inc-librsvcs - Draft Minutes -- InC-Library Services -- 02-Nov-2007
Subject: InCommon Library Services
List archive
- From: Dean Woodbeck <>
- To:
- Subject: Draft Minutes -- InC-Library Services -- 02-Nov-2007
- Date: Sat, 03 Nov 2007 06:54:33 -0400
|
Please send any
corrections to Dean Woodbeck () Minutes from past meetings are available on the wiki: https://spaces.internet2.edu/display/inclibrary/Home InCommon Library Services Working Group Draft Minutes November 2, 2007 Steven Carmody, Brown University (chair) Janis Mathewson, Penn State University Becky Albitz, Penn State University Renee Shuey, Penn State University Tom Barton, University of Chicago Declan Fleming, University of California-San Diego Gabe Lawrence, University of California-San Diego Holly Eggleston, University of California-San Diego Dave Kennedy, University of Maryland R.L. “Bob” Morgan, Adam Chandler, Cornell University Ann West, EDUCAUSE/Internet2 Dean Woodbeck, Internet2 (scribe) **Presentations and Demonstrations** Holly Eggleston has placed a copy of her Internet2 Member Meeting presentation on the wiki, along with a pointer to the Webcast of the I2 session: https://spaces.internet2.edu/display/inclibrary/Home **Mod-Auth-Location** Steven Carmody reported a number of requests for a live demonstration using the mod-auth-location code as it relates to walk-up patrons at a library, providing the option of logging in as a guest or using university credentials. At this point, however, there is no demo. Steve sent code to the list showing how mod-auth-location would work. There was a general conversation about the uses for mod-auth-location. It could be configured so that a walk-up library patron would automatically be logged in as a guest – the user wouldn’t have to click on anything. There is also an option to have a page, or pages, pop up, depending on where the patron is going. The auth-location-permit-anonymous directive has an optional parameter that would provide a path to the page you want to pop up. There could be unique page pop-ups for different applications accessed from the same IP address. This may be useful in the case where different libraries on campus – say a business, law or medical library – wants to brand pages in a different way than the main campus library. Mod-auth-location is one potential solution for library walk-up patrons. This working group has also discussed the combination of EZProxy and Shibboleth as another potential solution, depending on the local situation. Steven Carmody mentioned that he would like this working group to address these situations. Specifically, how can we help campuses and libraries determine the best approach for their situation? It may be wrapping mod-auth-location around the Shibboleth IdP or it may be shibbolizing EZProxy. The working group had an extensive discussion about how to present a log-in page at a public terminal. One concern centered on the persistence of a session. Using the mod-auth-location approach, for example, someone who does not log-in, or logs in as a guest, cannot change that selection without leaving their session. If someone uses EBSCO as a guest, then goes to the interlibrary loan system and needs to log-in, there is no way to override the original selection. One solution is to design a front page that encourages those with university credentials to log-in as themselves and not as a guest. While some users may still sign-in as a guest and have to exit their session to log-in with credentials, the vast majority of people would choose the correct option the first time. This solution would not be viable for a library that does not present a log-in page, but automatically logs-in a user as a guest. If a library continues to use location-based access, as opposed to sign-on access, the mod-auth-location use-case is not an alternative. With Shib 2.0 and some development work, it may be possible to have “guest” as the default, but have the ability to sign-in later, if forced to do so by a resource provider. Another discussion point concerned on setting cookies that expire after a few seconds. Under this scenario, each time a guest accessed a different resource, that person would need to again choose to continue as a guest or to present credentials. In general, the group felt this may become overly complicated and degrade the user experience. The working group came back to the overall goal: to develop value propositions that demonstrate how Shibboleth can be successful and viable in the library environment. **Updates** The The University of California – San Diego has EZProxy in a sandbox right now and will begin discussions next week about shibbolizing that resource. The Cornell has a production Shib server established for identity management and is testing with EBSCO, JStore, Elsevier and OCLC. They are also working on shibbolizing Iliad, which is an ongoing discussion with Atlas. The plan is for Shib/Iliad to be in production in January. Dave Kennedy mentioned that he has a document on his web site concerning Iliad and Shib and will send the link to Adam Chandler (Cornell). The latest EZProxy version is still in beta; release is expected in November. **Shibboleth and EZProxy** There was discussion about the value of shibbolizing EZProxy, as opposed to using EZProxy in conjunction with location-based authentication. Some campuses with EZProxy and an SSO already established might not see the value of moving to Shibboleth. One major benefit is the finer granularity available by using attributes. Some medical libraries, business libraries and law libraries have complicated access issues that can be easily solved with user attributes. **Best Practices/Journal Article** There was discussion about the possibility of developing an article for a library journal comparing and contrasting this group’s experiences. The consensus was that this should be done, but may be premature until there is more production-level experience. **Next call – Friday, November 16, 1:00 p.m. (EST)**
|
- Draft Minutes -- InC-Library Services -- 02-Nov-2007, Dean Woodbeck, 11/03/2007
Archive powered by MHonArc 2.6.16.