![Page 1: Why are HEAnet in this space? Collaborative, shared and cloud services](https://reader036.vdocuments.net/reader036/viewer/2022062500/568150af550346895dbecc59/html5/thumbnails/1.jpg)
Why are HEAnet in this space?– Collaborative, shared and cloud services– IP address access control and IPv6– Synergy with eduroam (single credential, eduGAIN)– NREN fulfils the role of federation operator
![Page 2: Why are HEAnet in this space? Collaborative, shared and cloud services](https://reader036.vdocuments.net/reader036/viewer/2022062500/568150af550346895dbecc59/html5/thumbnails/2.jpg)
TerminologySingle Log On
• single point of authentication• synchronised account and credentials• authenticate to each application
Single Sign On (SSO)• single point of authentication • single credential, single account• authenticate once
![Page 3: Why are HEAnet in this space? Collaborative, shared and cloud services](https://reader036.vdocuments.net/reader036/viewer/2022062500/568150af550346895dbecc59/html5/thumbnails/3.jpg)
Identity Provider• Authenticates user and provides user data • Personal, non-personal or none
Service Provider• Authorises access based on incoming data• Personalises experience based on incoming data• Persists the experience between sessions• Links application data with incoming data
Edugate
![Page 4: Why are HEAnet in this space? Collaborative, shared and cloud services](https://reader036.vdocuments.net/reader036/viewer/2022062500/568150af550346895dbecc59/html5/thumbnails/4.jpg)
Identity Providers• Institutes of Technology• Universities• Research agencies on the HEAnet network• Expanded set in the future
Edugate
![Page 5: Why are HEAnet in this space? Collaborative, shared and cloud services](https://reader036.vdocuments.net/reader036/viewer/2022062500/568150af550346895dbecc59/html5/thumbnails/5.jpg)
– Potential Services• Institutional services
» Any website requiring a login [for non-campus users]
• Shared services» HEAnet services, An Cheim services, IReL, NDLR
• Academic content » Publishers (EBSCO, Elsevier, JSTOR) and databases
• Research portals» Or any cross-institutional research group resource
• Organisations offering academic discount» Microsoft Dreamspark, o2, Travelcard
Edugate
![Page 6: Why are HEAnet in this space? Collaborative, shared and cloud services](https://reader036.vdocuments.net/reader036/viewer/2022062500/568150af550346895dbecc59/html5/thumbnails/6.jpg)
– Potential Services
Edugate
* Bodington.org
* Condor
* Confluence Wiki
* Darwin Streaming
* Dokuwiki
* Drupal
* DSpace
* eAcademy
* Fedora Repository
* Google Apps
* GridSphere/GridShib
* Dawsonera
* Horde
* Joomla
* LionShare
* MediaWiki
* Mahara
* MyProxy
* Napster
* PHEAA
* Sharepoint
* SYMPA
* Symplicity
*TargetConnect
* TWiki
* uPortal
* WordPress
* Zope + Plone
* Live@edu
* ArtSTOR
* Elluminate
* CSA
* Digitalbrain
* EBSCO
* Elsvier
*Science Direct
* ExLibris
* JSTOR
* The Literary Encyclopedia
* Metapress
* Moodle
* OCLC
* Ovid.
* Project MUSE
* Thomson Reuters
* Proquest
* Serial Solutions
* SCRAN
* Thomson Gale
* EZproxy
* Blackboard
* CLIX
* Sakai
* WebAssign
* WebCT
* TurnItIn
*Zetoc
![Page 7: Why are HEAnet in this space? Collaborative, shared and cloud services](https://reader036.vdocuments.net/reader036/viewer/2022062500/568150af550346895dbecc59/html5/thumbnails/7.jpg)
– InternationallyAT ACOnet-AAI AU Australian Access Federation AAF CA Canadian Access Federation CAF CH SWITCHaai CZ eduID.cz DE DFN-AAI DK WAYF ES SIR FI Haka FR Fédération Éducation-Recherche GR GRNET HR AAI@EduHr HU NIIF AAI IE Edugate
Edugate
IT IDEMLV LAIFENL SURFnetNO FEIDE PT RCTSaai SE SWAMID US InCommon UK UK Access Management Federation for Education and Research
eduGAIN to connect these federations
![Page 8: Why are HEAnet in this space? Collaborative, shared and cloud services](https://reader036.vdocuments.net/reader036/viewer/2022062500/568150af550346895dbecc59/html5/thumbnails/8.jpg)
• Athens services was proprietary and library only• Open standards were used for non-library services• UK Access Management Federation provides alternative
to Athens that allows a single access platform services both library and non-library.
• 800 Members, All UK Higher Education Institutions have joined the UK Access Management Federation,
• 50% of those institutions use it gain access to library content using Shibboleth
• 50% use the Athens Gateway to federated access.• Publishers support Shibboleth is approximately 50%.
