Controlling Access to Resources for Walk-In Users 14 September 2006 Rod Crowley Systems Team Leader Leeds University Library
Controlling Access to Resources for Walk-In Users 14 September 2006 Rod Crowley Systems Team Leader Leeds University Library.
Dec 16, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Controlling Access to Resources for Walk-In Users 14 September 2006
Rod Crowley
Systems Team Leader
Leeds University Library
Summary
bull Exploration of how Leeds solved the knotty problem of regulating access to our online resources for our external users
bull Not advocating that this is the only possible solution ndash just a neat one which works for us
Context in 2004
bull 150 Library Internet PCsbull User authentication not requiredbull All people permitted access to our
buildings could access the Webbull Included c12000 external usersbull And a number of day visitorsbull But the system basically worked
What changed
bull Growing number of incidents of computer misuse
bull Clarification at University level of the requirement to authenticate
LEEDS UNIVERSITY ACCESS CONTROL amp ACCOUNT MANAGEMENT POLICY
25 Identification and Authentication All users of University systems must be identified and authenticated by systems that they access using at least two sources of information Prior to using University systems users must
1048766 Present their identity to the security mechanisms of the system by entering a user-id or user-name that has been allocated to their computer account or by presenting some other form of system recognised identity and
1048766 authenticate themselves by providing information such as a password or PIN that the system corroborates as a binding between the person and the identifier and validates them as being an authorised user
What changed
bull Growing number of incidents of computer misuse
bull Clarification at University level of the requirement to authenticate
bull Guidance from CHEST and JISC about the Universityrsquos responsibilities
CHEST Public Access and Library Terminals Use - Definitions
Walk-in User
A person who is not a currently registered student faculty member or employee of the licensed institution but is permitted by the institution to access the secure network via a computer or terminal within the Library premises is deemed to be an authorised user but only for the duration they are within the Library premises Institutions that provide access to networks and users who benefit from that access should regard it as normal to require an individual identity
Secure Network shall mean a network (whether a stand alone network or a virtual network within the Internet) which is only accessible to Authorised Users whose identities are authenticated by the Institution at the time of log-in and periodically thereafter consistent with current best practice and whose conduct is subject to regulation by the Institution
(httpwwweduservorgukchestdatasetswalk-in-usershtml)
What changed
bull Growing number of incidents of computer misuse
bull Clarification at University level of the requirement to authenticate
bull Guidance from CHEST and JISC about the Universityrsquos responsibilities
bull Dawning realisation within the Library that the status quo was unsustainable
Possible Options
Option Onebull Require a University Login to all Library PCs
buthellipbull ISS not willing to register 12000 new usersbull Library unable to withdraw access for these
users
Possible Options
Option Twobull Issue a Generic Login to External Users from
our Counter
buthellipbull Time consuming to administerbull Inconvenient for our usersbull What about when the Library is unstaffed
Possible Options
Option Threebull Forget about users logging in and instead run
an extensive CCTV system overlooking the Library Intranet PCs
buthellipbull Very expensivebull No authentication of PC usersbull Therefore failed to meet the minimum
institutional and national standards
Possible Options
Option Fourbull Authenticate our users using a third-party product
(CybraryN) linked to our Innovative system via the Patron API interface
bull Reasonable costbull Track record of Innovative integrationbull Achieves authentication for all Library usersbull Permits access whenever the Library is openbull Minimal administrationbull Meets national and institutional standards
How Does It Work Out of the Box
Issues to Overcome
1 Patron API Security Holebull Notoriously insecure
bull Confidential data sent over the network
bull IP address restriction not effective
bull Threat of data harvesting
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAMbull Had recently been introduced
bull CybraryN more stringent
bull WAM more forgiving
bull Wanted to avoid user confusion
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAM
3 Logging of usage databull Pattern of lsquoexternalrsquo PC use a mystery
bull Collecting data from individual PCs inefficient
bull Central log of usage preferable
Issues to Overcome
1 Patron API Security Hole2 Consistency with WAM3 Logging of usage data4 Limitations of CybraryN software
bull Product designed to work with various LMS (including Innovative)
bull An alternative setup required development work by CybraryN themselves
Middle Service Based Authentication
Middle Service Key Points
bull Simple CGI Script written in Perl using existing modules
bull Sits on the Universityrsquos main webserver bull Configured so that the CybraryN client
thinks the Middle Service is a web pagebull While WAM treats it as a web browser
making a WAM requestbull All requests logged on the webserver ndash
successful or notbull Log can be used for troubleshooting or for
usage statistics
Implementation
bull Introduced in Summer 2005 in our six campus Libraries
bull Our Main Libraries began with four CybraryN PCs each
bull Health Sciences Library began with fourteenbull External members can use their name and Library
barcode to authenticate themselvesbull Day visitors have to produce ID and sign the
Universityrsquos Acceptable Use Policy in order to receive a day ticket
bull Has proved very nearly trouble free
And finallyhellip
Any Questions
bull If you are interested we are happy to answer further questions share the script and provide implementation advice
