Shibboleth: EBSCOhost implementation - PowerPoint PPT Presentation

About This Presentation
Title:

Shibboleth: EBSCOhost implementation

Description:

Shibboleth: EBSCOhost implementation Lech Wojtowicz Director of Software Development EBSCO Publishing Access 2003 October 3, 2003 Overview About EBSCO Publishing and ... – PowerPoint PPT presentation

Number of Views:709
Avg rating:3.0/5.0
Slides: 23
Provided by: LECH66
Category:

less

Transcript and Presenter's Notes

Title: Shibboleth: EBSCOhost implementation


1
ShibbolethEBSCOhost implementation
  • Lech Wojtowicz
  • Director of Software Development
  • EBSCO Publishing
  •  
  • Access 2003
  • October 3, 2003

2
Overview
  • About EBSCO Publishing and EBSCOhost
  • EBSCOs involvement in Internet2
  • Current authentication methods
  • Why Shibboleth
  • Shibboleth implementation time-line
  • EBSCOhost configuration
  • Outstanding issues and future

3
About EBSCO Publishing
  • Part of EBSCO Information Services
  • Provide information and tools to access
    information online
  • Primarily institutional market
  • International customer base
  • Began in 1986 with CD-ROMs and evolved to Web
  • EBSCOhost at version 6.4, version 7.0 will
    release in Fall

4
About EBSCOhost
  • Web based search and retrieval system
  • Supporting
  • 50 full text databases
  • 65 secondary databases
  • Links to 12,000 e-journals
  • Native interface and Z39.50 access
  • Internet network access from
  • UUnet
  • Genuity
  • Internet2 (Abilene Network)

5
About EBSCOhost, contd
  • Multi-tiered system
  • Windows 2000 with IIS on front lines
  • EBSCOhost is an ASP Web application, XML is an
    internal data format and protocol
  • Several supporting services Email, Transaction
    Logging, Content Enhancements, Article
    Matching/Rights Checking
  • Solaris and Linux back end tier for performing
    searches
  • Multiple NFS servers used for data storage

6
About EBSCOhost, contd
  • Peak load
  • 25,000 simultaneous ASP sessions during peak time
  • 200,000 searches peak hours, over 2 mln. searches
    a day
  • 600,000 user logins per day
  • 25 million transactions per day
  • 50 of outbound bandwidth is Internet2

7
EBSCO and Internet2
  • Most Internet2 members are EBSCO customers
  • Many customers on affiliated network
  • Recognized need for reliable high-speed
    connectivity (http//loadrunner.uits.iu.edu/weathe
    rmaps/abilene)
  • Became Corporate Member in Fall 2000
  • Initial connection via vBNS
  • Spring 2002 became Collaborating site
  • Current connection to Abilene are two T3s

8
Current authentication methods
  • IP Address
  • Username and password
  • Referring URL
  • Customer coordinated patron ID (library bar code)
  • Pattern matching (patron ID)
  • Athens
  • Introducing Shibboleth...

9
IP Address
  • Mechanism
  • IP address ranges recorded in EBSCOadmin
  • Associated with customer and group
  • Shortcomings
  • Multiple campuses with shared dynamic IPs may be
    a problem
  • Remote access requires use of proxy server

10
Username/password
  • Mechanism
  • In EBSCOadmin a given user group is associated
    with a username and password
  • User is prompted for username and password
  • Shortcomings
  • Communication of usernames and passwords
  • Not very secure as usernames tend to be
    advertised
  • No incentive for a patron to not share

11
Referring URL
  • Mechanism
  • Customer performs authentication
  • Access to EBSCOhost is from secure page
  • URL of secure page recorded in EBSCOadmin
  • HTTP Referrer of request looked up
  • Shortcomings
  • Assumes customers page is secure
  • End user must access through library
    authentication system

12
Customer coordinated
  • Mechanism
  • Customer uploads patron IDs (library bar code) to
    EBSCOadmin
  • Patron IDs can be associated with a specific user
    group
  • User must enter valid patron ID to access
  • Shortcomings
  • Link to EBSCOhost must include CustID
  • Maintenance of patron ID

13
Pattern matching
  • Mechanism
  • Customer enters pattern of patron ID
  • Associates pattern with user group
  • User prompted for patron ID to access
  • Length and significant characters must match
  • Shortcomings
  • Patron ID must follow a pattern
  • Not very secure
  • Maintenance no easy way to remove a patron

14
Athens
  • Mechanism
  • Access rights managed centrally in UK by Athens
    group
  • Prompt for users Athens User ID and password
    (http//search.epnet.com/athens.asp)
  • Call to Athens server to validate and get
    institution code
  • Institution code matched to account in EBSCOadmin
  • Shortcomings
  • Management of users and rights in separate system
    from institution

15
Why Shibboleth
  • EBSCO offers multiple services from different
    locations
  • EBSCOhost databases
  • EBSCOhost Electronic Journals Service (EJS)
  • A-Z journal locator service
  • LinkSource OpenURL resolver
  • Redirect customers to publisher sites

16
Why Shibboleth, contd
  • Currently supporting multiple (independent)
    authentication options
  • Customers want seamless access between services
  • Users want single login
  • EBSCO needs to provide secure authentication to
    meet expectations of data providers

17
Shibboleth project timeline
  • Mar 14/02 initial contact by Steven Carmody
  • Apr 4/02 development initiated
  • Apr 29/02 DLF/CNI meeting proof of concept in
    place and demonstration of Shibboleth in action
  • --- port of Shibboleth package to Win32 ---
  • Sep 12/02 Win32 Shib Package available (Version
    0.7)
  • Sep 26/02 EBSCO Pilot project completed Scott
    Cantor performs first real world test from Ohio
    State University to EBSCOhost
  • July 2003 Shibboleth version 1.1 released with
    Win32 support
  • Aug. 2003 EBSCOhost Shibboleth Pilot project
    upgraded to use version 1.1 (http//search.epnet.c
    om/shib.asp)

18
EBSCOhost configuration
19
Outstanding issues
  • Handling multiple sites for an institution
  • Example OSU has 14 EBSCOhost accounts
  • Associate originSiteID with customer account(s)
    in EBSCOadmin
  • If one originSiteID is associated with multiple
    customer accounts, use entitlement for finer
    resolution
  • Allow self administration
  • EBSCO specific eduPerson entitlement
    urnmaceebsco.comltEBSCO customer accountgt

20
Future proposal use of attributes
  1. originSiteID single custID and groupID
    (majority of cases)
  2. affiliation single custID and multiple groupID
    (includes walk-ins)
  3. entitlement multiple custID

type origin SiteID affiliation entitlement custID groupID
1. ubc n/a n/a ubc main
2. ubc staff_at_ubc.edu student_at_ubc.edu n/a n/a n/a n/a ubc ubc ubc staff student main
3. ubc n/a ubcmedmain ubcstaff ubcmed ubc main staff
21
Observations
  • Development effort
  • Implement ISAPI filter
  • Supporting infrastructure inside EBSCOadmin
  • Administration effort
  • Find appropriate contacts at institution
  • Determine customer account to use and domains and
    affiliation
  • Set up mapping or allow customers establish this
  • Meets goal of single login for multi-site sessions

22
Future
  • Expand test to other EBSCO sites
  • EBSCOhost Electronic Journals Service
  • LinkSource
  • MetaPress
  • Work with major publishers to extend reach of
    seamless access
  • Handling multiple federations by accessing
    multiple WAYF servers, based on information from
    user
Write a Comment
User Comments (0)
About PowerShow.com