Defining Use Cases for Federating Library Services

[Dean Woodbeck <>]

Here are my notes from today's use case subgroup meeting, combined with the 
wiki changes that Thomas was making along the way.

--Dean


InC-Library Use Case Subgroup
Notes – May 29, 2009

----------
**Attending**

Thomas Howell, Northwestern (chair)
Steve Carmody, Brown University
Andy Dale, OCLC
Lynn Garrison, Penn State
Paul Hill, MIT
Tim Mori, North Carolina State University
Rich Wenger, MIT
Heather Townes White, University of Saskatchewan
Dean Woodbeck, Internet2

----------
**Discussion**

Use Case subgroup wiki:
https://spaces.internet2.edu/display/inclibrary/Use+Case+Subgroup

Andy Dale – will be writing up user profiles and place on the wiki (in 
Category 5)

Rich Wenger – Meeting next week with licensing people. He will have a clearer 
definition of use cases and will post those to the wiki (in Category 6)

Paul Hill has added extensive discussions from the MACE-Dir mailing list from 
awhile ago:
https://spaces.internet2.edu/display/inclibrary/MACE-Dir+discussion+extracts

Paul has also added the initial email sent to the walk-in subgroup:
https://spaces.internet2.edu/display/inclibrary/walk-in+initial+thoughts+4-29-09

Steve Carmody has notes from the initial walk-in call and will post to the 
wiki (Cateogry 1, walk-in page)

----------
**Other Use Cases**

A user tried to authenticate with something like OpenID? Exampel: A visiting 
HS student is in the patron database and has access to some things, but not 
others.

MIT – Library looking to affiliate with various quasi-formal groups outside 
of MIT. Some people may authN through OpenID or InCommon and MIT needs to 
make some fairly granular decisions as to who can get to what, depending on 
licenses.

A visiting scholar wants access to materials at their host institution, but 
they are authenticating with the credentials from their their home 
institution.

Can Shibboleth handle a case in which the library has an IdP separate from 
the campus IdP?

----------
A number of other potential use cases were discussed. Most are now listed 
under Category 7 and Category 8 on the wiki:

Category 7: Abstracted Library Authentication and Authorization Models
• We have mediating authentication/authorization application
• We have individual staff/back office access versus individual 
user/client/patron access
• Differentiated experiences for two groups of users because their grouping 
information/attributes have been exposed.
• Non-differentiated experiences for two groups because their grouping 
information/attributes have been hidden.

Category 8: Uncategorized Cases
• On-phone or in-person user verification -- Phone in problems to library 
staff and needs help with access or an action like putting a book on hold and 
the librarian wants to verification.
• User goes to external service (abstracts), does a search, finds a useful 
open link hit, goes back to campus, goes directly to the referenced article. 
Do this from home to a Shib-enabled resource.
• Circe Dynex: Shib-enabling a java app.
• Replacing existing Java applications which store user password tables in 
the clear (either DB or in file on the file system)
• Shib-enable staff access in addition to patron users
• Instructor wants to add a deep link to a course in an LMS system and we 
want the link to work no matter where the user happens to be. The link has to 
be durable from year to year.
• Blackboard
• An instructor chooses a list of books in the OPAC and then wants them to be 
automatically pushed into the eShelf of students so that they can view them 
while inside the LMS.
• Federated Search which returns results that a user is allowed to view.
• Federated Search which returns results that are based on facets related to 
a group (or other Shib attribute)
• Refworks
• Two separate federations accessing the same SP
• Two separate Shib-enabled IDs, ie. I have campus credentials and I also 
have an account with some other organization, like the ALA or ACM
• How to link two identities (i.e. – a user has credentials from two 
different IdPs. Can the access that each identity provides be cumulative?)

Additional questions:
• Primary and tertiary sets of attributes
• uApprove (developed by Swiss federation) – allows users to 
approve/disapprove attribute release
• How does a user know which sites should be properly accessible via Shib?
• How does a user know the state of their various cookies as associated with 
their ID?