This subtasks deals with the pilots for Libraries.
By delivering an integrated AAI framework, AARC will improve access to digital libraries (represented by LIBER and MKZ). We started several pilots to address the needs and problems faced by libraries and library consortia.
The use cases
- To date, many library resources like journals and tools are not accessible with an institutional account. To restrict access to such resources, libraries still rely on ip-address based access control
- Libraries need to maintain the correct ip-address ranges themselves but regard this approach as too labor intensive and inaccurate
- Users are confronted with inconsistent and confusing (if-this- than-that) user interfaces
- Often, citizen scientists are not affiliated with an institution and lack a verified institutional account to obtain access to restricted library sources. Most library consortia offer access for any user visiting the institutional library, so called walk-by users. This approach works well when dealing with content providers applying IP address based access. For providers supporting SAMLbased access only, a solution to service walk-by users is needed.
- In some countries libraries maintain a MESH based SAML federation parallel to national identity federations. This approach introduces a lot of complexity e.g. in terms of the number of interactions between IdPs and SPs that need to be maintained. A proxy model may reduce this complexity.
These use cases have been translated to requirements and have been described in the Deliverable "DJRA1.1:Analysis of user community and service provider requirements"
Page 30 of this document provides a dedicated description of the issues librarians currently face with regard to federated identity management. Requirements R1, R2, R5, R7, R_P_1, R_P_4 and R_P_6 (see page 33 and onwards) are applicable to libraries and have been guiding our work in this pilot.
Proposed and piloted solutions to address these issues
- We established a pilot proxy to be used by libraries to give access to restricted content no matter whether the (content) provider supports SAML or not. This approach is not new and offered as a solution called EZ-proxy but apparently many libraries are not aware of its existence or are not aware of the fact that it can be used to bridge SAML to IP
- By adding functionality to handle access requests from walk-in users (citizen scientists) we can kill two birds with one stone
- To address the many to many SAML interactions topic some library consortia are dealing with, we piloted the suitability of an IdP/SP proxy solution. With this approach we aim te reduce complexity and at the same time provide a way to "brand" the access gateways which may improve the perceived trust and usability of users who want to access library resources.
The current status of this work has been presented at the general AARC meeting in Utrecht in May 2016. See this Slide presentation for more details.AARC-SA1-Library-pilots-Utrecht MAY2016.pdf
Requirements | Components in Blue Print Architecture | Status and Results |
---|---|---|
Requirements R1, R2, R5, R7, R_P_1, R_P_4 and R_P_6 (see page 30 and 33 and onwards) | Status per June, 1st 2016 EZ proxy as Federated Access Mode Switch - Guide for Libraries |
A more detailed description of the first part of the pilot (SAML-IPaddress bridge) is available here: EZ proxy as Federated Access Mode Switch - Guide for Libraries
A description of the work that concerns the walk-in user topic is available here.
Status per June 1st 2016
- wrap up findings and results
- demo environment for the community in preperation
- ask for feedback from libraries (at least 3 library consortia)
We aim to finalise this topic before the end of June.