Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shibboleth: EBSCOhost implementation Lech Wojtowicz Director of Software Development EBSCO Publishing Access 2003 October 3, 2003.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Shibboleth: EBSCOhost implementation Lech Wojtowicz Director of Software Development EBSCO Publishing Access 2003 October 3, 2003."— Presentation transcript:

1 Shibboleth: EBSCOhost implementation Lech Wojtowicz Director of Software Development EBSCO Publishing Access 2003 October 3, 2003

2 Overview About EBSCO Publishing and EBSCOhost EBSCO’s involvement in Internet2 Current authentication methods Why Shibboleth Shibboleth implementation time-line EBSCOhost configuration Outstanding issues and future

3 About EBSCO Publishing Part of EBSCO Information Services Provide information and tools to access information online Primarily institutional market International customer base Began in 1986 with CD-ROMs and evolved to Web EBSCOhost at version 6.4, version 7.0 will release in Fall

4 About EBSCOhost Web based search and retrieval system Supporting :  50 full text databases  65 secondary databases  Links to 12,000 e-journals  Native interface and Z39.50 access Internet network access from:  UUnet  Genuity  Internet2 (Abilene Network)

5 About EBSCOhost, cont’d Multi-tiered system:  Windows 2000 with IIS on front lines  EBSCOhost is an ASP Web application, XML is an internal data format and protocol  Several supporting services: Email, Transaction Logging, Content Enhancements, Article Matching/Rights Checking  Solaris and Linux back end tier for performing searches  Multiple NFS servers used for data storage

6 About EBSCOhost, cont’d Peak load:  25,000 simultaneous ASP sessions during peak time  200,000 searches peak hours, over 2 mln. searches a day  600,000 user logins per day  25 million ‘transactions’ per day  50% of outbound bandwidth is Internet2

7 EBSCO and Internet2 Most Internet2 members are EBSCO customers Many customers on affiliated network Recognized need for reliable high-speed connectivity (http://loadrunner.uits.iu.edu/weathermaps/abilene)http://loadrunner.uits.iu.edu/weathermaps/abilene Became Corporate Member in Fall 2000 Initial connection via vBNS+ Spring 2002 became Collaborating site Current connection to Abilene are two T3’s

8 Current authentication methods IP Address Username and password Referring URL Customer coordinated patron ID (library bar code) Pattern matching (patron ID) Athens Introducing Shibboleth...

9 IP Address Mechanism  IP address ranges recorded in EBSCOadmin  Associated with customer and group Shortcomings  Multiple campuses with shared dynamic IPs may be a problem  Remote access requires use of proxy server

10 Username/password Mechanism  In EBSCOadmin a given user group is associated with a username and password  User is prompted for username and password Shortcomings  Communication of usernames and passwords  Not very secure as usernames tend to be “advertised”  No incentive for a patron to not share

11 Referring URL Mechanism  Customer performs authentication  Access to EBSCOhost is from secure page  URL of secure page recorded in EBSCOadmin  HTTP Referrer of request looked up Shortcomings  Assumes customer’s page is secure  End user must access through library authentication system

12 Customer coordinated Mechanism  Customer uploads patron IDs (library bar code) to EBSCOadmin  Patron IDs can be associated with a specific user group  User must enter valid patron ID to access Shortcomings  Link to EBSCOhost must include CustID  Maintenance of patron ID

13 Pattern matching Mechanism  Customer enters pattern of patron ID  Associates pattern with user group  User prompted for patron ID to access  Length and significant characters must match Shortcomings  Patron ID must follow a pattern  Not very secure  Maintenance: no easy way to “remove” a patron

14 Athens Mechanism  Access rights managed centrally in UK by Athens group  Prompt for users Athens User ID and password (http://search.epnet.com/athens.asp)http://search.epnet.com/athens.asp  Call to Athens server to validate and get institution code  Institution code matched to account in EBSCOadmin Shortcomings  Management of users and rights in separate system from institution

15 Why Shibboleth EBSCO offers multiple services from different locations:  EBSCOhost databases  EBSCOhost Electronic Journals Service (EJS)  A-Z journal locator service  LinkSource OpenURL resolver  Redirect customers to publisher sites

16 Why Shibboleth, cont’d Currently supporting multiple (independent) authentication options Customers want seamless access between services Users want single login EBSCO needs to provide secure authentication to meet expectations of data providers

