Project HeadLine Authentication - an overview of Hybrid Library requirements Jonathan Eaton
Download
Report
Transcript Project HeadLine Authentication - an overview of Hybrid Library requirements Jonathan Eaton
Project HeadLine
Authentication - an overview of
Hybrid Library requirements
Jonathan Eaton
eLib Concertation Day - Authentication
10th March 1999
Presentation Overview
Why
access control is problematic for all
electronic information ‘stakeholders’
Understanding different access needs
Criteria for authentication initiatives
Towards an authentication model
Authentication requirements summary
Common Hybrid Library goals
Hybrid
–
Library systems typically comprise
a user centred, Web-based “managed
environment”
aim
to provide single access point to
diverse resources in range of media formats
extend management controls; minimise
access discontinuities for users
Electronic Access Issues...
do
we have barriers or controls?
Internet promises seamless access
fragmented & weak control mechanisms
–
–
–
a
–
“password proliferation” a curse
IP filtering excludes valid (remote) users!
“islands” of user attributes data
new “inter-organisational” era (Lynch)
supersedes older password model...
A Continuum of Access Needs
Different stakeholder perspectives
–
–
–
user wants unrestricted access
librarian wants managed access
vendor wants validated access
access
rights derive from community
membership(s)
range of physical and virtual locations
a “single (secure) sign-on” entry point
Authentication & Authorisation
Authentication
defines who you are
Authorisation determines what you can do
or what you can access, once authenticated
Hybrid Library systems will demand
–
–
interoperation AND separation between user
attributes and resource metadata databases
finer controls to model increasingly complex
relationships
Authentication issues…
Single
sign-on goal further complicates
authentication issues
User identities and access rights typically
fragmented on service-by-service basis
access scenario complexities
–
–
–
–
personal AND generic identities
personal, customised use of services
multiple “identities” in single session
where is locus of control?
Some evaluation criteria
national
authentication infrastructure (e.g.
ATHENS) should
–
–
–
–
–
integrate academic & commercial sources
supply local & central management controls
offer bridge to future standards/protocols
flexibly incorporate user attributes &
resources metadata
use architecture that permits levels of
resource access granularity
Towards an authentication model
access
control must be flexible; managed
must reflect degrees of indirection in realworld contractual relationships, e.g.
–
–
–
publisher <=> content aggregator
content aggregator <=> library
library <=> user
resource
compendium and user attributes
database are key components
Authentication needs: conclusion
Future
–
–
–
–
–
–
access controls must
be appropriate, robust, flexible, scaleable,
simple: “user-proof”
enforce control but maximise access
enact (indirect) contractual relationships
reflect new inter-organisational world
avoid current fragmentation
embody needs of all ‘stakeholders’
Further Details
Further details are available on the
HEADLINE Website at:
www.headline.ac.uk
including outline Project Workplan and
project Working Papers as published
March 1999