Library Intelligencer » identity management

NISO Announces New Work on Single Sign-On Authentication

shirley — Wed, 29 Apr 2009 22:17:06 +0000

nbsp;http://www.niso.org/news/pr/view?item_ke…

Baltimore, MD – April 29, 2009 – NISO is pleased to announce the approval by the NISO Voting Members of a new work item to focus on perfecting single-sign-on (SSO) authentication to achieve seamless item-level linking in a networked information environment. A new working group will be formed under the auspices of NISO’s Discovery to Delivery Topic Committee to create one or more recommended practices that will explore practical solutions for improving the success of SSO authentication technologies and to promote the adoption of one or more of these solutions to make the access improvements a reality.
more…

Shibboleth access now available for Cambridge Journals Online

shirley — Thu, 19 Mar 2009 20:58:27 +0000

9 Mar 09: Cambridge University Press has announced that its first wave of Shibboleth compliance is now live.

Oxford University Press is now Shibboleth-compliant

shirley — Thu, 18 Dec 2008 21:13:43 +0000

Oxford University Press is pleased to announce that from Monday 22 December its journals and many online products can now be accessed using Shibboleth by subscribing institutions who are members of the UK Access Management Federation.

Shibboleth is a system used by libraries to control access to online resources. Library users in institutions that use Shibboleth can now access the full text of all Oxford journals, and online resources such as Oxford Reference Online and Oxford English Dictionary using their institutional usernames and passwords.

Other online products that are compliant with Shibboleth are Oxford Scholarship Online, Who’s Who, Dictionary of National Biography, Oxford Islamic Studies Online, Oxford Language Dictionaries Online, Electronic Enlightenment, and Grove Art and Music Online.

Chris Bennett, Head of Sales for Academic Online Products, is delighted that OUP is able to provide this service to their library customers:
‘Shibboleth is being used by an increasing number of libraries, so being compliant with this access-control system will help many library users to access our content more easily. Many of our online products are now compliant with Shibboleth, and we are now working towards making the remaining products compliant.’

A key benefit of Shibboleth is that users can move between different Shibboleth-enabled websites and services and be recognized by each one without having to sign in each time, known as ’single sign on’.
Shibboleth also reduces the need for users to maintain multiple username and passwords.

Oxford Journals has provided some instructions for libraries on how they can activate their Shibboleth access which can be downloaded here:

http://www.oxfordjournals.org/for_librar…

Review of Open ID Final Report

shirley — Tue, 09 Dec 2008 22:48:06 +0000

nbsp;http://www.jisc.ac.uk/Home/publications/…

The primary aim of the project was to produce a report (this document) to allow decision-makers to understand OpenID’s security properties in order to perform risk assessment of their envisaged use cases and avoid any of OpenID’s potential security pitfalls. The project conducted a survey of computer centre managers and senior staff members to gain an understanding of how they are likely
to proceed with OpenID, with or without the presence of this guidance. None of those consulted was currently willing to permit the use of OpenID for granting access to any resources of value. A few may be willing to use it for access to resources with low identity assurance requirements such as blogs or wikis.

The secondary aim was to develop bridging software, the OpenID-SAML Gateway, to allow OpenIDs from any source to be used as identities within the production UK federation, creating opportunities for experimentation by early adopters. A basic demonstration of the gateway was provided by the UK federation’s printenv test SP3. This simply displays the attributes that an IdP (the gateway, in this case) releases to a UK federation SP. Among these is the user’s OpenID, converted to form a value of eduPersonPrincipalName (ePPN). At the time of writing eight users had experimented with the gateway.

A further demonstration was provided using EDINA’s Land, Life and Leisure service4. In this case, the service maintains an access control list containing the set of eduPersonPrincipalNames that it will accept, so the service can be accessed only by users whose OpenIDs have been added to the ACL configuration file. This showed that it is possible to successfully control the set of OpenID users who can access a Shibbolized production service.