What have Library Projects ever done for us

1
What have Library Projects ever done for us?

• (with apologies to The Romans, and Monty Python)
• Or a lightning tour of recent projects,
  happening here, that will change the world, a
  bit
• John Paschoud

2
Past, Present and Future

• ANGEL ResourceManager ? EL
• DELIVER VLE-Library integration ?
  ReadingListDirect (? Discover!)
• SECURe better user authentication access
  authorization to resources
• UKeduPerson classifying FHE roles
• PERSEUS access management to resources through
  institutional portals

3
(No Transcript)
4
The DELIVER Project
5
The SECURe Project

• Using LSE as a testbed for new Access Management
  technologies
• Personal digital certificates public key
  infrastructure (PKI)
• YaleCAS for single sign-on authentication
• Shibboleth for cross-domain authorization
• User Identity Management via LDAP, in
  ActiveDirectory

6
What is Shibboleth? (Biblical)
The Gileadites captured the fords of the Jordan
opposite Ephraim. And it happened when any of
the fugitives of Ephraim said, "Let me cross
over," the men of Gilead would say to him, "Are
you an Ephraimite?" If he said, "No," then they
would say to him, "Say now, 'Shibboleth.' " But
he said, "Sibboleth," for he could not pronounce
it correctly. Then they seized him and slew him
at the fords of the Jordan. Judges, ch12, v5-6
(New American Standard)

• A word which was made the criterion by which to
  distinguish the Ephraimites from the Gileadites.
  The Ephraimites, not being able to pronounce
  sh, called the word sibboleth. See --Judges
  xii.
• Hence, the criterion, test, or watchword of a
  party a party cry or pet phrase.
• Webster's Revised Unabridged Dictionary (1913)

The greatest needs of the Collectivist movement
in England appear to me Diffusion of economic
and political knowledge of a real kind - as
opposed to Collectivist shibboleths, and the cant
and claptrap of political campaigning. Sidney
Webb memorandum to LSE Trustees meeting on 8th
Feb 1894
7
What is Shibboleth? (modern)

• An initiative to develop an architecture and
  policy framework supporting the sharing - between
  domains - of secured web resources and services
• A project delivering an open source
  implementation of the architecture and framework
• Deliverables
• Software for Origins (campuses)
• Software for Targets (vendors)
• Operational Federations (scalable trust)

after Michael Gettes, Duke University
Shibboleth Project Team
8
Why is Shibboleth important?

• Concerns over user privacy
• Data Protection (UK, EU)
• FERPA (US)
• An Open Standards alternative to many proprietary
  solutions
• (such as) Microsoft Passport, Athens
• Major investment by NSF, Internet2, Educause
• Interest participation from many content
  vendors
• Firm timetabled decision by JISC to replace
  Athens, possibly by July 2006

The Family Educational Rights and Privacy Act
(FERPA) www.ed.gov/policy/gen/guid/fpco/ferpa/inde
x.html
9
Attribute-based Authorization

• Identity-based approach
• The identity of a prospective user is passed to
  the controlled resource and is used to determine
  (perhaps with requests for additional attributes
  about the user) whether to permit access.
• This approach requires the user to trust the
  target to protect privacy.
• Attribute-based approach
• Attributes are exchanged about a prospective user
  until the controlled resource has sufficient
  information to make a decision.
• This approach does not degrade privacy.

10
Problem How do we define role attributes?

• Naming institutions (unambiguously) is pleasantly
  simple lse.ac.uk
• Naming individuals is not much more difficult
  j.paschoud_at_lse.ac.uk
• Classifying the different roles (by which
  access-authorisation may be determined) in a
  standard way across (merely) UK
  universities/colleges is horrendous!
• and across the world?!?!?

11
UKeduPerson Study Objectives

• Document the state of play in other national
  communities, identifying commonality and
  significant incompatibilities.
• Make recommendations on whether or not a suitable
  (LDAP) eduPerson-like schema could be devised for
  use in the JISC community
• bearing in mind the wide range of institutional
  missions and the possible future extension of
  JISC's remit to other parts of the education
  sector.
• Report, allowing the JISC to move forward with
  strategic decisions in this area, in particular
  with respect to namespaces for likely
  authorisation models such as Shibboleth.

12
UKeduPerson Study Method

• Participation in Educause intl-schema forum, to
  assess strengths and weaknesses of similar
  XXeduPerson schemas already in use
• and influence schema structure decisions
  globally.
• Information gathering from HE FE institutions
  to identify relevant institutional initiatives,
  and to determine common and sector-specific
  requirements for a potential lifelong learning
  schema compatible with current DfES initiatives
• and cross-check with small sample of secondary
  schools.
• Report detailing current state-of-the-art in UK
  and globally, and future development
  recommendations, including
  technical, organisational and cost implications.
• Supporting material to summarise study report and
  facilitate presentation of issues to JISC
  committees and institutional decision-makers.
• Experimental implementation of one or more
  possible draft UKeduPerson schemas (using
  facilities established for the JISC SECURe
  Project) for demonstration purposes.

13
Educause intl-schema Forum

• Participants
• Educause, Internet2 (US)
• Australia (WALAP)
• Norway (UniNett domen.uninett.no/im/schema/)
• Spain (RedIRIS www.rediris.es/ldap/esquemas/index
  .en.html)
• Poland
• UK
• Switzerland (SWITCH)? Netherlands (SURF)?
• Currently in throw everything in the pot and see
  what surfaces mode.
• Agreed on domains for Global, National and Instl
  definition.
• No other (known) ground up surveys of how HEIs
  actually classify, and user requirements

14
How does Shibboleth work?

• Hmmmm. Its magic. ?
• (or You can ask me later)

after Michael Gettes, Duke University
Shibboleth Project Team
15
How does Shibboleth work?
after SWITCH, Switzerland
16
Project PERSEUS

• June 2004 until June 2006
• Integrating Shibboleth with uPortal
• Access Management for an integrated institutional
  portal (MIE)
• Interoperability with other portal services
• NEREUS
• Working closely with ITS and BSS
• Supported by SITS, WebCT, Sentient, Endeavor

17
JISC Information Environment(2003 concept view)
Powell, A, July 2003 (from UKOLN website)
18
LSE MIE architecture
CLR Collection-Level Registry
CLR
CMS Content Management System
SITS
CMS
student data
content
19
LSE MIKE Study view
LSE MIE end-user Study view
20
LSE MIKE Life view
LSE MIE end-user Life view
21
Further information

• SECURe www.angel.ac.uk/SECURe
• DELIVER www.angel.ac.uk/DELIVER
• ANGEL www.angel.ac.uk
• Shibboleth shibboleth.internet2.edu/
• eduPerson www.educause.edu/eduperson/
• JISC Information Environment www.ukoln.ac.uk/dis
  tributed-systems/jisc-ie/arch/

22
LSE Library Structure
The Librarian
Information Services
Tech Services
User Services
Taught Course Support
ILL / Doc-delivery
Archives
IT Support
IBSS
InforM25
Projects