘Shibboleth’ – may describe the benefits of FAM, but talk about ‘NTU username and password’
  • Personalisation features – issue of migrating from personal settings on remote resources being linked to Athens PUIDs – and needed to migrate to linking to Shibboleth IDs
  • Some resources ended up losing personalisation features
  • Communication with colleagues etc. key
  • Switchover remarkably smooth
  • Customers appeared to find the process quite intuitive
  • No permanent loss of off-campus access to any significant resources

Richard mentions the JISC Publisher Interface Study – incredible inconsistency in how service providers implement and talk about authentication – this needs to change. WAYFLess URLs over engineered, inconsistent syntax – real problem. Particularly OpenURL resolvers need to work with WAYFless URLs

  • Lack of utilities toolkit – reduced usage data
  • No ‘admin interface’, no reporting functionality, no troubleshooting tools
  • Reduced statistics (even at basic level) to previously (when using traditional Athens authentication)

Customer experience?

  • May well remain unimpressed by the delivery of ‘mostly single’ sign-on (but terms and conditions apply)
  • Potential remains for customer confusion about how libraries manage the authentication exceptions
  • WAYFless URLs only work when the user accesses resources via the library – which is not how many people approach resources – coming in from Google and other resources

Don’t expect to be thanked for successful Shibboleth implementation – it is just seen as ‘business as usual’

Closing thoughts (from Francis):

  • Shibboleth is not just as a replacement for Athens Authentication – opportunity for closer more collaborative working across institutions
  • Vision for Shibboleth is more shared resources and services
    • Shared learning environments and resources
    • NTU CV Builder
    • Single framework for access to all university and externally provided services

NTU essentially embraced Shibboleth as a framework for authentication and authorisation across the board – all products they now tender for need to support SAML or similar…

IceRocket Tags:

FAM09

For the next couple of days I’m at FAM09 – a JISC event about Federated Access Management.

First up Peter Tison (UCISA), and Sarah Marsh (SCONUL) on “Identity and Access as UK Priority”. Peter summarising the move towards federated access management in the UKHE sector over the last few years. JISC outlined a road map, acknowledged the need for institutional effort/resource.

There is still very little implementation of federated access (says Peter) – why?

  • Lack of external resources
  • Lack of internal resources
  • Athens is still there …

JISC review April 2009 – about half institutions using Shibboleth and half OpenAthens (small numbers other).

Within the library Federated Access opens possibility of:

  • Shared services
  • Saving money by targetting subscriptions on specific user groups
  • Integration with OpenID?

Across the institution Federated Access could:

  • Give access to internal systems and external resources
  • Access to 3rd party s/w
  • Access to internal resources from off site
  • Seamless access to external resources

So – Peter says what we need now is:

  • Clear strategic message
  • A benefits/impact analysis
  • A longer road map:
    • solid identity management platform
    • first step as an Athens replacement – but it is more than this
    • identify the internal benefits of single sign-on
    • linking to external resources

Some questions around granularity of access to resources – not necessarily good thing for library resources – however is essential for other types of resources – e.g. finance systems

Second up, International developments by Josh Howlett (Janet).

Now many different federations internationally. However, can have different policies for different data elements – e.g. fallow period for reuse of EduPerson principal name. There are now quite a few projects/intitiatives looking at how you can work across these different federations – e.g. Kantara Initiative – cross-sector identity initiatives

Geant – a consortium of all the European national networks. 37 participating countries. £200million euros over 4 years – big initiatives. Geant is concerned about connecting national networks – not at an institution level generally. eduGAIN is one part of Geant.

eduGAIN goals

  • enable interoperability between national federations by undertaking the necessary technical and policy coordination
  • To build on this interoperability

eduGAIN pilot service use cases:

What will it provide me with?

  • Identity providers: obtain access to services regiestered in other federations
  • Service provider: provide access to identities issued by providers registered in other federations
  • Eurpoe-scale reach at a zero to modest expenditure of effort

What should I do?

  • ensure national federation is aware of your interestedt
  • prepare for SAML 2.0
  • Be ready for October 2010

Finally before coffee Mark Cross about commercial developments

Mark is from OpenID UK.

The institution you are a member of today is only one part of your identity

Roadmap for OpenID:

  • OpenID v1
    • SSO & Delegation
  • OpenID v2
    • attribute exchange
    • PAPE – Provider Authentification Policy Extension
  • OpenID v3
    • Contract Exchange Extension Working Group
    • Increased Security

Delegation!

