240 likes | 425 Views
Access & Identity Management. “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online resources for their users” RSA Security No magic bullet Not about technology itself. Local web resources. External web resources.
E N D
Access & Identity Management • “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online resources for their users” RSA Security • No magic bullet • Not about technology itself
Local web resources External web resources Local authentication System usernames & passwords Database Portal SSO VLE User attributes Names, email, role Journals OPAC Directory Organisational Single sign-on – the future Authentication transfer protocol e.g SAML, Shibboleth, AthensDA • Single copy of data managed centrally • accurate & reliable & secure • Users become accountable & auditable
Beyond IP authentication: Identity Providers Service Providers Institutional Directory Federation AthensDA Shib SAML Athens Resources Athens agents Registry Institutional Data source Bulk Upload Proxies IP Resources Self registration • Individual recognition from day one • Patron attribution • Comprehensive statistics • 300 premium content vendors • user management tools designed for librarians
Cookie Long Term Token Session token Cookie Athens First Access 7 1 2 HTTP refer for authentication 3 Athens Agent Athens Authentication Point Resource Session token User signs on with Athens or local authentication 8 4 5 6 Long Term Token 9 Session Token Create SSO session Athens Authority Server Check session token. Get attributes. Athens Single Sign-on
Integrates with- Shibboleth - EZproxy - Active Directory - etc
Individual Patron id’s – usable anywhere • using the student no as patron id • Uploaded automatically from student registry • No personal data to allay privacy concerns • Staff registered manually • Next step • Integration with Campus Directory
Tamera Hanken says • I chose this service because I needed something that would be reliable, easy and quick to implement, and cost effective in terms of equipment and my time. • With this method we had to do nothing to enable our network system to use Athens. • Based on how easy it was to begin using, how reliable it is, students didn’t find it cumbersome or confusing—we decided to purchase • Customer service has been friendly and prompt
Tailored self registration • Library promotes URL of self registration form • Organisational defined info • Campus, role, faculty – whatever • Request validated by librarian or IP address • Statistics by any defined category • Account usable anywhere