bull But we cannot offer ongoing supportbull Contact rcrowleyleedsacuk
- Slide 13
- Slide 18
-
Summary
bull Exploration of how Leeds solved the knotty problem of regulating access to our online resources for our external users
bull Not advocating that this is the only possible solution ndash just a neat one which works for us
Context in 2004
bull 150 Library Internet PCsbull User authentication not requiredbull All people permitted access to our
buildings could access the Webbull Included c12000 external usersbull And a number of day visitorsbull But the system basically worked
What changed
bull Growing number of incidents of computer misuse
bull Clarification at University level of the requirement to authenticate
LEEDS UNIVERSITY ACCESS CONTROL amp ACCOUNT MANAGEMENT POLICY
25 Identification and Authentication All users of University systems must be identified and authenticated by systems that they access using at least two sources of information Prior to using University systems users must
1048766 Present their identity to the security mechanisms of the system by entering a user-id or user-name that has been allocated to their computer account or by presenting some other form of system recognised identity and
1048766 authenticate themselves by providing information such as a password or PIN that the system corroborates as a binding between the person and the identifier and validates them as being an authorised user
What changed
bull Growing number of incidents of computer misuse
bull Clarification at University level of the requirement to authenticate
bull Guidance from CHEST and JISC about the Universityrsquos responsibilities
CHEST Public Access and Library Terminals Use - Definitions
Walk-in User
A person who is not a currently registered student faculty member or employee of the licensed institution but is permitted by the institution to access the secure network via a computer or terminal within the Library premises is deemed to be an authorised user but only for the duration they are within the Library premises Institutions that provide access to networks and users who benefit from that access should regard it as normal to require an individual identity
Secure Network shall mean a network (whether a stand alone network or a virtual network within the Internet) which is only accessible to Authorised Users whose identities are authenticated by the Institution at the time of log-in and periodically thereafter consistent with current best practice and whose conduct is subject to regulation by the Institution
(httpwwweduservorgukchestdatasetswalk-in-usershtml)
What changed
bull Growing number of incidents of computer misuse
bull Clarification at University level of the requirement to authenticate
bull Guidance from CHEST and JISC about the Universityrsquos responsibilities
bull Dawning realisation within the Library that the status quo was unsustainable
Possible Options
Option Onebull Require a University Login to all Library PCs
buthellipbull ISS not willing to register 12000 new usersbull Library unable to withdraw access for these
users
Possible Options
Option Twobull Issue a Generic Login to External Users from
our Counter
buthellipbull Time consuming to administerbull Inconvenient for our usersbull What about when the Library is unstaffed
Possible Options
Option Threebull Forget about users logging in and instead run
an extensive CCTV system overlooking the Library Intranet PCs
buthellipbull Very expensivebull No authentication of PC usersbull Therefore failed to meet the minimum
institutional and national standards
Possible Options
Option Fourbull Authenticate our users using a third-party product
(CybraryN) linked to our Innovative system via the Patron API interface
bull Reasonable costbull Track record of Innovative integrationbull Achieves authentication for all Library usersbull Permits access whenever the Library is openbull Minimal administrationbull Meets national and institutional standards
How Does It Work Out of the Box
Issues to Overcome
1 Patron API Security Holebull Notoriously insecure
bull Confidential data sent over the network
bull IP address restriction not effective
bull Threat of data harvesting
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAMbull Had recently been introduced
bull CybraryN more stringent
bull WAM more forgiving
bull Wanted to avoid user confusion
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAM
3 Logging of usage databull Pattern of lsquoexternalrsquo PC use a mystery
bull Collecting data from individual PCs inefficient
bull Central log of usage preferable
Issues to Overcome
1 Patron API Security Hole2 Consistency with WAM3 Logging of usage data4 Limitations of CybraryN software
bull Product designed to work with various LMS (including Innovative)
bull An alternative setup required development work by CybraryN themselves
Middle Service Based Authentication
Middle Service Key Points
bull Simple CGI Script written in Perl using existing modules
bull Sits on the Universityrsquos main webserver bull Configured so that the CybraryN client
thinks the Middle Service is a web pagebull While WAM treats it as a web browser
making a WAM requestbull All requests logged on the webserver ndash
successful or notbull Log can be used for troubleshooting or for
usage statistics
Implementation
bull Introduced in Summer 2005 in our six campus Libraries
bull Our Main Libraries began with four CybraryN PCs each
bull Health Sciences Library began with fourteenbull External members can use their name and Library
barcode to authenticate themselvesbull Day visitors have to produce ID and sign the
Universityrsquos Acceptable Use Policy in order to receive a day ticket
bull Has proved very nearly trouble free
And finallyhellip
Any Questions
bull If you are interested we are happy to answer further questions share the script and provide implementation advice
bull But we cannot offer ongoing supportbull Contact rcrowleyleedsacuk
- Slide 13
- Slide 18
-
Context in 2004
bull 150 Library Internet PCsbull User authentication not requiredbull All people permitted access to our
buildings could access the Webbull Included c12000 external usersbull And a number of day visitorsbull But the system basically worked
What changed
