{"id":603,"date":"2009-11-23T16:50:25","date_gmt":"2009-11-23T15:50:25","guid":{"rendered":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/2009\/11\/federated-access-the-library-experience\/"},"modified":"2009-11-24T22:51:41","modified_gmt":"2009-11-24T21:51:41","slug":"federated-access-the-library-experience","status":"publish","type":"post","link":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/2009\/11\/federated-access-the-library-experience\/","title":{"rendered":"Federated Access: The Library Experience"},"content":{"rendered":"<p>A three part presentation &#8211; first up Sarah Pearson from the University of Birmingham on their experience:<\/p>\n<p>Authentication overview:<\/p>\n<ul>\n<li>Mixture of Shibboleth, IP and username\/password authentication <\/li>\n<li>EZProxy used for off-campus (recently implemented) <\/li>\n<li>SSO to Metalib (federated search), Shibboleth and EZProxy <\/li>\n<li>Extra sign-on needed between Portal, WebCT and Metalib <\/li>\n<\/ul>\n<p>Authentication &#8211; setup, maintenance and troubleshooting &#8211; needs involvement from:<\/p>\n<ul>\n<li>Serials Team (Library services) <\/li>\n<li>Digital Library team (IT Services) <\/li>\n<li>Networks team (IT Services) <\/li>\n<\/ul>\n<p>Shibboleth implementation relatively straightforward as already had good quality data in directory<\/p>\n<p>Implementation timescale at B&#8217;ham<\/p>\n<ul>\n<li>Jan 08 &#8211; decided to implement Shibboleth for July 2008 <\/li>\n<li>Jan-Mar 08 &#8211; tested current authentication, set up IdP and shibbolized Metalib <\/li>\n<li>Mar-Apr 08 &#8211; Prioritised &#8216;Athens only&#8217; resources with Shibboleth <\/li>\n<li>July 08 &#8211; changed all links in Metalib to Shibboleth\n<ul>\n<li>decided to retain Athens for 1 year as some resources not supporting Shib <\/li>\n<li>Migration of remaining Athens resources to other methods <\/li>\n<\/ul>\n<\/li>\n<li>July 09 &#8211; ended Athens subscription but implemented EZProxy <\/li>\n<\/ul>\n<p>Decisions made<\/p>\n<ul>\n<li>Athens only and IP\/Athens authenticated resources to be moved to Shibboleth <\/li>\n<li>WAYFless URLs where possible <\/li>\n<li>Shibboleth preferred over IP <\/li>\n<li>Shibbolized metalib <\/li>\n<li>Extended Athens subscription for 1 yr <\/li>\n<\/ul>\n<p>Implementation process<\/p>\n<ul>\n<li>Contacting service providers <\/li>\n<li>Knowing which information to provide <\/li>\n<li>Obtaining and testing WAYFless URLs was time consuming <\/li>\n<li>Adding new URLs to Metalib (library portal\/federated search) <\/li>\n<li>Adding notes for specific resources <\/li>\n<\/ul>\n<p>Issues and Challenges<\/p>\n<ul>\n<li>SP discoverability \/ navigation issues &#8211; not everyone comes to the resource from the library website\/portal <\/li>\n<li>Dual authentication and personalisation\n<ul>\n<li>Although University of B&#8217;ham prefer Shibboleth to IP authentication &#8211; some resources us IP as a preference <\/li>\n<\/ul>\n<\/li>\n<li>WAYFless URLs\n<ul>\n<li>different suppliers use different constructions <\/li>\n<li>Some support <\/li>\n<\/ul>\n<\/li>\n<li>SFX (OpenURL resolver) integration &#8211; providers don&#8217;t necessarily support deep linking in a consistent or good way <\/li>\n<li>IdP downtime &#8211; have introduced a single point of failure <\/li>\n<\/ul>\n<p><strong>Secondly Francis Lowry from Nottingham Trent University<\/strong><\/p>\n<p>NTU approx 25,000 FTEs across 3 campuses<\/p>\n<ul>\n<li>NTU was a early adopter of Shibboleth &#8211; in 2005 <\/li>\n<li>Shibboleth &#8216;just worked&#8217; &#8211; it has been very stable <\/li>\n<li>Currently on Shib 1.3, going to upgrade to 2.0 in Summer 2010 <\/li>\n<li>Shibboleth not a panacea &#8211; managing expectations was a big issue &#8211; e.g. Shib is not a SSO solution <\/li>\n<\/ul>\n<p>Now Richard Cross takes up the story from the library side:<\/p>\n<ul>\n<li>NTU Library do not talk about &#8216;Shibboleth&#8217; &#8211; may describe the benefits of FAM, but talk about &#8216;NTU username and password&#8217; <\/li>\n<li>Personalisation features &#8211; issue of migrating from personal settings on remote resources being linked to Athens