Page 208 - Building Digital Libraries
P. 208

Access Management


                 community users, and other groups that are not in their organizational
                 directories, so alternative mechanisms must be implemented to provide
                 access to these users. Historically, this has been a difficult process.
                     Repository users usually need to access multiple services managed by
                 the library and parent institution. You can improve security and convenience
                 by leveraging an authentication system they already use at your institution
                 rather than setting up and managing a new system that requires users to
                 manage another set of credentials. Coordinating a repository’s authentica-
                 tion with other systems can be handled in a variety of ways, depending on
                 the specific repository platform and the authentication systems available.
                 Today, many organizations turn to federated authentication, which allows
                 multiple authentication systems to be used.
                     Access control is a complex and jargon-laden topic. This chapter dis-
                 cusses terms and concepts you’re likely to encounter. A wide range of
                 authentication methods exists, ranging from authentication tied directly to
                 the repository platform, to IP authentication, to directory and SSO (single
                 sign-on), to social media log-ins. Given the varied authentication methods
                 utilized over a networked environment, a standard access-control mecha-
                 nism such as Shibboleth, OpenID, Central Authentication Services (CAS),
                 Lightweight Directory Access Protocol (LDAP), Athens, or a vended solu-
                 tion that manages multiple methods can make the authentication process
                 simple or even transparent to the user.
                     As you consider authentication mechanisms for your repository, keep
                 the following considerations in mind for each mechanism:

                         •	 What advantages does it offer?
                         •	 What disadvantages does it present?
                         •	 What systems are involved for the purposes of providing
                           data and authentication services, and who maintains them?
                         •	 What policy and technical prerequisites must be satisfied to
                           implement the system?
                         •	 Who needs to be involved in its implementation?
                         •	 How difficult is it to set up and how long will that take?
                         •	 How difficult is it to maintain?
                         •	 What users is it unable to provide access for, and what alter-
                           natives will be available?
                         •	 What additional data or functionality does it require to
                           function? For example, if patrons authenticate via SSO,
                           what data will you need to augment repository accounts
                           with, and how will you include this information?


                 Lightweight Directory Access Protocol (LDAP)

                 LDAP is an application protocol for querying specialized directory services
                 such as Active Directory (AD). Although LDAP itself is only a protocol,
                                                                                                                     193
   203   204   205   206   207   208   209   210   211   212   213