Hi Meshna.
For this our library provides a day pass, a "Library service card". One needs to go to the library desk to register and to show identification card etc. Then a password is set and given. The account authenticates for our e-resources like a student account. Quite some security rules apply here and the password is reset at the end of the session. We don't use the additional "library-walk-in" attribute as far as I know, which is a nicer solution. At least for you to recognize walk-in users.;) And if a publisher demands it to let it be known, then we need to use this attribute.
best, Jos
On 25/02/2020, 12:20, "FIM4L on behalf of Rhys Smith" <fim4l-bounces@lists.daasi.de on behalf of Rhys.Smith@jisc.ac.uk> wrote:
The eduPersonScopedAffiliation attribute has a value to cover this already - “library-walk-in”
How that might work in practice is that the library could give those users who visit an account that asserts that particular attribute/value, or if you have open access workstations, configure the SAML IdP to automatically authenticate that IP address as a particular shared user that asserts that particular attribute/value.
It’s then up to the publisher to make the authorisation decision about whether a library-walk-in is allowed access to that particular resource.
If you just google “library-walk-in SAML” you should find some resources describing that above. I think GÉANT have some docs around some work they’ve done in this area.
Best, Rhys. -- Dr Rhys Smith Chief Technical Architect, Trust & Identity Jisc
T: +44 (0) 1235 822145 M: +44 (0) 7968 087821 Skype: rhys-smith GPG: 0x4638C985
jisc.ac.uk
Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under company number 05747339, VAT number GB 197 0632 86. Jisc’s registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800.
> On 25 Feb 2020, at 11:15, Koren, Meshna (ELS-AMS) M.Koren@elsevier.com wrote: > > Dear all, > > Many libraries can, as part of their agreement with a publisher, provide access to subscribed publications to users that visit the premises. That's easy enough when the library has IP address access configured with the publisher. > > Has anyone given any thought to how that would work with federated access, where libraries don't use IP address authentication? > > And if yes, are there any thoughts or tips to be shared? > > Thanks, > Meshna > > > > Meshna Koren > > Associate Product Manager > Product Management - Identity and Access - Research Products > > Elsevier BV > Radarweg 29, Amsterdam 1043 NX, The Netherlands > m.koren@elsevier.com > > Federated Access - SAML, Shibboleth, Corporate SSO, OpenAthens, Institutional Login > > > > > Elsevier B.V. Registered Office: Radarweg 29, 1043 NX Amsterdam, The Netherlands, Registration No. 33156677, Registered in The Netherlands. > > _______________________________________________ > FIM4L mailing list > FIM4L@lists.daasi.de > http://lists.daasi.de/listinfo/fim4l
_______________________________________________ FIM4L mailing list FIM4L@lists.daasi.de http://lists.daasi.de/listinfo/fim4l