Interesting Shibboleth Use Case: Enforcing Geographic Restrictions

Last month’s HathiTrust newsletter had an interesting technical tidbit at the top about access to out-of-print and brittle or missing items:

One of the lawful uses of in-copyright works HathiTrust has been pursuing is to provide access on an institutional basis to works that fall under United States Copyright Law Section 108 conditions: works in HathiTrust that are not available on the market at a fair price, and for which print copies owned by HathiTrust member institutions are damaged, deteriorating, lost or stolen. As a part of becoming a member, institutions are required to submit information about their print holdings for fee calculation purposes. We have also been requesting information about the holdings status and condition of works, to facilitate uses of works where permissible by law (specifications for HathiTrust holdings data are available at http://www.hathitrust.org/print_holdings).

“The Challenges of User Consent” — Handling Shibboleth User Attributes

One of the great things about the Shibboleth inter-institution single sign-on software package is the ability for the Identity Provider to limit how much a Service Provider knows about a user’s request for service. (Not familiar with those capitalized terms? Read on for definitions.) But with this capability comes great flexibility, and with the flexibility can come lots of management overhead. So I was intrigued to see the announcement for an online webinar from the InCommon Shibboleth Federation with the title “The Challenges of User Consent” covering the issues of managing who gets access to what information about users.

Microsoft Giving Away Developer Software to Students

Stu Hicks, one of OhioLINK’s systems engineers, told the OhioLINK staff last night about a new program at Microsoft called DreamSpark. Through this program, post-secondary students around the world who are attending accredited schools or universities can download some of Microsoft’s big developer and designer tools free of charge. At the time and place this post is being written, the list of software is:

  • Visual Studio 2008 Professional Edition
  • Windows Server 2003 Standard Edition
  • SQL Server 2005 Developers Edition
  • Expression Studio
  • XNA Game Studio
  • Visual Studio 2005 Professional Edition
  • Visual C# 2005 Express Edition
  • Visual C++ 2005 Express Edition

Access Management and Provisioning Technology

Building on the shoulders of others — isn’t that how that quote goes? There has been a stack of printouts on my desk for a while now for various access management and service provisioning technologies. Rather than keep the paper, I’m putting the list here so I know how to get back to them if/when I need to. (Of course, along the way if you’d like to comment on them or suggest others to look at, please feel free to do so in the comments.) Note, too, that by listing them here I’m not proposing, or even sure if, all of these pieces come together to a coherent structure.

Authentication and Access in a Metasearch Environment

Mike Teets of OCLC and I teamed up to write an article on Metasearch Authentication and Access Management for this month’s D-Lib Magazine. The first part of the article is a bit of a primer on access management techniques followed by a survey and analysis of access management schemes in use last year. The key part, I think, is the “Recommendations” (access restrictions by IP address plus authenticated proxy servers is the best one can hope for right now) and “Next Steps” (Shibboleth is superior to other access control mechanisms beyond IP/proxy that one might consider, but there is lots of work to be done).

OhioLINK is seeking to fill a Systems Engineer position. Interested?

OhioLINK is seeking candidates to fill a newly-created position: Systems Engineer – Access Manager. This position will work with other OhioLINK staff in providing support of daily operations and will serve a primary role as Access Manager. As Access Manager, this position will support users who are experiencing access issues to OhioLINK’s databases and services including IP management, remote authentication, Shibboleth implementation, and analyzing networking issues.