PUIDs &#8211; and needed to migrate to linking to Shibboleth IDs <\/li>\n<li>Some resources ended up losing personalisation features <\/li>\n<li>Communication with colleagues etc. key <\/li>\n<li>Switchover remarkably smooth <\/li>\n<li>Customers appeared to find the process quite intuitive <\/li>\n<li>No permanent loss of off-campus access to any significant resources <\/li>\n<\/ul>\n<p>Richard mentions the <a href=\"http:\/\/sites.google.com\/site\/publisherinterfacestudy\/\">JISC Publisher Interface Study<\/a> &#8211; incredible inconsistency in how service providers implement and talk about authentication &#8211; this needs to change. WAYFLess URLs over engineered, inconsistent syntax &#8211; real problem. Particularly OpenURL resolvers need to work with WAYFless URLs<\/p>\n<ul>\n<li>Lack of utilities toolkit &#8211; reduced usage data <\/li>\n<li>No &#8216;admin interface&#8217;, no reporting functionality, no troubleshooting tools <\/li>\n<li>Reduced statistics (even at basic level) to previously (when using traditional Athens authentication) <\/li>\n<\/ul>\n<p>Customer experience?<\/p>\n<ul>\n<li>May well remain unimpressed by the delivery of &#8216;mostly single&#8217; sign-on (but terms and conditions apply) <\/li>\n<li>Potential remains for customer confusion about how libraries manage the authentication exceptions <\/li>\n<li>WAYFless URLs only work when the user accesses resources via the library &#8211; which is not how many people approach resources &#8211; coming in from Google and other resources <\/li>\n<\/ul>\n<p>Don&#8217;t expect to be thanked for successful Shibboleth implementation &#8211; it is just seen as &#8216;business as usual&#8217;<\/p>\n<p>Closing thoughts (from Francis):<\/p>\n<ul>\n<li>Shibboleth is not just as a replacement for Athens Authentication &#8211; opportunity for closer more collaborative working across institutions <\/li>\n<li>Vision for Shibboleth is more shared resources and services\n<ul>\n<li>Shared learning environments and resources <\/li>\n<li>NTU CV Builder <\/li>\n<li>Single framework for access to all university and externally provided services <\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>NTU essentially embraced Shibboleth as a framework for authentication and authorisation across the board &#8211; all products they now tender for need to support SAML or similar&#8230;<\/p>\n<div style=\"padding-bottom: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; float: none; padding-top: 0px\" id=\"scid:0767317B-992E-4b12-91E0-4F059A8CECA8:7d2ec14f-f878-4791-8f7c-3efadc1a7448\" class=\"wlWriterEditableSmartContent\">IceRocket Tags: <a href=\"http:\/\/blogs.icerocket.com\/search?q=fam09\" rel=\"tag\">fam09<\/a><\/div>\n","protected":false},"excerpt":{"rendered":"<p>A three part presentation &#8211; first up Sarah Pearson from the University of Birmingham on their experience: Authentication overview: Mixture of Shibboleth, IP and username\/password authentication EZProxy used for off-campus (recently implemented) SSO to Metalib (federated search), Shibboleth and EZProxy Extra sign-on needed between Portal, WebCT and Metalib Authentication &#8211; setup, maintenance and troubleshooting &#8211; [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[37],"class_list":["post-603","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-fam09"],"_links":{"self":[{"href":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/wp-json\/wp\/v2\/posts\/603","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/wp-json\/wp\/v2\/comments?post=603"}],"version-history":[{"count":2,"href":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/wp-json\/wp\/v2\/posts\/603\/revisions"}],"predecessor-version":[{"id":615,"href":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/wp-json\/wp\/v2\/posts\/603\/revisions\/615"}],"wp:attachment":[{"href":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/wp-json\/wp\/v2\/media?parent=603"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/wp-json\/wp\/v2\/categories?post=603"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/wp-json\/wp\/v2\/tags?post=603"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}