InCommon Library Services

["Eggleston, Holly" <>]

1. Shib-enabled electronic resources:

- Primarily set up as proof of concept and use in testing the hybrid scenario 
at this point: JSTOR, ScienceDirect, although I'd like to expand this to 
include OCLC, Refworks, Ebsco and DRAM (see below)

- I realized when looking at the InCommon institution list that the 
Universities that have adopted shibboleth may also have shib-enabled 
resources (a good example of this is NYU and DRAM, which we started to 
configure.) Has there been a query of these institutions to get a list of 
their hosted commercial databases that may be shibbolized? Does shibboleth 
for these institutions include their university presses, or is that separate?

- I took a look at the JISC active/in process list and am really impressed - 
I think there were 50 recources I immediately identified as being ours. It 
will be great to start getting these vendors on InCommon.

2. Proxy server/remote access software used:

- Began configuration of EZProxy with configuration information from UC Santa 
Cruz. More information on UCSC's use of EZProxy can be found at 
http://library.ucsc.edu/services/oca/faq.html

- UCSD is also exploring possible use of the Cisco Web VPN, as this is used 
by selected other UC campuses. This may change our pilot configuration. We're 
meeting next week to discuss our current direction and status, although Im 
assuming that a lot of the scenario issues regarding web VPN will be similar 
to EZProxy.

3. Link resolver software used: None

We use SFX in production, but have not investigated how to get our SFX 
instances to work in a combination beta/production environment. Suggestions?

4. Shib-enabled library services enabled:

We established proof of concept with our local Digital Asset Management 
system and are testing Shib-enabled III functionality next week.

A. Is this pilot configuration being used by patrons (in a production or 
real-world beta capacity)?

Yes for direct shib access, no for hybrid configuration resource access. DAMS 
is currently limited to internal staff access, but is accessed beyond our 
pilot group.

B. What are your main unresolved issues with this configuration?

- We've identified a number of issues that need investigation for the 
electronic resource access scenario, but it's currently unknown how solvable 
or unsolvable these are. Right now many of my concerns revolve around SFX and 
how this will work with shib-enabled resources and in the hybrid environment, 
as well as simply how to get SFX to work for both pilot and production 
applications.

- I think the unique problem we bring to the table is how to play nice in a 
consortial/shared environment.

C. What additional Shibboleth functionality could make this better?

Although it's not solving a critical problem, I think the availability and 
implementation of EduPersonID will put shibboleth in-line with basic user 
expectations for user-level access.

D. What supplementary solutions could make this better?

Other than an SSO-enabled rewrite proxy that somehow manages to intercept all 
activity without installing anything locally or requiring access to a 
modified URL?

E. If you are using a different configuration for production, what are the 
outstanding issues with your current production system and do you think that 
shibboleth and the hybrid environment solution(s) proposed so far could 
resolve these issues?

- We are very interested in solving the "remote user with a lockdown machine" 
scenario (in our case, biomedical faculty at hospitals), and think that this 
is very much a usable solution - we'd like to actively pilot with this user 
group once we have a more robust configuration available.

- We're also interested in the application of the SSO proxy solution to 
restrict access to selected resources to affiliated users only. (We have very 
few resources that prohibit access by walk-in users, but those have a pretty 
high maintenance overhead.) 

- I'm also still holding out hope for the "locally managed IP" solution, but 
that's significantly farther down on my priority list. :>

Holly