David,
Sorry for my delay in responding. Please see the responses from
OCLC below.
1. What are the minimum attributes you require from an Identity Provider
for basic Shibboleth authentication?
OCLC requires the eduPersonEntitlement attribute to specify which
FirstSearch authorization to use. The entitlement string value to configure is
urn:mace:oclc.org:FirstSearchAuthorziation
2. What additional services, if any, do you provide through Shibboleth
beyond basic login, for example, personalization. If you do provide additional
services, what is required to enable them?
Just authentication.
3.
Do you support "WAYFless" access, that is, access that does not
require a user to identify where they are from in order to reach his or her
local authentication system?
No, but we have had multiple libraries request a
WAYFless URL. I am trying to obtain a status as to when this feature
may be supported.
4.
Do you support direct Shibboleth-authenticated links to resources?
I am still trying find out this information. Could you please
clarify what is meant by this question?
5.
Who should libraries contact if they want to set up Shibboleth access to your
site or if they have questions or problems?
Setup –
Support –
Technical resources will be consulted as necessary.
Jason
Zavar
Product Manager, EZproxy
OCLC, Online Computer Library Center, Inc.
6565 Kilgour Place -- MC431
Dublin, Ohio 43017
800-848-5878 ext. 5195
From: David Kennedy
[mailto:]
Sent: Thursday, July 09, 2009 9:34 AM
To: Hamparian,Don; Zavar,Jason; Shibboleth
Cc:
Subject: OCLC and InCommon Library Services Collaboration
Don, Jason, et
al.
I am writing
you on behalf of the InCommon Library Services Collaboration.
We represent a
group of research libraries who are working to expand the use of Shibboleth
among members of the InCommon federation. As part of that effort, we are
gathering information from vendors about how they have implemented Shibboleth.
By making this information more accessible, we hope to make it easier for
libraries to use the technology. We also would like to help develop common
practices among vendors that would simplify the implementation process for
everyone involved and make Shibboleth an attractive option for users.
We think that
expanding the use of Shibboleth will help you in various ways:
1.
Provide a more secure means of access than IP authentication.
2.
Provide better tools for identifying who is responsible when breaches occur.
3.
Make it possible for users to take advantage of personalized features on a site
without requiring them to open a local account maintained by the vendor.
4.
Help to start moving away from IP-based authentication and the overhead it
requires.
We ask that you
answer the following questions, as they relate to your products and services:
1.
What are the minimum attributes you require from an Identity Provider for basic
Shibboleth authentication?
2.
What additional services, if any, do you provide through Shibboleth beyond
basic login, for example, personalization. If you do provide additional
services, what is required to enable them?
3.
Do you support "WAYFless" access, that is, access that does not
require a user to identify where they are from in order to reach his or her
local authentication system?
4.
Do you support direct Shibboleth-authenticated links to resources?
5.
Who should libraries contact if they want to set up Shibboleth access to your
site or if they have questions or problems?
We appreciate
your willingness to help us in this effort.
David Kennedy,
Duke University
Adam Chandler,
Cornell University
Andy Ingham,
University of North Carolina, Chapel Hill
Jonathan
Lavigne, Stanford University
Kent Percival,
University of Guelph
Joy Veronneau,
Cornell University
Jason Zavar,
OCLC
Fred Zhang,
Michigan State University
Foster Zhang,
Johns Hopkins University
[please send
response email to ]
-----
David Kennedy
Systems Programmer
Perkins Library, Duke University
(919) 613-6831
