InCommon Library Services

[Dean Woodbeck <>]

Please send any corrections/clarifications to Dean (). There is one suggestion for clarifying the EBSCO discussion -- I'll send that to the list when it is resolved.


InCommon Library Services Working Group
Draft Minutes
April 4, 2008
 
**Attending**
 
Holly Eggleston, University of California-San Diego (acting chair)
Steven Carmody, Brown University
Adam Chandler, Cornell University
Laura Wruble, University of Maryland
Janis Mathewson, Penn State University
Tom Barton, University of Chicago
R.L. “Bob” Morgan, University of Washington
Dean Woodbeck, Internet2 (scribe)
 
**Action Items**
 
[AI] Holly Eggleston will contact Alan Darnell
 
[AI] Holly Eggleston/Dean Woodbeck will work on creating public space in the wiki to post available resources
 
[AI] Tom Barton/Dean Woodbeck will work on writing up Chicago's transition plan/policies as they Shibbolize resources.
 
[AI] Steven Carmody will have these conversations with EBSCO: 1) making the Shib login as part of their main front door, and 2) support for the opaque identifier.
 
**OCLC/EZProxy Update**
 
Steven Carmody spoke to Don Hemparian from OCL concerning their plans since their purchase of EZProxy. OCLC made the purchase to provide stability and support EZProxy as use continues to grow. Steven invited Don to join a future call.
 
OCLC has released version 5.0 of EZProxy. The consensus on the call was “wait and see;” no one is upgrading at this point.
 
**Campus Project Reports**
 
Holly Eggleston summarized the email campus progress report responses. She has created a matrix showing which resource providers and campuses are working together and are Shibbolized. The summary will be placed on the wiki and Holly invited comments about the accuracy of the information and about the format.
 
**Presentations**
 
There is an interest in having public pages on the wiki, where presentations and other materials could be posted. Holly and Dean will work on this.
 
The NASIG meeting is coming up in June.
 
**Barriers to Implementation**
 
The working group reviewed some of the barriers to implementation that have been identified during these calls and during presentations. One approach would be to take issues from each campus and determine whether or not they are solvable. This may provide resolution of some of these issues, one way or another.
 
1. Sending opaque persistent identifiers (and other release attributes) to an SP for each user that could be used by the SP to support personalization, saved searches, etc. (Chicago, Penn State, UCSD)

Chicago provides the user with an opportunity to approve or deny the release of attributes. The user cannot choose which attributes will be released. That is probably worth thinking about, because it will
 
Steven Carmody reported that Elsivier Science Direct supports opaque identifiers in their  current 1.3 implementation, using the EduPersonTargetedID attribute.
 
A question arose – if the technology is there to support the opaque identifier, what is stopping the implementation? Is it vendor adoption? Waiting for the release of Shib 2.0?
 
Steve mentioned that many vendors have expressed strong interest in this and a growing number of campuses are also interested. Many campuses, during their initial roll-out of Shibboleth, did not set this as a priority. However, it may make sense to begin talking to campuses and vendors, particularly with those who may be upgrading to Shib 2.0.
 
One issue on the campus side is ensuring that there is a permanent identifier for the user. Not everyone does this. 

2. Allowing machines connected directly to the campus network to access a provider without requiring the user to login (Penn State). Is this solved by mod_auth_location for Shibboleth and/or IP bypass on EZProxy?

Some campuses are using a feature in EZProxy’s SSO configuration. If a user already has an SSO session running, EZProxy will skip the log-in request. EZProxy can also be configured to recognize the campus IP address range and not prompt for a log-in from a user within that IP address range. However, users wishing to access a resource protected by Shibboleth will have to log in. This will likely become more commonplace as more vendors support the Shibboleth approach to personalization.
 
At the University of Washington, mod-auth-location is used only at library walk-up terminals.
 
R. L. “Bob” Morgan reported that Shib 2.0 has a more user-friendly approach to log-ins. Rather than asking people to log in, Shib checks to see if they are already logged in. If a user has an SSO session open (having already logged in, say, to a portal or email), they will not be asked to log in again.
 
This led to a discussion about whether an SP could force a log-in prompt, even if a user is already logged in to another resource. Shib 2.0 has a feature that allows an SP to ignore an SSO session and force a log-in.

3. Allowing walk-in users to continue to use public terminals in the library without requiring these users to login (perhaps through mod_auth_location).
 

Holly asked whether there is interest from any campuses in running a piot using the walk-in user scenario using mod_auth_location. There were no volunteers on the call, but Tom Barton said he believes the need for such a solution will become inevitable. Chicago has just started to work with EBSCO and, at some point, will want the company to sop using IP addresses.

4. Hybrid environment requires maintaining full range of IP addresses with vendor (UCSD, Maryland)

There was a general discussion of the challenges of maintaining a hybrid environment, in which a campus continues to maintain IP address lists with vendors while implementing Shibboleth with some resources. Are there ways to reduce the operational overhead for IP maintenance internally?
 
Some campuses, Chicago for example, pass everything through EZProxy, so they have the option of working with vendors who need IP addreses or vendors who use Shibboleth. At this point, everything  -- on- or off-campus -- goes through EZProxy.
 
Steven suggested it would be useful for campuses to write down transition plans/policies concerning these hybrid situations. It may be useful to the broader community to see how people have navigated through this maze of questions Tom mentioned that Chicago is going through this as they Shibbolize EBSCO. These could be shared on the public space on the wiki. Tom Barton and Dean Woodbeck will discuss reporting on Chicago’s experience/plans.

 
**Desirable Shib Functionalities**
 
1. Easy/automatic access to the shibboleth login page from public web interface such as Google. (Cornell). Could this also be a vendor feature, easily providing the Shibboleth login option from their landing pages?

Where the Shib login is located on vendor sites has a lot to do with their implementation sequence. Many use Shib outside of their main front door while they test and evaluate. As they gain more experience, they begin to integrate the Shib login with their main front door. Steven Carmody will discuss this concept, and that of the use of an opaque identifier, with EBSCO.
 
Adam Chandler discussed a use-case that would be valuable for Cornell. If there is a link in a citation list (like Refworks) to a particular item within a full-text journal collections, the link should work whether it is placed into a course management system, passed to a colleague or accessed from home. This would require giving the user the option of logging in through Shibboleth.
 
There was also a discussion about how the working group might facilitate the presenting of such use-cases to vendors for implementation in their Shib production.

 
5. Integrating with existing tools (SFX)
            a. For shibboleth resources in general
            b. To test a dual pilot/production scenario (UCSD)

Laura reported that Maryland uses SFX and all SFX links go through EZProxy.

6. Compatibility in a shared consortial environment with shared tools (catalog, SFX, etc) (UCSD)

Holly reported that, for example, some UC campuses use EZProxy and others do not. If a campus decides to use only Shibboleth, will this have any impact on accessing shared resources available through the UC system or from other UC campuses? Could you still use SFX or other link-resolver software.
 
While there was no answer to this question, Steven suggested developing a grid with a list of vendors and campuses, contact information, and the features each supports (for example, do they support Shib-enabled access and deep links?).

 
**Next call – Friday, April 18, 1:00 p.m. (EST)**