[Fim4l] Federated access - Walk-In

Jos Westerbeke jos.westerbeke at eur.nl
Tue Feb 25 13:26:49 CET 2020

Hi Meshna.

For this our library provides a day pass, a "Library service card". One needs to go to the library desk to register and to show identification card etc. Then a password is set and given. The account authenticates for our e-resources like a student account. Quite some security rules apply here and the password is reset at the end of the session. We don't use the additional "library-walk-in" attribute as far as I know, which is a nicer solution. At least for you to recognize walk-in users.;) And if a publisher demands it to let it be known, then we need to use this attribute.


On 25/02/2020, 12:20, "FIM4L on behalf of Rhys Smith" <fim4l-bounces at lists.daasi.de on behalf of Rhys.Smith at jisc.ac.uk> wrote:

    The eduPersonScopedAffiliation attribute has a value to cover this already - “library-walk-in”
    How that might work in practice is that the library could give those users who visit an account that asserts that particular attribute/value, or if you have open access workstations, configure the SAML IdP to automatically authenticate that IP address as a particular shared user that asserts that particular attribute/value.
    It’s then up to the publisher to make the authorisation decision about whether a library-walk-in is allowed access to that particular resource.
    If you just google “library-walk-in SAML” you should find some resources describing that above. I think GÉANT have some docs around some work they’ve done in this area.
    Dr Rhys Smith
    Chief Technical Architect, Trust & Identity
    T: +44 (0) 1235 822145
    M: +44 (0) 7968 087821
    Skype: rhys-smith
    GPG: 0x4638C985
    Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under company number 05747339, VAT number GB 197 0632 86. Jisc’s registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800.
    > On 25 Feb 2020, at 11:15, Koren, Meshna (ELS-AMS) <M.Koren at elsevier.com> wrote:
    > Dear all,
    > Many libraries can, as part of their agreement with a publisher, provide access to subscribed publications to users that visit the premises. That's easy enough when the library has IP address access configured with the publisher.
    > Has anyone given any thought to how that would work with federated access, where libraries don't use IP address authentication?
    > And if yes, are there any thoughts or tips to be shared?
    > Thanks,
    > Meshna
    > Meshna Koren
    > Associate Product Manager
    > Product Management - Identity and Access - Research Products
    > Elsevier BV
    > Radarweg 29, Amsterdam 1043 NX, The Netherlands
    > m.koren at elsevier.com
    > Federated Access - SAML, Shibboleth, Corporate SSO, OpenAthens, Institutional Login
    > Elsevier B.V. Registered Office: Radarweg 29, 1043 NX Amsterdam, The Netherlands, Registration No. 33156677, Registered in The Netherlands. 
    > _______________________________________________
    > FIM4L mailing list
    > FIM4L at lists.daasi.de
    > http://lists.daasi.de/listinfo/fim4l
    FIM4L mailing list
    FIM4L at lists.daasi.de

More information about the FIM4L mailing list