Project Head Line Authentication an overview of Hybrid

Project Head. Line Authentication - an overview of Hybrid Library requirements Jonathan Eaton e. Lib Concertation Day - Authentication 10 th March 1999

Presentation Overview u Why access control is problematic for all electronic information ‘stakeholders’ u Understanding different access needs u Criteria for authentication initiatives u Towards an authentication model u Authentication requirements summary

Common Hybrid Library goals u Hybrid – Library systems typically comprise a user centred, Web-based “managed environment” u aim to provide single access point to diverse resources in range of media formats u extend management controls; minimise access discontinuities for users

Electronic Access Issues. . . u do we have barriers or controls? u Internet promises seamless access u fragmented & weak control mechanisms – – – ua – “password proliferation” a curse IP filtering excludes valid (remote) users! “islands” of user attributes data new “inter-organisational” era (Lynch) supersedes older password model. . .

A Continuum of Access Needs u Different stakeholder perspectives – – – user wants unrestricted access librarian wants managed access vendor wants validated access u access rights derive from community membership(s) u range of physical and virtual locations u a “single (secure) sign-on” entry point

Authentication & Authorisation u Authentication defines who you are u Authorisation determines what you can do or what you can access, once authenticated u Hybrid Library systems will demand – – interoperation AND separation between user attributes and resource metadatabases finer controls to model increasingly complex relationships

Authentication issues… u Single sign-on goal further complicates authentication issues u User identities and access rights typically fragmented on service-by-service basis u access scenario complexities – – personal AND generic identities personal, customised use of services multiple “identities” in single session where is locus of control?

Some evaluation criteria u national authentication infrastructure (e. g. ATHENS) should – – – integrate academic & commercial sources supply local & central management controls offer bridge to future standards/protocols flexibly incorporate user attributes & resources metadata use architecture that permits levels of resource access granularity

Towards an authentication model u access control must be flexible; managed u must reflect degrees of indirection in realworld contractual relationships, e. g. – – – publisher <=> content aggregator <=> library <=> user u resource compendium and user attributes database are key components

Authentication needs: conclusion u Future – – – access controls must be appropriate, robust, flexible, scaleable, simple: “user-proof” enforce control but maximise access enact (indirect) contractual relationships reflect new inter-organisational world avoid current fragmentation embody needs of all ‘stakeholders’

Further Details Further details are available on the HEADLINE Website at: www. headline. ac. uk including outline Project Workplan and project Working Papers as published March 1999