OpenID going forward. Recent meeting agreed to work on:

  • Integration of OAuth Hybrid into core specifications
  • Looking at supporting email as well as web address (Mark Cross felt this was a divergence from original vision of OpenID)

Big likely implementers of OpenID in the UK – the Telegraph and the BBC

Identity Management is important in its support of a Knowledge Society.

IceRocket Tags:

Do you Read to Learn?

I’ve been promising a blog post of my entry into the JISC MOSAIC competition for a while now, so here goes.

The JISC MOSAIC competition was basically about demonstrating different ways in which library usage data could be exploited. The data made available for the competition is from the University of Huddersfield, where Dave Pattern has led the way in putting this type of data to work. I was also keen to dust off my rather rusty coding skills. I have to admit that when I first saw the large XML files that the project was offering, I was slightly worried – doing any kind of analysis on the files looked like it was going to be a bit of work. Luckily very soon after the competition was announced, Dave offered a simple API to the data which definitely looked more my kind of thing – a relatively simple XML format, with nice summary information available.

I had originally though that working on the competition might give me the push I needed to learn a new programming language – trying to get up to speed with Python or Ruby has been on my todo list for a while. However I ended up falling back on the language I’ve used most in the past – Perl. Several years ago I wrote some Perl scripts to parse various XML files so I was confident I could pick this up again. I was also slightly suprised that Perl still seemed to have some of the most extensive XML parsing options (although this may be simply due to my pre-existing knowledge – I’d be interested to hear what other languages I should be looking at?)

I wanted to come at the data from a slightly different angle. I had two ideas:

  • Generate purchase recommendations for libraries by finding the items they already owned in the usage data, and finding those linked items (in the usage data) that are not already owned
  • Get people to upload lists of books they owned/liked, find which courses they were linked to by the usage data, and suggest courses the person

I’d have liked to do both (and at one point thought I might pull this off with some help), but in the end I went with the second of these.

The idea was that if we know what books students on a specific course uses, if someone really likes those books then they may well find the course interesting. I’m still unsure of whether this assumption would be borne out in practice, and I’d be interested in comments on this. My program basically needed to:

  • Allow you to upload a list of books (I went for a list of ISBNs for simplicity)
  • Check which course codes those books were related to
  • Find where courses matching those course codes were available
  • Display this information back to you

The first thing I realised was how much Perl I’d forgotten – it took me quite a while to get back into it, and even now looking at the script I can see things that I would do quite differently if I were to start over.

I was able to pinch quite a few bits from existing tutorials and examples on the web (this is one of the great things about using Perl – lots of existing code to use). Things like uploading a file of ISBNs were relatively trivial. I’m not going to run through the whole thing here, but the bits I want to highlight are:

Dealing with UCAS
UCAS really don’t make it easy to get information out of their website on a machine-to-machine basis. I’ve done an entire post on scraping information from UCAS, which I’m not going to rehash here, but honestly if we are going to see people developing applications which help individuals build personalised learning pathways through Higher Education courses this has got to improve.

How much overlap is significant?
The first set of test data I used was the ISBNs from my own LibraryThing account. This is a free account, so limited to 200 items – so approximately this was 200 ISBNs. I realise that most people are not going to have a list of 200 ISBNs to hand (a major issue with what I’m proposing here), but it seemed like a good place to start. However, I found that only 2 of these 200 items matched items in the usage data from Huddersfield. Initially these two items resulted in several course recommendations – because I’d assumed that any overlap was a ‘recommendation’. However it was immediately apparent that the fact I owned ‘The Amber Spyglass’ by Philip Pullman didn’t really imply I’d be interested in studying History with English Language Teaching, or that owning Jane Eyre meant I’d be interested in Community Development and Social Work – these were just single data points, and amounted to ‘coincidence’.

Given this, I introduced the idea of ‘close matches’ which meant that you owned/read at least 1% of all the items associated with a course code. However, this led to my own data generating zero matches – not a good start. For the purposes of demonstration I basically faked some sets of ISBNs which would give results. I have no idea whether 1% is a realistic level to set for ‘close matches’ – it could well be this is too low, but it seemed like a good place to start, and it can easily be adjusted within the script.

