1 / 17

Shibboleth protected proxy servers

Shibboleth protected proxy servers. a case study from the Danish library sector. DEFF. Denmark's Electronic Research library Founded in 1998 to provide a joint IT strategy for the Danish research libraries Provides infrastructure and middleware for the libraries. AAI.

kamil
Download Presentation

Shibboleth protected proxy servers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Shibboleth protected proxy servers a case study from the Danish library sector

  2. DEFF Denmark's Electronic Research library Founded in 1998 to provide a joint IT strategy for the Danish research libraries Provides infrastructure and middleware for the libraries

  3. AAI One of the original visions was to provide a standardized way to handle user administration and access control across institutional borders Did anyone say federation…

  4. The DEF key This vision was attempted realized through an ambitious project called ‘The DEF key’. A lot of effort was done but the project was dropped due to conflict of interest

  5. DEFF Services DEFF negotiates licenses for accessing article databases and electronic periodicals for the research libraries Most of these are campus wide licenses and the access control is IP based

  6. Challenge How do we provide home access for the users such that • Only registered users have access • Access through ordinary web browser • No need for changing browser settings (necessary with ordinary proxy servers)

  7. LDAP 2001 In 2001 a new project was launched to meet this specific challenge • The lesson learned at the DEF key project was that it failed because it tried to be as general as possible • So this time one of the goals was to design a solution which met only this specific challenge

  8. The Solution A network of LDAP servers (one for each involved institution) providing data for a centralized login controlling the access to a farm of rewriting proxy servers

  9. Service Provider LDAP Central login Proxy server Service Provider LDAP Service Provider LDAP

  10. Some Statistics ZZZZZ We have a solution running in production with • 40+ user organizations • ~ 250.000 users • providing access to several hundred databases • Configuration lists more than 7.000 domains

  11. Is it perfect A short answer: no, but it is working • 2 single points of failure (login and proxy) • Centralized login = potential security issue • Performance issue • URL exchanging issue

  12. Shibbolizing the setup In 2005 we ran a pilot project to try to put Shibboleth access control on our proxy farm The EZProxy has already been Shibbolized by the vendor. This version does however not meet our requirements fully

  13. WAYF Service Provider Proxy server Identity Provider Service Provider Service Provider

  14. Have you implemented it The short answer: no The building of a Danish federation DK-AAI is in progress and we are awaiting the outcome of this project

  15. Why use proxies at all Allows to progress in building our federation without having to wait for the resource- providers to get Shibboleth ready Some resource providers probably will not be ready in this decade

  16. WAYF Proxy server Service Provider Identity Provider Service Provider Service Provider

  17. Questions and answers jgb@statsbiblioteket.dk www.statsbiblioteket.dk www.deff.dk www.deff.dk/aai

More Related