InC-Library Phase 1 Summary
Why should I implement the Shibboleth-enabled Rewrite Proxy?
Enabling Shibboleth authentication for the rewrite proxy has a number of immediate advantages
Benefits to users
- Single password for campus and proxy access
- No user-side configuration needed - this is a great benefit particularly in lockdown environments
Benefits to librarians
- Reduced cost of support from user side configuration and lost passwords
Benefit to library administration
- The rewrite proxy provides a source of central usage statistics ("foot traffic") that can be used independently or in conjunction with vendor-provided usage statistics.
Why should I provide access to Shibboleth-enabled vendors with the Rewrite Proxy?
Taking the first step of enabling Shibboleth for the rewrite proxy solves a number of problems with providing remote access to resources, but accessing individual vendors with Shibboleth provides additional functionality and decreased support and maintenance costs
Benefits to users
- Single password for campus service and proxy access
- No user-side configuration needed
- Integration with personalized vendor functionality - in addition to a single password for remote access, they can use the same password to access their personalized features on the vendor site
Benefits to librarians
- Reduced cost of support
- Less IP and proxy maintenance with 80% case - by providing Shibboleth access to high-traffic resources, libraries can route all traffic through the local proxy, reducing the need to maintain large IP lists with the vendor.
- Permits a gradual rollout of Shib-enabled resources while keeping user experience consistent
Benefits to vendors
- Authoritative validation
- Easier breach investigation
- No maintenance of password information
Benefit to library administration
- Central usage statistics ("foot traffic") - depending on your data collection and privacy policies, the proxy proivdes a central foot traffic log, as does Shibboleth. In addition, Shibboleth can provide additional data to permit summarizing access information by demographics and attributes.
If I have a Shib-enabled rewrite proxy, why access resources through Shib?
- Don't have to maintain IP's with Shib resources
- If 80 percent of cases handled through Shib, possible to route the rest of the functionality through a router, effectively eliminating the need for IP maintenance
Benefits to users:
- In addition to a single password for remote access now a single password to also access their personalized features
Benefits to our librarians
- By using shibboleth for the high traffic resources, can route all traffic through local proxy, reducing the need to maintain large IP lists with the vendor.
- SSO enabled proxy allows for gradual integration of Shibboleth-enabled resources with a minimum of impact to the user
Benefits to Vendors
- Authoritative validation
- Being able to more quickly identify and resolve breach issues
- No maintenance of passwords by the vendor
Benefit to library administration
- Depending on your data collection and privacy policies, the proxy provides a central foot traffic log, as does Shibboleth. In addition, Shibboleth can provide additional data to permit summarizing demographic information.
Basic Use Cases
- Connecting from known URL (library)
- Connecting from unknown URL (Google scholar, email link)
- Moving between resources
- Using federated search
Basic Use Cases - Configuration
- Walk-in user on library public machine
- Known user on a library public machine
- Known user on campus-assigned machine
- Known user on off-campus personal machine
- Known user on off-campus lockdown machine
Licensing configuration scenarios
- Restricted to subset of authorized users
- Restricted to subset of locations
Current issues and barriers to adoption
- Implementing at campuses
- Communication with IT
- Available technological expertise/technical overhead
- Streamlining activation process
- SP membership in federation
- SP functionality
- Consistency - implementations vary widely among vendors. User experience needs to be consistent and intuitive
- Process
- Seamlessness of hybrid situation
- Shibboleth functionality
Recommendation for Focusing Efforts
- Identify popular resources (i.e. 15-18 vendors represent 80 percent of traffic)
- Shib-enabled?
- InCommon participant? Provide info and use cases
- Developing best practices for content providers
- Support for the unique identifier for personalized functionality
- Implementation consistency
- WAYF appearance
- Login easily visible
- WAYF-less interface
- Learn from UK Federation