Publisher’s version / Version de l'éditeur:
Vous avez des questions? Nous pouvons vous aider. Pour communiquer directement avec un auteur, consultez la première page de la revue dans laquelle son article a été publié afin de trouver ses coordonnées. Si vous n’arrivez pas à les repérer, communiquez avec nous à [email protected].
Questions? Contact the NRC Publications Archive team at
[email protected]. If you wish to email the authors directly, please see the first page of the publication for their contact information.
https://publications-cnrc.canada.ca/fra/droits
L’accès à ce site Web et l’utilisation de son contenu sont assujettis aux conditions présentées dans le site LISEZ CES CONDITIONS ATTENTIVEMENT AVANT D’UTILISER CE SITE WEB.
Access 2003: Extending our Abilities [Proceedings], 2003
READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THIS WEBSITE.
https://nrc-publications.canada.ca/eng/copyright
NRC Publications Archive Record / Notice des Archives des publications du CNRC :
https://nrc-publications.canada.ca/eng/view/object/?id=f768811a-b352-4a68-a419-08583ace19bf https://publications-cnrc.canada.ca/fra/voir/objet/?id=f768811a-b352-4a68-a419-08583ace19bf
NRC Publications Archive
Archives des publications du CNRC
This publication could be one of several versions: author’s original, accepted manuscript or the publisher’s version. / La version de cette publication peut être l’une des suivantes : la version prépublication de l’auteur, la version acceptée du manuscrit ou la version de l’éditeur.
Access and use of this website and the material on it are subject to the Terms and Conditions set forth at
Shibboleth at CISTI: Introducing, prototyping and extending
National Research Council
Shibboleth at CISTI
Introducing, prototyping and extending
Glen Newton, David Dearman, Carolyn Brown
Canada Institute for Scientific and Technical Information (CISTI) The National Research Council
Ottawa, ON
National Research Council
Outline
Intro to Shibboleth What is Shibboleth?
What problem(s) does Shibboleth solve? Shibboleth architecture
How does it work? Shibboleth @ CISTI
Why?
Prototyping Extensions
National Research Council
Outline
Intro to Shibboleth What is Shibboleth?
What problem(s) does Shibboleth solve? Shibboleth architecture
How does it work?
Shibboleth @ CISTI Why?
Prototyping Extensions
National Research Council
Outline
Intro to Shibboleth
What is Shibboleth?
What problem(s) does Shibboleth solve? Shibboleth architecture
How does it work? Shibboleth @ CISTI Why?
Prototyping Extensions
National Research Council
Outline
Intro to Shibboleth
What is Shibboleth?
What problem(s) does Shibboleth solve? Shibboleth architecture
How does it work? Shibboleth @ CISTI
Why?
Prototyping Extensions
National Research Council
What is Shibboleth?
“Inter-realm Attribute-based authorization for Web Services”
Architecture and technology to support inter-institutional sharing of resources
Based on a federated administration trust framework
Controlled dissemination of attribute
information, based on administration defaults and user preferences
National Research Council
What is Shibboleth?
“Inter-realm Attribute-based authorization for Web Services”
Architecture and technology to support inter-institutional sharing of resources
Based on a federated administration trust framework
Controlled dissemination of attribute
information, based on administration defaults and user preferences
National Research Council
What is Shibboleth? (cont.)
Founding Assumptions:Federated administration
Lightweight mechanisms: disturb as little of existing infrastructure as possible
Leverage vendor and standards activity wherever possible
National Research Council
What is Shibboleth? (cont.)
Founding Assumptions:Federated administration
Lightweight mechanisms: disturb as little of existing infrastructure as possible
Leverage vendor and standards activity wherever possible
National Research Council
What is Shibboleth (cont.)
What problem(s) does Shibboleth address/solve? Resource consumer
Access from on-campus Access from off-campus User account proliferation Resource producer
IP management IP spoofing
User account management
National Research Council
What is Shibboleth (cont.)
What problem(s) does Shibboleth address/solve? Resource consumer
Access from on-campus Access from off-campus User account proliferation
Resource producer IP management
IP spoofing
User account management
National Research Council
What is Shibboleth (cont.)
What problem(s) does Shibboleth address/solve? Resource consumer
Access from on-campus Access from off-campus
User account proliferation
Resource producer IP management
IP spoofing
User account management
National Research Council
What is Shibboleth (cont.)
What problem(s) does Shibboleth address/solve? Resource consumer
Access from on-campus Access from off-campus User account proliferation
Resource producer IP management
IP spoofing
User account management
National Research Council
What is Shibboleth (cont.)
What problem(s) does Shibboleth address/solve? Resource consumer
Access from on-campus Access from off-campus User account proliferation Resource producer
IP management IP spoofing
User account management
National Research Council
What is Shibboleth (cont.)
What problem(s) does Shibboleth address/solve? Resource consumer
Access from on-campus Access from off-campus User account proliferation Resource producer
IP management IP spoofing
User account management
National Research Council
What is Shibboleth (cont.)
What problem(s) does Shibboleth address/solve? Resource consumer
Access from on-campus Access from off-campus User account proliferation Resource producer
IP management IP spoofing
User account management
National Research Council
What is Shibboleth (cont.)
