23:3 (2008:09) 23rd Conference (2008): Tactics Session: Simplifying Licensed Resources Access Through ShibbolethAugust 27, 2008 at 11:17 pm | Posted in Tactics Sessions | Leave a comment
Simplifying Licensed Resource Access Through Shibboleth
Holly Eggleston, University of California, San Diego
Reported by Virginia A. Rumph
Holly Eggleston began by reviewing our current dilemma with electronic resources. Libraries have been providing access to licensed electronic resources for at least ten years, but as more resources are provided the expenditure of time, effort, and money to troubleshoot and maintain access has grown out of control. Maintaining lists of IP ranges with vendors and managing remote access are two of the biggest headaches. Problems with remote IP access include the need for patrons to configure their machines, and remember multiple passwords, as well as the maintenance of an IP list by the library and its vendors. In an ideal world there would be integrated access regardless of location, a consistent user experience, reduced maintenance overhead, and reliable authentication for vendors. How do we get there?
The InCommon Library/Shibboleth Project was created in 2007 as a multi-institutional effort exploring the use of single sign-on access to library resources using Shibboleth and rewrite proxies. Eggleston defined Shibboleth as an open source standards-based web single sign-on package. Shibboleth leverages local identity management systems, enables access to campus and external applications, protects users’ privacy, helps service partners, and plays well with others. Internal campus resources, internal library resources, and external resources can all be accessed through Shibboleth. However, library concerns with Shibboleth are communication with campus IT, privacy, walk-in users who do not have single sign-on accounts and library patron database integration. In addition, not all resources will use it and an IP is still needed for some resources.
Rewrite proxies such as EZproxy are a library-implemented solution to provide off-campus access to electronic resources inexpensively. No user configuration is needed and it can be enabled for single sign-on authentication. There are many benefits of using Shibboleth and rewrite proxies. The user only needs a single password for on-campus and remote access, and gets personalization while maintaining privacy. Librarians benefit from being able to manage IPs locally and reduce support costs. The library administration gets central usage statistics, namely, foot traffic.
UCSD implemented Shibboleth in 2005 enabling campus services such as financial, employee, and blogs; piloting electronic resources access; and investigating ILS managed services, such as ILL, and account management. What can others do? For those who have not implemented Shibboleth, consider a small-scale pilot project to Shibboleth-enable selected campus resources; for those with Shibboleth, shib-enable your proxy. Create a pilot with existing Shibboleth information providers and communicate interest in single sign-on with vendors. What are the next steps? Recommend best practices and solutions to common use cases, conduct pilots to validate approaches, encourage adoption of Shibboleth by U.S. institutions, partner with others abroad, and enable community information sharing.