| The MONK Project provides access to a large corpus of digitized texts for faculty, staff and students of CIC institutions. All CIC institutions have become InCommon members, so each CIC campus Shib IdP can provide access to MONK's Shibbed online system.
This document is the introduction to the terms of service sent to the CIC member institution librarians. _______________________ Begin forwarded message: From: "Michael A. Grady" <>
Date: January 12, 2010 11:40:50 CST
To:
Subject: Fwd: Arranging for access to the MONK tools for your campus
Reply-To: "Michael A. Grady" <>
FYI, I just sent the following note to the mailing list that was created for the Library representatives identified to be "local champions/advocates" for MONK. Begin forwarded message: From: "Michael A. Grady" <>
Date: January 12, 2010 11:13:07 AM CST
To:
Subject: Arranging for access to the MONK tools for your campus
I understand that there has been some confusion about exactly what you are being asked to do as far as helping to arrange for access to the MONK tools for your campus, and exactly what needs to happen to do so. I'd like to at least try to start clearing up that confusion, and also see if this group would find it useful to have a phone call conference with me to answer any and all questions.
Access to the CIC-targeted MONK service is being controlled through the use of Shibboleth. MONK has been configured to allow any current faculty, staff or student at any of the CIC institutions to be allowed access to the CIC Monk service. So, in order for MONK to make an appropriate authorization decision, it needs to know if the "person on the other end" is indeed faculty, staff or student at one of the CIC institutions. And, in order to properly manage user support and access to the MONK tools, MONK needs the user's name and email address in addition to knowing that the person is currently affiliated with one of the CIC schools.
But it is very important to understand that Shibboleth delivers this information when and ONLY when a specific user tries to access the CIC MONK service, and only at the moment they try to access it. Yes, the MONK Workbench tools will create a "local account" on the MONK server, linked to the user's federated identity, the first time a given user accesses the MONK Workbench tools, but that "local account" creation will occur dynamically -- only when a given user accesses the Workbench for the first time. There is absolutely no need for a "data dump" from each campus that identifies their eligible individuals to use MONK -- avoiding things like that is exactly one reason why Shibboleth was created in the first place.
So, to reiterate, the only way MONK wants to get information on a user is if that user:
- actually chooses to try and get into the CIC MONK service
- at the moment they do so
- and only thru the mechanism of Shibboleth passing these attributes as part of their authentication
- and only after they have been given the opportunity to view the "Terms, Conditions And Privacy Policy" for the MONK service
So what exactly ARE we asking you to do? We are asking that you work with your local CIC Identity Management (IdM) representatives, the folks on your campus who are in charge of your Shibboleth Identity Provider (IdP) service, to arrange for your Shibboleth IdP to be configured to allow release of the necessary attributes to the MONK service. And the reason we need your involvement is that, at least at most of our campuses, the folks actually running the Shib service that need to make the configuration change are NOT authorized to do so unless someone convinces the "data owners" on your campus to allow it. Those "data owners" typically being offices like your HR office and your Registrar's office. Those data owners will typically ask:
- "who on our campus would want to use this service and why"
- how will any information released to this service be used, protected and will it be kept private?
And the IdM folks on your campus need your involvement to answer at least that first question for the data owners. We hope the second question can be answered in a satisfactory way for the "data owners" by making them aware of the following MONK page (that will be made known to every user at least the first time they access MONK, and always be available for perusal):
https://monk.library.illinois.edu/cic/public/terms/index.html
detailing the Terms, Conditions And Privacy Policy under which the CIC-targeted MONK service is being operated by the University of Illinois Library.
My plan is to follow up this note with an email message sent to each "set of campus representatives", the specific IdM reps and Library rep for each campus, basically re-iterating what we/MONK are asking for and the specific attributes we are asking for, and asking you to work together to get permission on your campus for your local Shib IdP to be configured to release those attributes.
Again, if this group thinks that a quick conference call might help to make everything clearer for everyone, I'd be happy to ask the CIC staff to arrange such for us.
p.s. Illinois and Iowa are already set for MONK, so nothing more needs to be done regarding Shib IdP configuration at those institutions.
--
Michael A. Grady
Executive Program Officer for Cyberinfrastructure
Office of the CIO, University of Illinois at Urbana-Champaign
2222 DCL, MC 256, 1304 W. Springfield Ave., Urbana, IL 61801
217.244.1253 phone, 217.244.4780 fax
-- Michael A. Grady Executive Program Officer for Cyberinfrastructure Office of the CIO, University of Illinois at Urbana-Champaign 2222 DCL, MC 256, 1304 W. Springfield Ave., Urbana, IL 61801 217.244.1253 phone, 217.244.4780 fax
|
