InC-Lib-Vendor

[David Kennedy <>]

Spencer,

Thank you for your response, and for
helping our group in our efforts.

The "session initiator" is
certainly ideal from my perspective.

When you say that the user is remembered
is this done through cookies that span web sessions?

Dave

-----
David Kennedy
Systems Programmer
Perkins Library, Duke University
(919) 613-6831


Spencer Thomas <> wrote
on 07/30/2009 05:04:24 PM:

> From:
> 
> Spencer Thomas <>
> 
> To:
> 
> David Kennedy <>
> 
> Cc:
> 
> Ronald Snyder <>, inc-lib-
> , 
> 
> Date:
> 
> 07/30/2009 05:15 PM
> 
> Subject:
> 
> [InC-Lib-Vendor] Re: JSTOR and InCommon Library Services Collaboration
> 
> My answers are inline, below.
> 
> David Kennedy wrote:
> I am writing you on behalf of the InCommon Library
Services Collaboration. 
> 
> We represent a group of research libraries who are working to expand
> the use of Shibboleth among members of the InCommon federation. As
> part of that effort, we are gathering information from vendors about
> how they have implemented Shibboleth. By making this information 
> more accessible, we hope to make it easier for libraries to use the
> technology. We also would like to help develop common practices 
> among vendors that would simplify the implementation process for 
> everyone involved and make Shibboleth an attractive option for users.
> 
> We think that expanding the use of Shibboleth will help you in various
ways: 
> 
>    1. Provide a more secure means of access than IP authentication.
>    2. Provide better tools for identifying who is responsible
when 
> breaches occur. 
>    3. Make it possible for users to take advantage of personalized
> features on a site without requiring them to open a local account
> maintained by the vendor. 
>    4. Help to start moving away from IP-based authentication
and the
> overhead it requires. 
> We ask that you answer the following questions,
as they relate to 
> your products and services: 
> 
>    1. What are the minimum attributes you require from an
Identity 
> Provider for basic Shibboleth authentication? 
> We require the eduPersonEntitlement attribute
with a value of 
> urn:mace:dir:entitlement:common-lib-terms 
>    2. What additional services, if
any, do you provide through 
> Shibboleth beyond basic login, for example, personalization. If you
> do provide additional services, what is required to enable them? 
> Nothing additional at this point.  
>    3. Do you support "WAYFless"
access, that is, access that does 
> not require a user to identify where they are from in order to reach
> his or her local authentication system? 
> Only through the use of a "session initiator"
URL that bypasses our 
> built-in "WAYF" page by specifying the identity provider
as part of 
> the URL.  Once a user has successfully logged in with Shibboleth,
> their institution is remembered, and the institution name is 
> presented as a link at the top of the "WAYF", so that they
can just 
> click on it to authenticate with their IdP.
>    4. Do you support direct Shibboleth-authenticated
links to resources? 
> Yes.
>    5. Who should libraries contact
if they want to set up Shibboleth
> access to your site or if they have questions or problems? 

> 
> -- 
> Spencer Thomas
> Lead Software Developer, JSTOR
> 
> +1-734-887-7004
> JSTOR is a not-for-profit organization helping
the scholarly 
> community take advantage of advances in technology. Our initial 
> effort -- building trusted digital archives for scholarship -- 
> provides for the long-term preservation and access of leading 
> academic journals and scholarly literature from around the world.
> Our work is supported by libraries, scholarly societies, publishers,
> and foundations.