1 / 18

Ted Koppel • The Library Corporation • tedk@tlcdelivers

Ted Koppel • The Library Corporation • tedk@tlcdelivers.com. Authentication Validation of user credentials Based on individual Usually local function Authorization Validation of institution’s permissions / contracts Almost always a remote function

elam
Download Presentation

Ted Koppel • The Library Corporation • tedk@tlcdelivers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ted Koppel• The Library Corporation • tedk@tlcdelivers.com

  2. Authentication • Validation of user credentials • Based on individual • Usually local function • Authorization • Validation of institution’s permissions / contracts • Almost always a remote function • More involved with license constraints

  3. We know the players (next slide) but • We don’t yet know all of their needs • We know some of the goals and • We know of some options to reach those goals but • Not all options meet all needs. In fact, some are inimical to meeting these needs HOWEVER We know what we want to avoid

  4. Needs access to information / data • Understands need to present credentials • ONCE • Wants his anonymity but also wants his privileges • Carries attributes (Grad Student in Engineering School) that provide • Entitlements to certain resources

  5. Examines and approves/disapproves credentials • Depends on institutional structure • Library Borrower Database • Campus-wide login (university) • State-supported databases (OPLIN, FindItVa) • Needs to return a “yes” or “no” and send it upstream

  6. The entity through which the User derives his entitlements • May be the same as the Authenticator • Controls the privileges of individuals and groups • Various levels: • Department • Library • Campus • Statewide

  7. May be the ILS • May be a Library or Campus-wide Portal • May be the Authenticator and/or the Licensee • Has to present authentication screens to users and manage the results and send them upstream • Often has to handle multiple authentication schemes

  8. Can handle rudimentary authentication itself if required • Acts as pass-through for authentication information but • Must be able to trust the varying sources of authentication that it receives • Has to ‘translate’ authentication from source to multiple targets

  9. Wants to sell data, have it used and respected, while • Restricting access to valuable intellectual property and protecting investment • Must be able to trust the authentication from all of the downstream sources

  10. Contradiction: anonymity versus personalization (the user) • Contradiction: wide use and acceptance versus ‘branding’ (database provider) • Contradiction: needs of the academic and public library sectors (wanting identity masking) versus commercial information providers (needing billable accountability)

  11. “tried and true” mechanisms • IP address permission • Referring URL validation • URL-embedded userid/password • Vendor-provided script • Local or SIP2/NCIP password verification • Limited and arcane

  12. Shibboleth (or similar) • Builds on trust relationships between parties • Allows local authentication by any means • Transmits the fact of approval and attributes of the user but • Preserves personal anonymity through use of • “communities” and “clubs” as entities that receive privileges

  13. X509 (or other) digital certificates issued by authenticator • PAPI = Point of Access to Providers of Information (local authorization, Spain) • Athens (single sign-on scheme, UK) • And various others

  14. Creation of subcommittees to draft mission statements for pre-standards activity • Develop use cases to understand all aspects of authentication • Examine and evaluate existing work in authentication • Determine what approach(es) might be ‘best practices’ or (at worst) develop a new authentication scheme

  15. Certifying the user (or organization) from the Authenticator to the Data Provider, by way of the Metasearch provider, in such a way that the messages can be trusted from the source to the destination, so that the servicesto which the user is entitled can be delivered.

  16. Authentication to Licensed Resources (JSTOR) http://uk.jstor.org/about/authentication.html (discusses JSTOR’s approaches to authentication) • Access Management for Networked Information Resources by Clifford Lynch http://www.educause.edu/ir/library/html/cem9842.html (overview article) • Authorization/Authentication for Patron Remote Access to Electronic Resources (powerpoint by Kerry Bouchard) http://libnt2.lib.tcu.edu/staff/bouchard/ugc2000/remoteaccess/sld001.htm (useful visual introduction to issues relating to authorization) • A White Paper on Authentication and Access Management Issues inCross-organizational Use of Networked Information Resources by Clifford Lynch, editor (cliff@cni.org)http://www.cni.org/projects/authentication/authentication-wp.html

  17. Ted Koppel The Library Corporation tedk@tlcdelivers.com

More Related