[Fim4l] Short introduction

Gragert, Gerrit gerrit.gragert at sbb.spk-berlin.de
Wed Apr 10 17:32:24 CEST 2019


Dear Bernd,

I'm aware of this. This is one of the reasons why we use a proxy to provide access to the content and why we are our own service provider. But imho FIM has always to come with federated access management to address such problems. And as I understood, this is already part of the AARC Blueprint. So maybe with RA21, content provider will also change their technical settings here. Or we have to switch to an person-centric eduId like the suisse and others do. But this may bring up other problems in the access management.

Best,
Gerrit

--
Gerrit Gragert, M.A.
Ltg. IT-Services fuer die Digitale Bibliothek Abt. IDM 2.3

Staatsbibliothek zu Berlin - Preußischer Kulturbesitz Potsdamer Str. 33
10785 Berlin

Tel.: +49 30 266-43 22 30
Fax: +49 30 266-33 20 01
gerrit.gragert at sbb.spk-berlin.de
www.staatsbibliothek-berlin.de


> -----Ursprüngliche Nachricht-----
> Von: FIM4L <fim4l-bounces at lists.daasi.de> Im Auftrag von Bernd Oberknapp
> Gesendet: Dienstag, 9. April 2019 16:27
> An: fim4l at lists.daasi.de
> Betreff: Re: [Fim4l] Short introduction
> 
> Hi,
> 
> most content provider platforms work with fixed customer accounts, and a
> user is always mapped to a single customer account, either based on IP
> ranges or information provided by FIM. So while FIM could provide the
> information which resources from multiple customer accounts should be
> available to a specific user, most content provider won't be able to give
> the user access to that set of resources.
> 
> For example University of Freiburg and a special information service have
> two different customer accounts for a content provider, and a user is
> always mapped to one of them. In order to provide access to both the
> resources licensed by University of Freiburg and the special information
> service to a user entitled to access both, a separate customer account
> with the combined resources and a specific mapping to that customer
> account would be nessecary. There are lots of special information services
> and even more combinations of licensed resources -  this obviously doesn't
> scale.
> 
> There are some exceptions like SpringerLink, but the way this is handled
> today is quite confusing - it is possible to login multiple times with
> accounts from differnt institutions (or even the same institution) and the
> status message at the bottom of the page still shows "Not logged in". This
> only changes when a registered SpringerLink account is used to login.
> 
> Best regards,
> Bernd
> 
> 
> On 09.04.2019 15:10, Gragert, Gerrit wrote:
> > Dear Jiri,
> >
> >> Is it correct that State Library Berlin registered patrons can use
> >> federated authentication at JSTOR, Project MUSE, Web Of Science, ... ?
> >
> > Well... No. It's complicated...
> >
> > We have differents groups of users/patrons. The largest group are our
> > "local" patrons at the SBB - you have to get here to our house, fill
> > out and sign a registration form and then you get a library card. Then
> > you may use our ejournals and databases and so on (including JSTOR,
> > MUSE etc.)
> >
> > But these patrons have to use a proxy-server with local authentication
> (OpenLDAP). As I wrote, we cannot provide federated authentication for
> them because a lot of these patrons already have an federated identity at
> their university or other home instiution.
> >
> > Another group of users are the users of our special information services
> (in german it says Fachinformationsdienste). These are scientist from all
> over germany who are registered for the service. They may connect their
> home identity with the account at the special information service via
> eduPersonUniqueId. Here, we are using federated authentication based on
> SAML at our proxy server, but not towards the providers (also because the
> providers are mostly chinese and they never heard about something like
> Shibboleth).
> >
> > But my goal is to offer federated authentication for all of our users.
> So out patrons may use our services and the serivces at third-party
> providers we have licensed with their home identity.
> >
> > Best,
> >
> >      Gerrit
> >
> > --
> > Gerrit Gragert, M.A.
> > Ltg. IT-Services fuer die Digitale Bibliothek Abt. IDM 2.3
> >
> > Staatsbibliothek zu Berlin - Preußischer Kulturbesitz Potsdamer Str.
> > 33
> > 10785 Berlin
> >
> > Tel.: +49 30 266-43 22 30
> > Fax: +49 30 266-33 20 01
> > gerrit.gragert at sbb.spk-berlin.de
> > www.staatsbibliothek-berlin.de
> >
> > _______________________________________________
> > FIM4L mailing list
> > FIM4L at lists.daasi.de
> > http://lists.daasi.de/listinfo/fim4l
> >
> 
> 
> --
> Bernd Oberknapp
> Gesamtleitung ReDI
> 
> Albert-Ludwigs-Universität Freiburg
> Universitätsbibliothek
> Platz der Universität 2 | Postfach 1629
> D-79098 Freiburg        | D-79016 Freiburg
> 
> Telefon:  +49 761 203-3852
> Telefax:  +49 761 203-3987
> E-Mail:   bo at ub.uni-freiburg.de
> Internet: www.ub.uni-freiburg.de



More information about the FIM4L mailing list