110 likes | 278 Views
Shibboleth for Real. Oren Beit-Arie Ex Libris Group CNI Spring 2006 Task Force Meeting April 3-4, 2006 – Arlington, VA. Shibboleth and Ex Libris – Past Work. Project Goals Establish SFX as a Shibboleth target (Service Provider) Main motivation: enable role-based features
E N D
Shibboleth for Real Oren Beit-Arie Ex Libris Group CNI Spring 2006 Task Force Meeting April 3-4, 2006 – Arlington, VA
Shibboleth and Ex Libris – Past Work • Project Goals • Establish SFX as a Shibboleth target (Service Provider) • Main motivation: enable role-based features • Started discussions with the Internet2/Shibboleth group in Summer 2001 • Integrated SFX as a Shibboleth Target (0.9…) as part of Pilot/Alpha Testing in 2002 • Rolled out test system to 2 Pilot sites • Conclusion - too early to assess the value of such an integration • Early stage of Shibboleth development • No real Shibboleth adoption in libraries • Not enough biz case: role-based entitlements in SFX weren’t a priority
Shibboleth and Ex Libris – Current Work • Goals: • Focus on local library system’s integration with Shib • Specific interest in consortia (including hybrid shib/non-shib) • Method: • ‘Shibbolize’ the Patron Directory Services (PDS) module
Patron Directory Services (PDS) Module Aleph Authentication AuthN sys Credentials/ID MetaLib Authentication PDS DigiTool Authentication User File Other Applications Other Authentication Systems ID/Attributes
Shibboleth PDS – Authentication hub to Shibboleth AuthN sys Credentials/ID PDS User File Other Applications ID/Attributes
Shibboleth and Ex Libris – Current Work • Began working with several MetaLib customers Summer 2005 • PDS serves dual roles as the Shibboleth Service Providerand, in consortia, as theShibboleth WAYF • SSO fully or partially implemented to suit institutional MetaLib workflow • Results – successful implementations at three MetaLib sites • Some good input on future direction… • Help identify pre-requisites
Current Integration Projects • University System of Maryland (USMAI) successfully implemented MetaLib/Shibboleth integration in a test environment • National Library of Finland (FinELib) upgraded existing MetaLib/Shibboleth integration • As of late-February 2006, six FinELib institutions are live with with a seventh institution nearly complete • University of Newcastle upon Tyne completed beta testing MetaLib/Shibboleth integration • Included an automatic sign-in (SSO)
Lessons Learned • PDS/MetaLib implementations vary – requires flexibility to accommodate customer’s unique requirements • Shibboleth/PDS/MetaLib integration approaches also vary to accommodate the authentication/authorization workflow of each customer’s unique environment… • Customers must have a good technical understanding of Shibboleth, PDS/MetaLib • Recent projects enabled Ex Libris to identify customer prerequisites for successful PDS/Shibboleth integration with MetaLib
Next Steps • Gradually roll out Shibboleth support for MetaLib – general release TBD • Continue working with customers interested in ‘Shibbolizing’ PDS for MetaLib authentication • Interested customers must complete integration prerequisites • Continue documenting guidelines and best practices for successful Shibboleth/PDS/Ex Libris product integration
Open Issues • Policies/Guidelines • Is there a need for better support or consultancy mechanisms to support large-scale implementation? • Federations: InCommon, HAKA - what about the rest of the world? • Functions/scenarios • Sign-off (Shib v.2?) • How to accommodate multiple roles of users? • Development: • Shib & Metasearch - API/Web services (v.2?) • Be able to release OpenURL’s baseURL attribute
Shibboleth for real Oren Beit-Arie oren@exlibris-usa.com