The InCommon Library Collaboration has released its recommendation for libraries that wish to move away from IP-based access to protected resources and have more fine-grain control of access. The collaboration has recommended a Shibboleth/EZproxy hybrid and has developed a number of resources for libraries to use to explore this option.
Several college and university library IT professionals formed the InCommon Library collaboration to explore methods for fine-grain control of access to licensed resources, leveraging the campus identity management system while accommodating a wide variety of users.
One goal was to move away from IP-address-based authentication. The collaboration tested and recommended a hybrid of Shibboleth (a single sign-on solution for accessing on-campus and off-campus resources) and EZproxy (widely deployed among libraries).
The group also developed best practices, a registry of resources, and organized a method for encouraging library resource providers to join InCommon, adding value for adopting the Shibboleth/EZproxy hybrid solution.
Why the Shibboleth/EZproxy Hybrid?
Libraries face special situations in making online resources available.
- The catalog may be open to all who enter the building.
- Specialized databases may be open to anyone physically in the library.
- Databases may be open to those with university credentials regardless of their physical location.
- Some resources may be open only to students and faculty in a certain field (such as the law school or medical school).
EZproxy is widely used to provide access to off-campus resources. Shibboleth leverages the main campus identity management system, protects user privacy and data security, and provides fine-grained access control.
The collaboration group has collected its resources at the InCommon website, including an overview, documentation for implementing the hybrid, an archived webinar, and presentations.