UK Access Mgmt. Fed.
![Page 9: Why are HEAnet in this space? Collaborative, shared and cloud services](https://reader036.vdocuments.net/reader036/viewer/2022062500/568150af550346895dbecc59/html5/thumbnails/9.jpg)
![Page 10: Why are HEAnet in this space? Collaborative, shared and cloud services](https://reader036.vdocuments.net/reader036/viewer/2022062500/568150af550346895dbecc59/html5/thumbnails/10.jpg)
![Page 11: Why are HEAnet in this space? Collaborative, shared and cloud services](https://reader036.vdocuments.net/reader036/viewer/2022062500/568150af550346895dbecc59/html5/thumbnails/11.jpg)
Based on the SAML2 Protocol• Interoperable Web-SSO Profile (saml2int.org)
– Shibboleth 2, simpleSAMLphp– Oracle, IBM, Ping and Microsoft ADFS v2
Implementation– Service Provider
• Web server plug-in (optional application integration)– Identity Provider
• Web application with connection to campus directory
Edugate
![Page 12: Why are HEAnet in this space? Collaborative, shared and cloud services](https://reader036.vdocuments.net/reader036/viewer/2022062500/568150af550346895dbecc59/html5/thumbnails/12.jpg)
Z39.50 Protocol• Search multiple targets at the same time• Retrieve
SAML Protocol• Authenticate with multiple targets as needed• Authorise
Edugate –SAML
![Page 13: Why are HEAnet in this space? Collaborative, shared and cloud services](https://reader036.vdocuments.net/reader036/viewer/2022062500/568150af550346895dbecc59/html5/thumbnails/13.jpg)
Authentication• Responsibility of the institution• Usually LDAP, but other options available
Authorization– Controlled by the service provider– Institution can filter users before service provider– Based on the users attributes
Edugate
![Page 14: Why are HEAnet in this space? Collaborative, shared and cloud services](https://reader036.vdocuments.net/reader036/viewer/2022062500/568150af550346895dbecc59/html5/thumbnails/14.jpg)
Attributes • GivenName, surname, email & Organisation
– Joseph, Bloggs, [email protected], University of Mullingar
• EduPersonPrincipalName – [email protected]
• EduPersonTargetedID– a44ffed231eda7b7a7d
• EduPersonScopedAffiliation– [email protected], [email protected]
• EduPersonEntitlement
urn:mace:heanet.ie:media:write
Edugate
![Page 15: Why are HEAnet in this space? Collaborative, shared and cloud services](https://reader036.vdocuments.net/reader036/viewer/2022062500/568150af550346895dbecc59/html5/thumbnails/15.jpg)
Attributes eduPersonScopedAffiliation
student undergraduate or postgraduatestaff all stafffaculty to distinguish teaching staffemployee staff other than staff/faculty (e.g., contractor)member comprises all the categories named aboveaffiliate relationship short of full memberalum Alumnus (graduate)library-walk-in
Edugate
![Page 16: Why are HEAnet in this space? Collaborative, shared and cloud services](https://reader036.vdocuments.net/reader036/viewer/2022062500/568150af550346895dbecc59/html5/thumbnails/16.jpg)
Why use Edugate...• Reduce account provisioning for walk-in and campus users• Reduce the number of passwords for your users• Reduce the number of prompts for those passwords• Filter user access to content by affiliation or special groups• Stop worrying about licences and users on your wifi network or open
terminals• Start to eliminate abuse of shared credentials/generic accounts• IPv4 to IPv6 migration (193.1.200.412 Vs 2002:c101:e4a5::c101:e4a5)• Enhanced personalisation, without loosing privacy.• No fee
![Page 17: Why are HEAnet in this space? Collaborative, shared and cloud services](https://reader036.vdocuments.net/reader036/viewer/2022062500/568150af550346895dbecc59/html5/thumbnails/17.jpg)
Edugate on Campus
IT department sets up identity provider service (IdP)
Any other department can opt to accept a federated login (SP)– Library can opt to replace Ezproxy URL in the
catalogue.– Library can opt to enable federated login to the
library website, repositories– Library can opt to integrate ezproxy with the IdP
![Page 18: Why are HEAnet in this space? Collaborative, shared and cloud services](https://reader036.vdocuments.net/reader036/viewer/2022062500/568150af550346895dbecc59/html5/thumbnails/18.jpg)
Edugate on Campus
IT department sets up identity provider service (IdP)
IADT,UCD,CIT,DKIT,TCD,NUIM,NUIG,ITT,
WIT,LIT,DCU,DIT,UL,DIAS,NCAD
![Page 19: Why are HEAnet in this space? Collaborative, shared and cloud services](https://reader036.vdocuments.net/reader036/viewer/2022062500/568150af550346895dbecc59/html5/thumbnails/19.jpg)
Edugate on Campus
Catalogue with Ezproxy
Publisher content
LDAP
UserPublisher content
