[Fim4l] Federated access - Walk-In
jos.westerbeke at eur.nl
Tue Feb 25 13:26:49 CET 2020
For this our library provides a day pass, a "Library service card". One needs to go to the library desk to register and to show identification card etc. Then a password is set and given. The account authenticates for our e-resources like a student account. Quite some security rules apply here and the password is reset at the end of the session. We don't use the additional "library-walk-in" attribute as far as I know, which is a nicer solution. At least for you to recognize walk-in users.;) And if a publisher demands it to let it be known, then we need to use this attribute.
On 25/02/2020, 12:20, "FIM4L on behalf of Rhys Smith" <fim4l-bounces at lists.daasi.de on behalf of Rhys.Smith at jisc.ac.uk> wrote:
The eduPersonScopedAffiliation attribute has a value to cover this already - “library-walk-in”
How that might work in practice is that the library could give those users who visit an account that asserts that particular attribute/value, or if you have open access workstations, configure the SAML IdP to automatically authenticate that IP address as a particular shared user that asserts that particular attribute/value.
It’s then up to the publisher to make the authorisation decision about whether a library-walk-in is allowed access to that particular resource.
If you just google “library-walk-in SAML” you should find some resources describing that above. I think GÉANT have some docs around some work they’ve done in this area.
Dr Rhys Smith
Chief Technical Architect, Trust & Identity
T: +44 (0) 1235 822145
M: +44 (0) 7968 087821
Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under company number 05747339, VAT number GB 197 0632 86. Jisc’s registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800.
> On 25 Feb 2020, at 11:15, Koren, Meshna (ELS-AMS) <M.Koren at elsevier.com> wrote:
> Dear all,
> Many libraries can, as part of their agreement with a publisher, provide access to subscribed publications to users that visit the premises. That's easy enough when the library has IP address access configured with the publisher.
> Has anyone given any thought to how that would work with federated access, where libraries don't use IP address authentication?
> And if yes, are there any thoughts or tips to be shared?
> Meshna Koren
> Associate Product Manager
> Product Management - Identity and Access - Research Products
> Elsevier BV
> Radarweg 29, Amsterdam 1043 NX, The Netherlands
> m.koren at elsevier.com
> Federated Access - SAML, Shibboleth, Corporate SSO, OpenAthens, Institutional Login
> Elsevier B.V. Registered Office: Radarweg 29, 1043 NX Amsterdam, The Netherlands, Registration No. 33156677, Registered in The Netherlands.
> FIM4L mailing list
> FIM4L at lists.daasi.de
FIM4L mailing list
FIM4L at lists.daasi.de
More information about the FIM4L