Table Of ContentGaribyan et al. Access & identity TEXT PROOF 04 07/10/2013 14:01 Page i
Access and Identity
Management for
Libraries
Controlling access to
online information
Garibyan et al. Access & identity TEXT PROOF 04 07/10/2013 14:01 Page ii
Garibyan et al. Access & identity TEXT PROOF 04 07/10/2013 14:01 Page iii
Access and Identity
Management for
Libraries
Controlling access to
online information
Masha Garibyan, Simon McLeish
and John Paschoud
Garibyan et al. Access & identity TEXT PROOF 04 07/10/2013 14:01 Page iv
© Masha Garibyan, Simon McLeish, John Paschoud 2014
Published by Facet Publishing
7 Ridgmount Street, London WC1E 7AE
www.facetpublishing.co.uk
Facet Publishing is wholly owned by CILIP: the Chartered Institute of Library
and Information Professionals.
Masha Garibyan, Simon McLeish and John Paschoud have asserted their right
under the Copyright, Designs and Patents Act 1988 to be identified as authors of
this work.
Except as otherwise permitted under the Copyright, Designs and Patents Act
1988 this publication may only be reproduced, stored or transmitted in any form
or by any means, with the prior permission of the publisher, or, in the case of
reprographic reproduction, in accordance with the terms of a licence issued by
The Copyright Licensing Agency. Enquiries concerning reproduction outside
those terms should be sent to Facet Publishing, 7 Ridgmount Street, London
WC1E 7AE.
British Library Cataloguing in Publication Data
A catalogue record for this book is available from the British Library.
ISBN 978-1-85604-588-9
First published 2014
Text printed on FSC accredited material.
Typeset from author’s files in 10/14 pt Palatino Linotype and Frutiger by Facet
Publishing Production.
Printed and made in Great Britain by CPI Group (UK) Ltd, Croydon, CR0 4YY
Garibyan et al. Access & identity TEXT PROOF 04 07/10/2013 14:01 Page v
Contents
Foreword Clifford Lynch..........................................................................ix
Acknowledgements ...............................................................................xiii
Note to readers........................................................................................xv
Glossary..................................................................................................xvii
1 What is access management, and why do libraries do it?..............1
Historical role of libraries in managing access to information .............................1
The role of libraries in the 21st century..............................................................2
The history of access management of online information resources....................4
The role of e-commerce in library access management.......................................5
The ‘birth’ of access management principles – Clifford Lynch’s white paper........6
References..........................................................................................................7
2 Electronic resources: public and not so public..................................9
Managing access to electronic collections...........................................................9
How and where users may want to access e-resources.....................................10
What needs to be protected, and why.............................................................11
Commercially produced resources that need to be protected...........................12
Publicly available information that may also require access management..........14
Publishers and licensing issues .........................................................................15
Library management of licences.......................................................................17
Summary..........................................................................................................19
References........................................................................................................19
Garibyan et al. Access & identity TEXT PROOF 04 07/10/2013 14:01 Page vi
VI ACCESS AND IDENTITY MANAGEMENT FOR LIBRARIES
3 Principles and definitions of identity and access management......21
Introduction.....................................................................................................21
Managing access? . . . or identities? . . . or both?............................................22
The business relationships................................................................................23
The processes of identity and access management...........................................24
Identifying the person using a resource – or not...............................................27
Obligations to protect personal data about users..............................................28
Summary..........................................................................................................28
References........................................................................................................29
4 Current access management technologies.....................................31
IP address.........................................................................................................31
Barcode patterns..............................................................................................33
Proxy servers.....................................................................................................33
Shared passwords ............................................................................................34
User registration with publishers.......................................................................35
Federated access..............................................................................................36
Summary..........................................................................................................37
5 Authentication technologies............................................................39
‘Something you know, something you have, or something you are’.................39
Authentication technologies overview..............................................................40
Authentication by third parties.........................................................................49
Choosing an authentication system..................................................................50
Summary..........................................................................................................51
References........................................................................................................52
6 Authorization based on physical location: how does the
internet know where I am?.............................................................55
Introduction.....................................................................................................55
Domains and domain names............................................................................55
(How) is all this governed?...............................................................................56
IP addresses......................................................................................................58
IP spoofing.......................................................................................................65
Benefits and problems of using IP address-based licensing...............................66
Summary..........................................................................................................66
References........................................................................................................66
7 Authorization based on user identity or affiliation with a
library: who you are? Or what you do?.........................................69
Basing access on identity, or on affiliation with a library...................................69