What problem(s) does Shibboleth address/solve? Resource consumer
Access from on-campus Access from off-campus User account proliferation Resource producer
IP management IP spoofing
User account management
National Research Council
Shibboleth Architecture
Players:Browser user: resource consumer Origin Site: resource consumer’s organization
Target Site: resource producer
National Research Council
Shibboleth Architecture
Players:Browser user: resource consumer
Origin Site: resource consumer’s organization Target Site: resource producer
National Research Council
Shibboleth Architecture
Players:Browser user: resource consumer
Origin Site: resource consumer’s organization Target Site: resource producer
National Research Council
Shibboleth Architecture (cont.)
Components: Origin Site Handle Server Attribute Authority Target Site: SHIRE SHAR WAYF Resource manager Access 2003: Shibboleth – p.7/15National Research Council
How does it work?
1. User requests resource from publisher’s website (Target)
2. User is asked to self-identify her organization (Origin)
3. User is re-directed to Origin & authenticates
4. User attributes are transfered to Target
5. Target compares attributes against Policy
associated with requested resource 6. User gets resource
National Research Council
How does it work?
1. User requests resource from publisher’s web
site (Target)
2. User is asked to self-identify her organization (Origin)
3. User is re-directed to Origin & authenticates
4. User attributes are transfered to Target
5. Target compares attributes against Policy
associated with requested resource 6. User gets resource
National Research Council
How does it work?
1. User requests resource from publisher’s web
site (Target)
2. User is asked to self-identify her organization (Origin)
3. User is re-directed to Origin & authenticates
4. User attributes are transfered to Target
5. Target compares attributes against Policy
associated with requested resource 6. User gets resource
National Research Council
How does it work?
1. User requests resource from publisher’s web
site (Target)
2. User is asked to self-identify her organization (Origin)
3. User is re-directed to Origin & authenticates
4. User attributes are transfered to Target
5. Target compares attributes against Policy
associated with requested resource 6. User gets resource
National Research Council
How does it work?
1. User requests resource from publisher’s web
site (Target)
2. User is asked to self-identify her organization (Origin)
3. User is re-directed to Origin & authenticates
4. User attributes are transfered to Target
5. Target compares attributes against Policy
associated with requested resource 6. User gets resource
National Research Council
How does it work?
1. User requests resource from publisher’s web
site (Target)
2. User is asked to self-identify her organization (Origin)
3. User is re-directed to Origin & authenticates
4. User attributes are transfered to Target
5. Target compares attributes against Policy
associated with requested resource 6. User gets resource
National Research Council
How does it work?
1. User requests resource from publisher’s web
site (Target)
2. User is asked to self-identify her organization (Origin)
3. User is re-directed to Origin & authenticates
4. User attributes are transfered to Target
5. Target compares attributes against Policy
associated with requested resource 6. User gets resource
National Research Council
How does it work? (cont.)
National Research Council
Shibboleth @ CISTI: Why?
What is CISTI?Virtual library for 3000+ NRC researchers
Scientific publisher: NRC Research Press: 15 scholarly journals (Canadian Journal Botany, etc)
National and International DocDel hub (4000+ documents per day)
Canadian National Science and Technology Library
National Research Council
Shibboleth @ CISTI: Why?
What is CISTI?Virtual library for 3000+ NRC researchers
Scientific publisher: NRC Research Press: 15 scholarly journals (Canadian Journal Botany, etc)
National and International DocDel hub (4000+ documents per day)
Canadian National Science and Technology Library
National Research Council
Shibboleth @ CISTI: Why?
What is CISTI?Virtual library for 3000+ NRC researchers Scientific publisher: NRC Research Press: 15
scholarly journals (Canadian Journal Botany, etc)
National and International DocDel hub (4000+ documents per day)
Canadian National Science and Technology Library
National Research Council
Shibboleth @ CISTI: Why?
What is CISTI?Virtual library for 3000+ NRC researchers
Scientific publisher: NRC Research Press: 15 scholarly journals (Canadian Journal Botany, etc)
National and International DocDel hub (4000+ documents per day)
Canadian National Science and Technology Library
National Research Council
Shibboleth @ CISTI: Why?
What is CISTI?Virtual library for 3000+ NRC researchers
Scientific publisher: NRC Research Press: 15 scholarly journals (Canadian Journal Botany, etc)
National and International DocDel hub (4000+ documents per day)
Canadian National Science and Technology Library
National Research Council
Shibboleth @ CISTI: Why?
What is CISTI?Virtual library for 3000+ NRC researchers
Scientific publisher: NRC Research Press: 15 scholarly journals (Canadian Journal Botany, etc)
National and International DocDel hub (4000+ documents per day)
Canadian National Science and Technology Library
National Research Council
Shibboleth @ CISTI: Why? (cont.)
Why CISTI?a resource consumer (NRC Virtual Library) a resource producer (NRC Research Press)
National Research Council
Shibboleth @ CISTI (cont.)
PrototypingImplemented prototype for 3 NRC Research Press journals
Authentication from LDAP and MySQL Tested for problems: none
Did not test for many multiple users, etc.
National Research Council
Shibboleth @ CISTI(cont.)
ExtensionsWanted attributes from MySQL database (historical problems with LDAP)
Implemented, tested and donated code to Shibboleth
National Research Council
Shibboleth @ CISTI(cont.)
The NRC Virtuial LibraryInterested in Shibboleth & evaluating impact on work-flow
Initially concerned with user account / resource matching overhead
Also looking in to possible impact on licensing
National Research Council
Shibboleth @ CISTI(cont.)
The FuturePossible Shibboleth implementation for NRC Research Press
Possible implementation of Shibboleth for the NRC Virtual Library
Adoption by resource producers / resource consumers
Designing way of doing E-Commerce (Pay-per-view) using Shibboleth
