Page History

...

Demonstration: An Example User Journey

1.	This is a user story featuring two users at a university called Typical University One. Andy Walker is a journalist and external guest at University One. He does not have an IT account but he does have walk-in access to the University library. Barbara Jensen is a librarian at University One.
2.	Andy is writing a newspaper article about dogs living on boats, and he visits University One's library to do some research. He attempts to access a suitable photo archive using a university terminal for walk-in users. https://saml-eresource.libs3.aarc.demo.university/	Image Modified
3.	However, he's blocked - the site requires Shibboleth authentication and he does not have an account.	Image Modified Image Modified
4.	He reports this to Barbara at the library support desk and asks for help. Barbara knows that University One has access to a special IP address-based IdP and that it has access to the archive, so she decides to add the terminal Andy that is using. Barbara visits the administration page for the IdP, and logs in with her University One credentials. https://adminportal.lib.pilots.aarc-project.eu/lui/ldapportal.pl	Image Modified Image Modified Image Modified
5.	She adds the IP address of the terminal. (82.69.55.233) Barbara then asks Andy to try again, and to use the IPA IdP.	Image Modified Image Modified
6.	Andy returns to the terminal and tries again - and this time he can log in to the eResource. He is now able to do research for his article.	Image Modified

Task1, Pilot 2	Walk by users
Focus	Support authorized access for citizen scientists to library resources (SAML+IP to SAML with authZ)
Approach/AARC identified solution	Establish a guest SAML IdP which adds attributes to authorize non-institutional users. In addition, explore exploitation models: per library or per national library consortium deployment.
Components piloted	Shibboleth v3 for IdP with IP-based AuthZ attribute
Gain for end-users/administrators	More consistent interface no matter which resource is being approached Ability to use this access method and at the same time maintain full privacy Admin interface for librarians to scope/configure valid IP ranges
Demo	Flow Demo admin portal Demo user portal
Detailed technical description	AARC wiki
Documentation of components	Documentation for walk by user access component, access control wiki Documentation of the IdP-extension to release the user's IP address Documentation of the portal that allows library administrators to manage their campus IP address ranges
Software source(s)	Shibboleth v3 for walk by user access
Lead	GARR/DAASI
Community partners	IT: GARR, Library NL: UKB library consortium
Status	Close to finalization. Awaiting final phase of feedback from communities