I think it is really important to stress that the only usage data the competition worked against was that from the University of Huddersfield. This was bound to give limited results – any single institutions data would suffer from the same problem. However, if we were to see usage data brought together from Universities from across the UK I still think there are some possibilities here (and who knows what might turn up if you added public library information into the mix somehow?).

So – the result is at ReadToLearn and you are welcome to give it a go – and I’m very interested in comment and feedback. I’m hoping to at least partially rewrite the application to use the UCAS screenscraping utility I’ve since developed. Although I’m rather embarrassed by the code as it definitely leaves alot to be desired, if you want to you can download the ReadtoLearn code here.

Accessing Sconul Access

This is a very quick lunchtime post to document a script I’ve been working on over the last week or so. SCONUL Access is a scheme that offers reciprocal access to various university libraries across the UK.

The SCONUL Access website allows you to enter details of a UK university affiliation, and then will list details of those libraries which you can use via the reciprocal agreement scheme (you have to apply for a SCONUL access card at your ‘home’ institution before you can use the other libraries).

I’ve occasionally thought it would be nice to do something like map the results of a SCONUL access enquiry on a Google map, or integrate the question of ‘which libraries can I use’ with ‘where can I get a book’ – so that users could potentially do a search of all the libraries they can access (perhaps limited by a geographical radius?). Aside from these ideas, the SCONUL Access directory actually contains quite a bit of useful information on each library it lists – including the insitution website, the library website and the library catalogue URL.

Further, I was recently inspired by Philip Adams from Leicester (@Fulup) on Twitter who pointed me at http://www.library.dmu.ac.uk/Resources/OPAC/index.php?page=366 which combines information from SCONUL access with the Talis Silkworm directory to show SCONUL Access libraries (relevant to those at the University of Leicester I guess) on Google Maps.

Unfortunately the SCONUL Access website doesn’t provide an API to query the data it has on the libraries, so I thought I’d start writing something. I haven’t (yet anyway) tried to replicate the function that SCONUL access provide of taking user details, and giving a list of available libraries – to get this function you still have to go to SCOUNL Access website and fill in their forms. What my script does is simply provide SCONUL Access member library details in an XML format. The script lives at:

http://www.meanboyfriend.com/sconulaccess

It supports three modes of use:

1. Summary of all SCONUL Access libraries
URL: http://www.meanboyfriend.com/sconulaccess
Function: returns a summary of all institutions participating in SCONUL Access from their A-Z Listing. This XML (see below for format) only includes the SCONUL Access (internal) code for the library, the name of the institution and the URL for the full SCONUL Access record

2. Full records for specified SCONUL Access libraries
URL: http://www.meanboyfriend.com/sconulaccess/? e.g. http://www.meanboyfriend.com/sconulaccess/?institution=2,3,4
Function: returns full records for each institution specified by its SCONUL Access ID in the URL (see full XML structure below)

3. Full records for all SCONUL Access libraries
URL: http://www.meanboyfriend.com/sconulaccess/?institution=all
Function: similar to 2 but returns full records for all institutions that are obtained via 1. This takes some time to return results as it retrieves over 180 records from the SCONUL Access website – so it isn’t recommended for general use.

XML Structure

<sconul_access_results>
 <institution code=”4″ name=”Aston University”>
  <inst_sconul_url>
    http://www.access.sconul.ac.uk/members/institution_html?ins_id=4
  </inst_sconul_url>
  <website>http://www.aston.ac.uk/</website>
  <library_website>http://www1.aston.ac.uk/lis/</library_website>
  <library_catalogue>http://library.aston.ac.uk/</library_catalogue>
  <contact_name>Anne Perkins</contact_name>
  <contact_title>Public Services Coordinator</contact_title>
  <contact_email>a.v.perkins@aston.ac.uk</contact_email>
  <contact_telephone>01212044492</contact_telephone>
  <contact_postcode>B4 7ET</contact_postcode>
 </institution>
 <source>
  <source_url>http://www.access.sconul.ac.uk/</source_url>
  <rights>Copyright SCONUL. SCONUL, 102 Euston Street, London, NW1 2HS. </rights>
 </source>
</sconul_access_results>

The <institution> element is repeatable.
For (1) above the only elements returned are:
<institution>
</inst_sconul_url>
<source> (and subelements)

Anyway, I’d be interested in comments, and would be happy to look at alternative functions and formats – let me know if there is anything you’d like to see.