Single Sign-On Authentication: Understanding the Pieces of the Puzzle

Webinar

About the Webinar

This year, NISO is proud to introduce the NISO Chair's Initiative. The Chair's Initiative is a project of the chair of NISO's Board of Directors, focusing on a specific issue that would benefit from study and the development of a research study, recommended practice, standard, or similar. This year, Oliver Pesch (Chair, NISO Board of Directors, and Chief Strategist, EBSCO Information Services) has identified user authentication as the issue that he would like to see that NISO address, and specificially the question of "perfecting single-sign-on (SSO) authentication to achieve seamless item-level linking through SSO technologies in a networked information environment." 

This webinar is the first step in addressing the issue of SSO authentication. It is essential that we look to the issue as a community, considering how it fits into the larger landscape of use. And to do that effectively, we first need to clearly define the problem and together take ownership of the problem. 

Accessing information in a networked environment has been a reality for most user communities for over a decade. With the advent of hosted aggregated full text databases and the proliferation of e-journals and e-books, a user's search for information takes him or her to a number of different online hosts and platforms. When those information resources are commercial products, each platform requires the user to be authenticated, and as a result, that user may have a different identity on each platform. The problems caused by having to manage multiple identities have led to the development of so-called "Single Sign-On" (SSO authentication) technologies, such as Athens and Shibboleth. With these technologies, the user can access all compliant content platforms using the same identity. But SSO authentication is no easy problem. Like a puzzle, the problem of user authentication has many pieces—institutional affiliation; authentication method; various discovery and content provider platforms; the impact of crossing over and using different sources, search engines, computers, or locations... the list goes on and on. And even when we start to understand all those pieces, we are still left with the problem of putting them together—trying to make them fit in order to see the big picture and solve the puzzle. This event will aim to look at how the theory behind a pure technical implementation is broken and why so that we can then take that next step of asking, "How can we make this better?"

Event Sessions

Welcome & System Overview

1:00 pm - 1:05 pm

Introduction

Speaker

1:05 pm - 1:15 pm

Library Perspective

Speakers

Adam Chandler

Electronic Resources User Experience Librarian
Cornell University Library

1:15 pm - 1:35 pm:

How does SSO authentication fit into libraries and libraries' service to their patrons?

Adam Chandler, Coordinator, Service Design Group, Digital Library and Information Technologies, Cornell University Library
Steven T. Carmody, IT Architect, Computing and Information Services, Brown University -- Mr. Carmody will present on and be available for questions related to Shibboleth and InCommon

Authentication Tool Perspective

Speakers

1:35 pm - 1:55 pm:

How are authentication tools/softwares expanding into SSO authentication? In this presentation, you will hear about Athens/OpenAthens and the speakers' experiences and views on trends both in the UK and internationally; about broader trends in Access and Identity Management technology and standards and potential implications; and about specific challenges around usability, taking deep-linking as key example.

Content Provider Perspective

Speaker

1:55 pm - 2:15 pm:

When authentication fails, the opportunity to reach the user -- and for the user to access the publisher or content provider's resource—is lost. Learn more about just how big a problem this and how seamless sign-on can help.

Q&A; and Wrap-up: 2:15 pm - 3:00 pm

Single Sign-On Authentication: Understanding the Pieces of the Puzzle
Webinar Questions & Answers:

  1. Question: Hi Adam, On the first slide you mentioned the proxy server solution and only mentioned EZProzy. We are a reseller for H+H a German software company who have build Hidden Automatic Navigator (HAN). Its does the same as EZProxy but even more. Are you aware of any US libraries using this HAN?

    Adam Chandler: No, I am not. I have not heard of any US libraries using it. If it is licensed, perhaps H+H has a list of US libraries?
     
  2. Question:  For Adam: How about III ILS system? WE use one of the URLs as the proxy gateway and it works fine for IP authentication. It acts as an SSO by default. Is that acceptable?

    Adam Chandler: Same problem. The remote user must first go to the catalog in order to be authenticated. I am interested in a model in which the patron can start from the open web and find their way into the library's licensed content.
     
  3. Question:  I am curious about what Adam's thoughts are about LibX?

    Adam Chandler: I remain frustrated by the way LibX has beeb implemented. It appears nobody has built in a redirect counter to find out if patrons even use it! Installing another widget is a high threshold for most users. I doubt if they are using it much, but like I said, nobody knows.
     
  4. Question:  Steve had on his slides a mention of work with federated access groups, but this received no mention. Please can all speakers talk about how these technologies work with federated search services?
     
  5. Question:  How does Shibboleth work together with a local authentication system and/or with EZproxy? Could you give examples? How much work is involved in implementing and maintaining Shibboleth?
     
  6. Question: Could you explain a bit about personalization in Athens, which is not available in Proxy?

    Keith Dixon: Where institutions are using the Athens service to maintain user identities, an opaque, persistent identifier is provided to publishers. Publishers can then use as the basis for providing personalization. It also provides the basis for tracking down misuse and aggregate authorization statistics, which are available to both institutions and service providers.
     
  7. Question:  Where are the other campus technology providers in this discussion? Campus portals and CMS's, etc?
     
  8. Question: Hi, Karen, can you review again next steps that NISO is taking to form a Working Group? thanks

    Karen Wetzel (NISO): I'm glad to help. Probably the best overview of NISO's standards process is found on NISO's Documents page: Standards Development Process: An Overview. This PowerPoint file provides a quick look at the procedural requirements surrounding ANS standards development at NISO. In brief, though: no comments were received to the draft new work item proposal on SSO Authentication that was made available as part of this webinar. The draft was distributed to the Discovery to Delivery Topic Committee at the same time; it was then reviewed March 16, 2008 and approved in Topic Committee (with a small clarification on the interest groups section). With that edit, the proposal will go to the NISO membership for their approval, which requires that a minimum of 10% of NISO's members agree to join the voting pool for the item. With that, we can then begin the work of forming a working group, finalizing timelines, and moving ahead on the proposed work. Please contact me at kwetzel@niso.org if you are interested in joining the working group or interest group, if you have additional questions, or if you would like to propose new work to take place within NISO.
     
  9. Question: Concerning the federated search answers. Unfortunately, even though the techniques discussed work (we use them in some instances) it is not *allowed* by many of the authentication providers to do this.
     
  10. Question: The general tenor of the presentations and discussion is too high-level as it rather has to be. Will [further discussion] be available?

    Karen Wetzel (NISO): We would be thrilled to continue this discussion; please contact me if you have any suggestions for what format you think would be best to do that in. We hope to also see a new working group on SSO Authentication be approved shortly; with that will be an opportunity to engage through that group or more informally via an interest group list. The working group will also be involved with making sure there is more opportunity within the community to discuss this topic, and your input is very welcome. In the meantime, I encourage additional resources to be sent in so we can build on this event, and if there are lists or other venues where this topic is being discussed that we can point to, I'd be happy to add those to the resources page, as well. Feel free to send me a note at kwetzel@niso.org.

Additional Information

  • Registration closes at 12:00 pm EST on February 11, 2009.
  • Cancellations made by February 4, 2009 will receive a full refund. After that date, there are no refunds.
  • Registrants will receive detailed instructions about accessing the webinar via e-mail the Monday prior the event.
  • Registration is per site (access for one computer) and includes access to the online recorded archive of the webinar.
  • Webinar presentation slides and Q&A; will be posted to the site following the live webinar.
  • Registrants will receive access information to the archived webinar following the event.