Demonstration: An Example User Journey
Andy Walker is a journalist and external guest at University One. He does not have an IT account but he does have walk-in access to the University library.
Barbara Jensen is a librarian at University One.
Andy is writing a newspaper article about dogs living on boats, and he visits University One's library to do some research.
He attempts to access a suitable photo archive using a university terminal for walk-in users.
|3.||However, he's blocked - the site requires Shibboleth authentication and he does not have an account.|
He reports this to Barbara at the library support desk and asks for help.
Barbara knows that University One has access to a special IP address-based IdP and that it has access to the archive, so she decides to add the terminal Andy that is using.
Barbara visits the administration page for the IdP, and logs in with her University One credentials.
She adds the IP address of the terminal. (22.214.171.124)
Barbara then asks Andy to try again, and to use the IPA IdP.
|6.||Andy returns to the terminal and tries again - and this time he can log in to the eResource. He is now able to do research for his article.|
Task1, Pilot 2
Walk by users
Support authorized access for citizen scientists to library resources (SAML+IP to SAML with authZ)
Approach/AARC identified solution
Establish a guest SAML IdP which adds attributes to authorize non-institutional users. In addition, explore exploitation models: per library or per national library consortium deployment.
Shibboleth v3 for IdP with IP-based AuthZ attribute
Gain for end-users/administrators
Detailed technical description
Documentation of components
Documentation of the portal that allows library administrators to manage their campus IP address ranges
Shibboleth v3 for walk by user access
IT: GARR, Library
Close to finalization. Awaiting final phase of feedback from communities