Publisher contentPublisher content
![Page 20: Why are HEAnet in this space? Collaborative, shared and cloud services](https://reader036.vdocuments.net/reader036/viewer/2022062500/568150af550346895dbecc59/html5/thumbnails/20.jpg)
Edugate on Campus
Catalogue with Ezproxy
Publisher content
LDAP
User
Shibb
Publisher contentPublisher content
Publisher content
![Page 21: Why are HEAnet in this space? Collaborative, shared and cloud services](https://reader036.vdocuments.net/reader036/viewer/2022062500/568150af550346895dbecc59/html5/thumbnails/21.jpg)
Edugate on Campus
Catalogue with Ezproxy
Publisher content
LDAP
User
Shibb
Publisher contentPublisher content
Publisher content
Publisher contentPublisher content
Publisher content non-library services
![Page 22: Why are HEAnet in this space? Collaborative, shared and cloud services](https://reader036.vdocuments.net/reader036/viewer/2022062500/568150af550346895dbecc59/html5/thumbnails/22.jpg)
Edugate on Campus
Catalogue (With Shibb)
Publisher content
LDAP
User
Shibb
Publisher contentPublisher content
Publisher content
Publisher contentPublisher content
Publisher content non-library services
![Page 23: Why are HEAnet in this space? Collaborative, shared and cloud services](https://reader036.vdocuments.net/reader036/viewer/2022062500/568150af550346895dbecc59/html5/thumbnails/23.jpg)
Edugate on Campus
Catalogue (Without Ezproxy)
Publisher content
LDAP
User
Shibb
Publisher contentPublisher content
Publisher content
Publisher contentPublisher content
Publisher content non-library services
![Page 24: Why are HEAnet in this space? Collaborative, shared and cloud services](https://reader036.vdocuments.net/reader036/viewer/2022062500/568150af550346895dbecc59/html5/thumbnails/24.jpg)
Hybrid Edugate on Campus
Catalogue (some Ezproxysome Shibb)
Publisher content
LDAP
User
Shibb
Publisher contentPublisher content
Publisher content
Publisher contentPublisher content
Publisher content non-library services
![Page 25: Why are HEAnet in this space? Collaborative, shared and cloud services](https://reader036.vdocuments.net/reader036/viewer/2022062500/568150af550346895dbecc59/html5/thumbnails/25.jpg)
Edugate on Campus
Repository(With Shibb)
Full upload or preferences
LDAP
User
Shibb
LDAP
Shibb
LDAP
Shibb
![Page 26: Why are HEAnet in this space? Collaborative, shared and cloud services](https://reader036.vdocuments.net/reader036/viewer/2022062500/568150af550346895dbecc59/html5/thumbnails/26.jpg)
Edugate for non-academic libraries
Repository(With Shibb)
Full upload or preferences
LDAP
User
Shibb
LDAP
Shibb
LDAP
Shibb
![Page 27: Why are HEAnet in this space? Collaborative, shared and cloud services](https://reader036.vdocuments.net/reader036/viewer/2022062500/568150af550346895dbecc59/html5/thumbnails/27.jpg)
When to use EZ, Shibb or other
![Page 28: Why are HEAnet in this space? Collaborative, shared and cloud services](https://reader036.vdocuments.net/reader036/viewer/2022062500/568150af550346895dbecc59/html5/thumbnails/28.jpg)
Edugate on Campus
(Assuming a service supports Shibboleth)
Use Shibboleth...• if you intend to take advantage of fine grained access control
• If the service offers personalisation and persistent sessions (e.g. search results, search preferences etc).
• if the content of the service is frequently accessed as a result of a Google search rather than a search of your Opac (thus bypassing your EZproxy URLs).
• if Shibboleth is frequently used to access other services like student email and you want to avail of the single-sign-on with no re-authentication prompts
![Page 29: Why are HEAnet in this space? Collaborative, shared and cloud services](https://reader036.vdocuments.net/reader036/viewer/2022062500/568150af550346895dbecc59/html5/thumbnails/29.jpg)
Edugate on Campus
Some services do not support a Shibboleth login yet.
• Use EZproxy for services with no personalisation features and for services that don’t feature in Google results, and for services that don’t support Shibboleth
• Use EZproxy with Shibboleth for these non personalised services if your campus uses Shibboleth for other frequently accessed services (thus benefiting from single-sign-on)
• Use Shibboleth if any of the reasons listed on the previous slide fit
![Page 30: Why are HEAnet in this space? Collaborative, shared and cloud services](https://reader036.vdocuments.net/reader036/viewer/2022062500/568150af550346895dbecc59/html5/thumbnails/30.jpg)
IdP Configuration
Edugate Resource Registry
Shibboleth IdP
IdP Admin
DB
Shibb config files
SP Admin
IdP AdminIdP
Admin
SP Admin
Non Shibb IdP