Authentication an overview of Hybrid Library requirements

1
Project HeadLine

• Authentication - an overview of Hybrid Library
  requirements
• Jonathan Eaton
• eLib Concertation Day - Authentication
• 10th March 1999

2
Presentation Overview

• Why access control is problematic for all
  electronic information stakeholders
• Understanding different access needs
• Criteria for authentication initiatives
• Towards an authentication model
• Authentication requirements summary

3
Common Hybrid Library goals

• Hybrid Library systems typically comprise
• a user centred, Web-based managed environment
• aim to provide single access point to diverse
  resources in range of media formats
• extend management controls minimise access
  discontinuities for users

4
Electronic Access Issues...

• do we have barriers or controls?
• Internet promises seamless access
• fragmented weak control mechanisms
• password proliferation a curse
• IP filtering excludes valid (remote) users!
• islands of user attributes data
• a new inter-organisational era (Lynch)
• supersedes older password model...

5
A Continuum of Access Needs

• Different stakeholder perspectives
• user wants unrestricted access
• librarian wants managed access
• vendor wants validated access
• access rights derive from community membership(s)
• range of physical and virtual locations
• a single (secure) sign-on entry point

6
Authentication Authorisation

• Authentication defines who you are
• Authorisation determines what you can do or what
  you can access, once authenticated
• Hybrid Library systems will demand
• interoperation AND separation between user
  attributes and resource metadata databases
• finer controls to model increasingly complex
  relationships

7
Authentication issues

• Single sign-on goal further complicates
  authentication issues
• User identities and access rights typically
  fragmented on service-by-service basis
• access scenario complexities
• personal AND generic identities
• personal, customised use of services
• multiple identities in single session
• where is locus of control?

8
Some evaluation criteria

• national authentication infrastructure (e.g.
  ATHENS) should
• integrate academic commercial sources
• supply local central management controls
• offer bridge to future standards/protocols
• flexibly incorporate user attributes resources
  metadata
• use architecture that permits levels of resource
  access granularity

9
Towards an authentication model

• access control must be flexible managed
• must reflect degrees of indirection in real-world
  contractual relationships, e.g.
• publisher ltgt content aggregator
• content aggregator ltgt library
• library ltgt user
• resource compendium and user attributes database
  are key components

10
Authentication needs conclusion

• Future access controls must
• be appropriate, robust, flexible, scaleable,
  simple user-proof
• enforce control but maximise access
• enact (indirect) contractual relationships
• reflect new inter-organisational world
• avoid current fragmentation
• embody needs of all stakeholders

11
Further Details

• Further details are available on the HEADLINE
  Website at
• www.headline.ac.uk
• including outline Project Workplan and project
  Working Papers as published
• March 1999