UCL

1
UCLs preparations for Federated Access
Management

• Margaret Stone
• IT Services Development Officer
• UCL Library Services
• margaret.stone_at_ucl.ac.uk

2
UCLs preparations for Federated Access
Management (FAM)

• Background - UCL Library Services
• Decision-making
• Roadmap practicalities
• Current position plans
• The user experience - considerations

3
UCL Library Services

• UCL profile8,000 staff (including 4,000 academic
  and research), 19,000 students.
  Research-intensive.
• Broad range and large volume of electronic
  library resources (11,000 ejournals 250
  subscription databases ebooks)
• Very high proportion of offsite access to
  resources
• Moved from classic Athens to AthensDA during
  2005/6
• Also use EZProxy for offsite access to (Athens
  and) non-Athens resources

4
From Athens to FAM decision-making

• AthensDA no more admin of separate credentials
• Athens charging in 2008 ? looked at Shibboleth
• Shibboleth Identity Provider set up in 2006
  during JISC-funded project (ShibboLEAP)
• Vital partnership with UCL Information Systems
  Dept
• User directory already part of AthensDA
• Shibboleth benefits international standards,
  non-library federation granular authorisation
• Shib-Athens gateway to cover non-migrated
  resources
• Made apparent sense to move

5
AthensDA to Shibboleth original roadmap

• Install and test Shibboleth Identity Provider
• Join the UK Access Management Federation
• Register Shib Identity Provider with Athens
  (testing)
• Test compliance of Athens resources with the
  Shib-Athens gateway
• Plan strategy for non-compliant resources
• Consider best access route for each resource
  (gateway / direct Shib / proxy / other)
• Plan end-user information
• Switch from AthensDA to Shib IdP

6
Practicalities Library-IT Partnership

• Joint project Library Services and Information
  Systems
• Feeds into implementation of UCLs Information
  Strategy
• Collaborative issues
• Identity Provider administration
• Federation registration
• User status re licences (staff, student,
  honorary staff only)
• Shibboleth attribute release policy
• Logs and trouble-shooting
• HTML login screen

7
Practicalities Testing mechanisms

• Monitor which resources offer Shib access
• Look for both pilot testing and live services
• Contact each provider to register and/or check
  requirements
• Shib-Athens Gateway testing via special cookie
• Soft launch of some services, eg ScienceDirect
• Special URLs, eg MIMAS CrossFire

8
Practicalities Usage so far

• Monitor destination logs of Shib IdP
• Current usage per day (number of logins)
• 1300 EZProxy
• 250 MetaLib
• 100 ScienceDirect
• A few others

9
However

• Our plan to migrate from Athens hinged on the
  JISC-funded Shib-Athens gateway

10
Shib-Athens gateway
Shibboleth-authenticatedusers
Athens-protectedresources

• Use for resources which wont be Shibbed by Aug
  2008
• Nearly all Athens resources are compliant.
  Exceptions listed on Athens website.
• Otherwise, behaves just like AthensDA
• To be provided by OpenAthens from August 2008

Photo by paparutzi displayed on Flickr.com
11
AthensDA to Shibboleth current position

• Consider local financial implications of using
  the gateway via OpenAthens
• Monitor usage of resources via current access
  routes
• Await further information from JISC
• Monitor Shibboleth/Federation status of resources
• Consider best access route for each resource
  (gateway / direct Shib / proxy / other)
• Decide how to proceed from August 2008
• Plan end-user information

12
FAM status of UCLs Athens resources

• 125 Athens resources
• Readiness for Shibboleth from 31/7/08 (JISC)
• Can be (fairly) confident about 47 so far!

13

• The user experience

14
(No Transcript)
15
(No Transcript)
16
(No Transcript)
17
(No Transcript)
18
http//libproxy.ucl.ac.uk/login?urlhttp//aapgbul
letin.datapages.com/
19
(No Transcript)
20
User guidance

• Refer to e-resource access, with Athens as one
  subset
• Describe how to login both via library-controlled
  links and via the resource homepage
• Show some examples of how to find the login box
  on the resource homepage

21
(No Transcript)
22
The user experience

• Changes from Aug 2008
• Access from Library-controlled links
• Access from resources directly
• Personalisation features

23
1. Library-controlled links

• Mostly EZProxy (IP authentication proxying
  permitted)
• Shibboleth where possible
• Some Athens (gateway) ?????
• EZProxy itself is Shibbolized

24
2. Direct from the resource

• Most controlled by IP address on-campus
• Many Institutional login or similar
  (Shibboleth)
• Some Athens (gateway) ?????
• No EZProxy!

25
3. Personalisation features

• Most Athens resources which offer alerts etc.
  require separate registration (username/password)
• Exceptions include ScienceDirect, Zetoc, Digimap,
  Dialog DataStar, NetLibrary,
• For these, saved searches, alerts etc are tied to
  the Athens ID beware!
• Zetoc allows transfer to Shibboleth ID
• Want to minimise re-registration

26
So in summary

• UCL is ready to go with Shibboleth, but
• largely due to support from JISC/institution/IS
• and via a long testing phase due to shifting
  goal posts
• User experience is very important, and we want to
  get the transition right
• We may need to go with OpenAthens in short term
  (for the user experience)
• End goal is still full Shibboleth

27
Thank you questions welcome at the end

• margaret.stone_at_ucl.ac.uk