Role-based authorization..................................................................................71
Matching roles against licence conditions.........................................................75
Benefits of role-based authorization.................................................................76
Garibyan et al. Access & identity TEXT PROOF 04 07/10/2013 14:01 Page vii
CONTENTS VII
Summary..........................................................................................................79
References........................................................................................................79
8 Federated access: history, current position and future
developments....................................................................................81
Single sign-on and the origins of federated access management......................81
The development of standards.........................................................................83
Federated access in academia...........................................................................85
The future of federated access.........................................................................93
Summary..........................................................................................................94
References........................................................................................................95
9 How to choose access management and identity management
products and services.......................................................................99
Introduction ....................................................................................................99
Identity management and access management solution capabilities...............101
Establishing requirements with suppliers.........................................................102
Asserting library requirements in a wider-scale system procurement...............106
Implementation options..................................................................................108
The range of access and identity management products................................110
Conclusions ...................................................................................................110
References......................................................................................................111
10 Internet access provided by (or in) libraries.................................113
Introduction...................................................................................................113
Wired access..................................................................................................117
Wireless access...............................................................................................118
Public access issues.........................................................................................121
Summary........................................................................................................125
References......................................................................................................125
11 Library statistics..............................................................................127
Why libraries collect electronic resource usage statistics..................................127
Challenges in collecting electronic resource usage data..................................128
How libraries collect usage data.....................................................................130
Concluding thoughts......................................................................................134
References and further reading......................................................................135
12 The business case for libraries ......................................................139
Introduction...................................................................................................139
Key benefits of quality identity management..................................................143
Designing an IdM project...............................................................................145
Putting together a business case....................................................................150
Garibyan et al. Access & identity TEXT PROOF 04 07/10/2013 14:01 Page viii
VIII ACCESS AND IDENTITY MANAGEMENT FOR LIBRARIES
Conclusions....................................................................................................153
References and further reading......................................................................154
Afterword..............................................................................................155
References......................................................................................................157
Appendix 1: Case studies......................................................................159
Extending access management to business and community engagement
activities at Kidderminster College, UK....................................................160
Moving from Athens to Shibboleth at University College London, UK ...........163
Online reciprocal borrowing registration for Western Australian University
Libraries..................................................................................................167
Library and IT collaboration: driving strategic improvements to identity and
access management practices and capabilities.........................................172
Managing affiliated users with federated identity management at
UNC-Chapel Hill, USA.............................................................................182
Tilburg University and the SURFfederatie, the Netherlands..............................186
Delivering access to resources in a joint academic and public library
building, UK............................................................................................190
Single sign-on across the USMAI Consortium, USA.........................................194
Appendix 2: A White Paper on Authentication and Access
Management Issues in Cross-organizational Use of Networked
Information Resources Clifford Lynch, editor..............................201
Index.......................................................................................................237
Garibyan et al. Access & identity TEXT PROOF 04 07/10/2013 14:01 Page ix
Foreword
It’s a pleasure to be able to write a short foreword to this book, which I think
will be very useful to librarians, publishers and information technologists
trying to gain insight into the complexities surrounding access to licensed
networked information resources in settings such as universities or public
libraries. This book documents a bit of history that’s not well known, a little
folklore that I don’t think has been written down before, and some tacit
knowledge that hasn’t been well codified; both are needed to understand
where we are today, how we got here, and why.
I’m honoured to have some of the work hosted and co-ordinated by the
Coalition for Networked Information (CNI) recognized as a pivotal stage in
the development of authentication and access management strategies; I do
agree with the authors that the period from around 1997 to 2000 was key in
establishing the central ideas and the roadmap, although implementing this
roadmap took a long time – surely longer than many of us would have
believed in, say, 1999. As you can see, the CNI white paper of which I served
as editor (and which is reproduced as Appendix 2 to this book) never made
it past a draft stage; things were happening too fast, and there seemed to be
little value in perfecting the document. Instead, it paved the way ahead
along two distinct roads.
One was technical, and involved the development and deployment of
Shibboleth and the organizational frameworks such as InCommon that
