Page 212 - Building Digital Libraries
P. 212

Access Management


                           system, OAuth offers another way to allow users to associ-
                           ate an organizational network address with a password they
                           remember.
                         •	 These mechanisms can often be used instead of local
                           authentication for users who cannot be authenticated with
                           SSO or the preferred mechanism, and so they are poten-
                           tially an attractive option even for organizational users.
                 However, OAuth also possesses disadvantages as well:

                         •	 A separate mechanism must be used to manage accounts
                           because only authentication is provided. Functionality
                           authorizing who can access what, when, and how must be
                           developed separately.
                         •	 Users may not have accounts on any of the OAuth or social
                           media services your repository supports. If they do have
                           accounts, they may be unwilling to link them.
                         •	 Allowing even a user name or e-mail from an unapproved
                           third-party service may violate organizational policy.


                 Athens

                 Athens is fundamentally different from Shibboleth and OpenID in that it is
                 proprietary as well as both a communications protocol and authentication
                 scheme. Whereas Shibboleth is a distributed authentication service, Athens
                 is a centralized authentication service. Within the Athens framework, there
                 is a single authentication origin that authorizes all incoming requests from
                 a target resource that provides centralized user administration. In addi-
                 tion, it’s important to note that unlike Shibboleth and OpenID, which are
                 both open source projects that can be used with diverse systems, Athens is
                 a commercial authentication method that can only be utilized by products
                 that support it.



                 Active Directory
                 Active Directory is a commercial product developed by the Microsoft Cor-
                 poration that is widely used to provide authentication and authorization
                 services in Windows environments, but it also supports directory, domain,
                 rights management, certificate, and federated services. Active Directory
                 can provide SSO services, and it can also work in concert with a variety of
                 proprietary and open source technologies to provide directory services.



                 Internal Authentication
                 Most systems support local users who are authenticated by a password.
                 However, this mechanism is undesirable except when the system is intended

                                                                                                                     197
   207   208   209   210   211   212   213   214   215   216   217