Internet2

InCommon is operated by Internet2
InCommon

About            Participants            Join InCommon

Federation

Join InCommon

InCommon Participants

InCommon Affiliates

InCommon Basics

InCommon Policies and Practices

Changing the InCommon Exec, Site Admin, RAO

IAM Online Webinar Series

About InCommon

Contact InCommon

InCommon Library Collaboration

Recommendations include Shibboleth/EZproxy hybrid

Resources

Overview and recommendations [PDF]

Implementing the Shibboleth/EZproxy hybrid [PDF]

Best Practices [PDF]

Registry of Resources [wiki page]

Info Sheet [PDF]

Presentations

Webinar (1/15/2010) [Adobe Connect]
     View slides only [PDF]

Univ. of North Carolina Case Study (PDF)
     (from Educause regional 1/20/2010)

Shibboleth in a library setting (PDF)
     (presented at Educause 2008)

Beyond IP addresses (PDF)
     (presented at 2008 ALA)

Shibboleth and library resources (PDF)
      (Fall 2007 Internet2 Member Meeting)

Several college and university library IT professionals formed the InCommon Library collaboration to explore methods for fine-grain control of access to licensed resources, leveraging the campus identity management system while accommodating a wide variety of users.

One goal was to move away from IP-address-based authentication. The collaboration tested and recommended a hybrid of Shibboleth (a single sign-on solution for accessing on-campus and off-campus resources) and EZproxy (widely deployed among libraries).

The group also developed best practices, a registry of resources, and organized a method for encouraging library resource providers to join InCommon, adding value for adopting the Shibboleth/EZproxy hybrid solution.

Why the Shibboleth/EZproxy Hybrid?

Libraries face special situations in making online resources available.

  • The catalog may be open to all who enter the building.

  • Specialized databases may be open to anyone physically in the library.

  • Databases may be open to those with university credentials regardless of their physical location.

  • Some resources may be open only to students and faculty in a certain field (such as the law school or medical school).

EZproxy is widely used to provide access to off-campus resources. Shibboleth leverages the main campus identity management system, protects user privacy and data security, and provides fine-grained access control. This provides benefits for:

  • Users – single userID and password.

  • Librarians – reducing expenses and support needs, with far less IP and proxy maintenance. It also permits the use of additional federated resources while keeping the user experience consistent.

  • Library administration – provides usage statistics, useful for scoping licenses to the actual numbers of users. With federated IdM, you can ensure that you meet the terms of your licenses by provided access only to those who should have access.

  • Vendors – misconfigured proxies are common and enable hackers to download large amounts of content without authenticating. Provides privacy with personalization.

For more information, contact info AT incommon DOT org>

Copyright 2004-2013 InCommon LLC. All rights reserved. info@incommon.org. InCommon is operated by Internet2.