Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ted Koppel The Library Corporation

Published byJack Brooks Modified over 11 years ago

Similar presentations

Presentation on theme: "Ted Koppel The Library Corporation"— Presentation transcript:

1 Ted Koppel The Library Corporation tedk@tlcdelivers.com

2 Authentication –Validation of user credentials –Based on individual –Usually local function Authorization –Validation of institutions permissions / contracts –Almost always a remote function –More involved with license constraints

3 We know the players (next slide) but We dont yet know all of their needs We know some of the goals and We know of some options to reach those goals but Not all options meet all needs. In fact, some are inimical to meeting these needs HOWEVER We know what we want to avoid

4

5 Needs access to information / data Understands need to present credentials ONCE Wants his anonymity but also wants his privileges Carries attributes (Grad Student in Engineering School) that provide Entitlements to certain resources

6 Examines and approves/disapproves credentials Depends on institutional structure –Library Borrower Database –Campus-wide login (university) –State-supported databases (OPLIN, FindItVa) Needs to return a yes or no and send it upstream

7 The entity through which the User derives his entitlements May be the same as the Authenticator Controls the privileges of individuals and groups Various levels: –Department –Library –Campus –Statewide

8 May be the ILS May be a Library or Campus-wide Portal May be the Authenticator and/or the Licensee Has to present authentication screens to users and manage the results and send them upstream Often has to handle multiple authentication schemes

9 Can handle rudimentary authentication itself if required Acts as pass-through for authentication information but Must be able to trust the varying sources of authentication that it receives Has to translate authentication from source to multiple targets

10 Wants to sell data, have it used and respected, while Restricting access to valuable intellectual property and protecting investment Must be able to trust the authentication from all of the downstream sources

11 Contradiction: anonymity versus personalization (the user) Contradiction: wide use and acceptance versus branding (database provider) Contradiction: needs of the academic and public library sectors (wanting identity masking) versus commercial information providers (needing billable accountability)

12 tried and true mechanisms –IP address permission –Referring URL validation –URL-embedded userid/password –Vendor-provided script –Local or SIP2/NCIP password verification Limited and arcane

13 Shibboleth (or similar) –Builds on trust relationships between parties –Allows local authentication by any means –Transmits the fact of approval and attributes of the user but –Preserves personal anonymity through use of –communities and clubs as entities that receive privileges

14 X509 (or other) digital certificates issued by authenticator PAPI = Point of Access to Providers of Information (local authorization, Spain) Athens (single sign-on scheme, UK) And various others

15 Creation of subcommittees to draft mission statements for pre-standards activity Develop use cases to understand all aspects of authentication Examine and evaluate existing work in authentication Determine what approach(es) might be best practices or (at worst) develop a new authentication scheme

16 Certifying the user (or organization) from the Authenticator to the Data Provider, by way of the Metasearch provider, in such a way that the messages can be trusted from the source to the destination, so that the services to which the user is entitled can be delivered.

17 Authentication to Licensed Resources (JSTOR) http://uk.jstor.org/about/authentication.html (discusses JSTORs approaches to authentication) Access Management for Networked Information Resources by Clifford Lynch http://www.educause.edu/ir/library/html/cem9842.html (overview article) Authorization/Authentication for Patron Remote Access to Electronic Resources (powerpoint by Kerry Bouchard) http://libnt2.lib.tcu.edu/staff/bouchard/ugc2000/remoteaccess/sld001. htm (useful visual introduction to issues relating to authorization) A White Paper on Authentication and Access Management Issues in Cross-organizational Use of Networked Information Resources by Clifford Lynch, editor (cliff@cni.org) http://www.cni.org/projects/authentication/authentication- wp.htmlcliff@cni.org http://www.cni.org/projects/authentication/authentication- wp.html

18 Ted Koppel The Library Corporation tedk@tlcdelivers.com

Download ppt "Ted Koppel The Library Corporation"

Similar presentations

Building Secure Mashups D. K. Smetters PARC Usable.

Building Secure Mashups D. K. Smetters PARC Usable.
EBSCOadmin Authentication

EBSCOadmin Authentication
Authorisation Models for National Scale Services Alan Robiette Joint Information Systems Committee

Authorisation Models for National Scale Services Alan Robiette Joint Information Systems Committee
© 2006 Open Grid Forum OGF19 Federated Identity Rule-based data management Wed 11:00 AM Mountain Laurel Thurs 11:00 AM Bellflower.

© 2006 Open Grid Forum OGF19 Federated Identity Rule-based data management Wed 11:00 AM Mountain Laurel Thurs 11:00 AM Bellflower.
17 March 2010 Workshop on Efficient and Effective eGovernment FASTeTEN : a Flexible Technology in Different European Administrative Contexts

17 March 2010 Workshop on Efficient and Effective eGovernment FASTeTEN : a Flexible Technology in Different European Administrative Contexts
Richard Jones The Edinburgh Research Archive The Edinburgh Research Archive: ERA Institutional Repository Theses & Dissertations Conference Papers/Posters.

Richard Jones The Edinburgh Research Archive The Edinburgh Research Archive: ERA Institutional Repository Theses & Dissertations Conference Papers/Posters.
Joanna Cooksey, Subject Librarian Oxford Brookes University Logging into Athens: a brief guide.

Joanna Cooksey, Subject Librarian Oxford Brookes University Logging into Athens: a brief guide.
EVERY CONNECTION has a starting point. EVERY CONNECTION has a starting point. WorldCat Navigator - Authentication Library Hosted Navigator EZproxy and.

EVERY CONNECTION has a starting point. EVERY CONNECTION has a starting point. WorldCat Navigator - Authentication Library Hosted Navigator EZproxy and.
Remotely managed Franking System

Remotely managed Franking System
NRL Security Architecture: A Web Services-Based Solution

NRL Security Architecture: A Web Services-Based Solution
Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
DSpace: the MIT Libraries Institutional Repository MacKenzie Smith, MIT EDUCAUSE 2003, November 5 th Copyright MacKenzie Smith, 2003. This work is the.

DSpace: the MIT Libraries Institutional Repository MacKenzie Smith, MIT EDUCAUSE 2003, November 5 th Copyright MacKenzie Smith, This work is the.
While You Were Out: How Students are Transforming Information and What it Means for Publishing Kate Wittenberg The Electronic Publishing Initiative at.

While You Were Out: How Students are Transforming Information and What it Means for Publishing Kate Wittenberg The Electronic Publishing Initiative at.
ELAG Trondheim 2004 1 Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
Principal Patent Analyst

Principal Patent Analyst
Sponsored by the National Science Foundation Campus Policies for the GENI Clearinghouse and Portal Sarah Edwards, GPO March 20, 2013.

Sponsored by the National Science Foundation Campus Policies for the GENI Clearinghouse and Portal Sarah Edwards, GPO March 20, 2013.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
1 Security Assertion Markup Language (SAML). 2 SAML Goals Create trusted security statements –Example: Bill’s address is and he was authenticated.

1 Security Assertion Markup Language (SAML). 2 SAML Goals Create trusted security statements –Example: Bill’s address is and he was authenticated.
Ray Denenberg Ralph LeVan Workshop 20 March 25, 2006; Washington Metasearch - the NISO Initiative.

Ray Denenberg Ralph LeVan Workshop 20 March 25, 2006; Washington Metasearch - the NISO Initiative.

Similar presentations

Ads by Google