The eduPersonScopedAffiliation attribute has a value to cover this already - “library-walk-in”
How that might work in practice is that the library could give those users who visit an account that asserts that particular attribute/value, or if you have open access workstations, configure the SAML IdP to automatically authenticate that IP address as a particular shared user that asserts that particular attribute/value.
It’s then up to the publisher to make the authorisation decision about whether a library-walk-in is allowed access to that particular resource.
If you just google “library-walk-in SAML” you should find some resources describing that above. I think GÉANT have some docs around some work they’ve done in this area.
Best, Rhys. -- Dr Rhys Smith Chief Technical Architect, Trust & Identity Jisc
T: +44 (0) 1235 822145 M: +44 (0) 7968 087821 Skype: rhys-smith GPG: 0x4638C985
jisc.ac.uk
Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under company number 05747339, VAT number GB 197 0632 86. Jisc’s registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800.
On 25 Feb 2020, at 11:15, Koren, Meshna (ELS-AMS) M.Koren@elsevier.com wrote:
Dear all,
Many libraries can, as part of their agreement with a publisher, provide access to subscribed publications to users that visit the premises. That's easy enough when the library has IP address access configured with the publisher.
Has anyone given any thought to how that would work with federated access, where libraries don't use IP address authentication?
And if yes, are there any thoughts or tips to be shared?
Thanks, Meshna
Meshna Koren
Associate Product Manager Product Management - Identity and Access - Research Products
Elsevier BV Radarweg 29, Amsterdam 1043 NX, The Netherlands m.koren@elsevier.com
Federated Access - SAML, Shibboleth, Corporate SSO, OpenAthens, Institutional Login
Elsevier B.V. Registered Office: Radarweg 29, 1043 NX Amsterdam, The Netherlands, Registration No. 33156677, Registered in The Netherlands.
FIM4L mailing list FIM4L@lists.daasi.de http://lists.daasi.de/listinfo/fim4l