17 Shibboleth project timeline Mar 14/02 – initial contact by Steven Carmody Apr 4/02 – development initiated Apr 29/02 – DLF/CNI meeting: proof of concept in place and demonstration of Shibboleth in action --- port of Shibboleth package to Win32 --- Sep 12/02 – Win32 Shib Package available (Version 0.7) Sep 26/02 – EBSCO Pilot project completed; Scott Cantor performs first real world test from Ohio State University to EBSCOhost July 2003 – Shibboleth version 1.1 released with Win32 support Aug. 2003 – EBSCOhost Shibboleth Pilot project upgraded to use version 1.1 (http://search.epnet.com/shib.asp)http://search.epnet.com/shib.asp

18 EBSCOhost configuration

19 Outstanding issues Handling multiple ‘sites’ for an institution  Example: OSU has 14 EBSCOhost accounts  Associate originSiteID with customer account(s) in EBSCOadmin  If one originSiteID is associated with multiple customer accounts, use entitlement for finer resolution  Allow self administration  EBSCO specific eduPerson entitlement: urn:mace:ebsco.com:

20 Future proposal… use of attributes typeorigin SiteID affiliationentitlementcustIDgroupID 1.ubcn/a ubcmain 2. ubc staff@ubc.edu student@ubc.edu n/a ubc staff student main 3.{ubc}n/aubcmed:main ubc:staff ubcmed ubc main staff 1. originSiteID – single custID and groupID (majority of cases) 2. affiliation – single custID and multiple groupID (includes walk-ins) 3. entitlement – multiple custID

21 Observations Development effort  Implement ISAPI filter  Supporting infrastructure inside EBSCOadmin Administration effort  Find appropriate contacts at institution  Determine customer account to use and domains and affiliation  Set up mapping or allow customers establish this Meets goal of single login for multi-site sessions

22 Future Expand test to other EBSCO sites  EBSCOhost Electronic Journals Service  LinkSource  MetaPress Work with major publishers to extend reach of seamless access Handling multiple federations by accessing multiple WAYF servers, based on information from user

Download ppt "Shibboleth: EBSCOhost implementation Lech Wojtowicz Director of Software Development EBSCO Publishing Access 2003 October 3, 2003."

Similar presentations

Introducing…. Brand new content platform from John Wiley & Sons (replacing Wiley InterScience) New user interface delivers intuitive navigation for all.

Introducing…. Brand new content platform from John Wiley & Sons (replacing Wiley InterScience) New user interface delivers intuitive navigation for all.
Using EBSCOs Search Box Builder Tool Tutorial. Would you like to promote your EBSCOhost resources by adding an easy-to-use search box to your website?

Using EBSCOs Search Box Builder Tool Tutorial. Would you like to promote your EBSCOhost resources by adding an easy-to-use search box to your website?
EBSCOadmin Authentication

EBSCOadmin Authentication
Creating an EDS Search Box Using EBSCO’s Search Box Builder Tool

Creating an EDS Search Box Using EBSCO’s Search Box Builder Tool
Authorisation Models for National Scale Services Alan Robiette Joint Information Systems Committee

Authorisation Models for National Scale Services Alan Robiette Joint Information Systems Committee
Directorate of Learning Resources Accessing electronic journals from off-campus This causes lots of headaches, but dont despair, heres how to do it! If.

Directorate of Learning Resources Accessing electronic journals from off-campus This causes lots of headaches, but dont despair, heres how to do it! If.
Course Readings in Learning Management Systems Mike Waugh Louisiana State University Eric Frierson EBSCO Information Services CNI Spring Meeting 2014.

Course Readings in Learning Management Systems Mike Waugh Louisiana State University Eric Frierson EBSCO Information Services CNI Spring Meeting 2014.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
ELAG Trondheim 2004 1 Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Library Online Catalog Tutorial Pentagon Library Last Updated March 2008.

Library Online Catalog Tutorial Pentagon Library Last Updated March 2008.
Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?

Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?
Introducing…. Brand new content platform from John Wiley & Sons (replacing Wiley InterScience) New user interface delivers intuitive navigation for all.

Introducing…. Brand new content platform from John Wiley & Sons (replacing Wiley InterScience) New user interface delivers intuitive navigation for all.
Online the Library Michaelmas Term 2011 Trinity College Library Dublin 1 1.

Online the Library Michaelmas Term 2011 Trinity College Library Dublin 1 1.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Introducing…. Brand new content platform from John Wiley & Sons (replacing Wiley InterScience) New user interface delivers intuitive navigation for all.

Introducing…. Brand new content platform from John Wiley & Sons (replacing Wiley InterScience) New user interface delivers intuitive navigation for all.
Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.

Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.
An Overview. Brand new online service from John Wiley & Sons Fully replaces Wiley InterScience Launching late July 2010 Introducing.

An Overview. Brand new online service from John Wiley & Sons Fully replaces Wiley InterScience Launching late July 2010 Introducing.
Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.

Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.

Similar presentations

Ads by Google