bull Growing number of incidents of computer misuse
bull Clarification at University level of the requirement to authenticate
LEEDS UNIVERSITY ACCESS CONTROL amp ACCOUNT MANAGEMENT POLICY
25 Identification and Authentication All users of University systems must be identified and authenticated by systems that they access using at least two sources of information Prior to using University systems users must
1048766 Present their identity to the security mechanisms of the system by entering a user-id or user-name that has been allocated to their computer account or by presenting some other form of system recognised identity and
1048766 authenticate themselves by providing information such as a password or PIN that the system corroborates as a binding between the person and the identifier and validates them as being an authorised user
What changed
bull Growing number of incidents of computer misuse
bull Clarification at University level of the requirement to authenticate
bull Guidance from CHEST and JISC about the Universityrsquos responsibilities
CHEST Public Access and Library Terminals Use - Definitions
Walk-in User
A person who is not a currently registered student faculty member or employee of the licensed institution but is permitted by the institution to access the secure network via a computer or terminal within the Library premises is deemed to be an authorised user but only for the duration they are within the Library premises Institutions that provide access to networks and users who benefit from that access should regard it as normal to require an individual identity
Secure Network shall mean a network (whether a stand alone network or a virtual network within the Internet) which is only accessible to Authorised Users whose identities are authenticated by the Institution at the time of log-in and periodically thereafter consistent with current best practice and whose conduct is subject to regulation by the Institution
(httpwwweduservorgukchestdatasetswalk-in-usershtml)
What changed
bull Growing number of incidents of computer misuse
bull Clarification at University level of the requirement to authenticate
bull Guidance from CHEST and JISC about the Universityrsquos responsibilities
bull Dawning realisation within the Library that the status quo was unsustainable
Possible Options
Option Onebull Require a University Login to all Library PCs
buthellipbull ISS not willing to register 12000 new usersbull Library unable to withdraw access for these
users
Possible Options
Option Twobull Issue a Generic Login to External Users from
our Counter
buthellipbull Time consuming to administerbull Inconvenient for our usersbull What about when the Library is unstaffed
Possible Options
Option Threebull Forget about users logging in and instead run
an extensive CCTV system overlooking the Library Intranet PCs
buthellipbull Very expensivebull No authentication of PC usersbull Therefore failed to meet the minimum
institutional and national standards
Possible Options
Option Fourbull Authenticate our users using a third-party product
(CybraryN) linked to our Innovative system via the Patron API interface
bull Reasonable costbull Track record of Innovative integrationbull Achieves authentication for all Library usersbull Permits access whenever the Library is openbull Minimal administrationbull Meets national and institutional standards
How Does It Work Out of the Box
Issues to Overcome
1 Patron API Security Holebull Notoriously insecure
bull Confidential data sent over the network
bull IP address restriction not effective
bull Threat of data harvesting
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAMbull Had recently been introduced
bull CybraryN more stringent
bull WAM more forgiving
bull Wanted to avoid user confusion
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAM
3 Logging of usage databull Pattern of lsquoexternalrsquo PC use a mystery
bull Collecting data from individual PCs inefficient
bull Central log of usage preferable
Issues to Overcome
1 Patron API Security Hole2 Consistency with WAM3 Logging of usage data4 Limitations of CybraryN software
bull Product designed to work with various LMS (including Innovative)
bull An alternative setup required development work by CybraryN themselves
Middle Service Based Authentication
Middle Service Key Points
bull Simple CGI Script written in Perl using existing modules
bull Sits on the Universityrsquos main webserver bull Configured so that the CybraryN client
thinks the Middle Service is a web pagebull While WAM treats it as a web browser
making a WAM requestbull All requests logged on the webserver ndash
successful or notbull Log can be used for troubleshooting or for
usage statistics
Implementation
bull Introduced in Summer 2005 in our six campus Libraries
bull Our Main Libraries began with four CybraryN PCs each
bull Health Sciences Library began with fourteenbull External members can use their name and Library
barcode to authenticate themselvesbull Day visitors have to produce ID and sign the
Universityrsquos Acceptable Use Policy in order to receive a day ticket
bull Has proved very nearly trouble free
And finallyhellip
Any Questions
bull If you are interested we are happy to answer further questions share the script and provide implementation advice
bull But we cannot offer ongoing supportbull Contact rcrowleyleedsacuk
- Slide 13
- Slide 18
-
What changed
bull Growing number of incidents of computer misuse
bull Clarification at University level of the requirement to authenticate
LEEDS UNIVERSITY ACCESS CONTROL amp ACCOUNT MANAGEMENT POLICY
25 Identification and Authentication All users of University systems must be identified and authenticated by systems that they access using at least two sources of information Prior to using University systems users must
1048766 Present their identity to the security mechanisms of the system by entering a user-id or user-name that has been allocated to their computer account or by presenting some other form of system recognised identity and
1048766 authenticate themselves by providing information such as a password or PIN that the system corroborates as a binding between the person and the identifier and validates them as being an authorised user
What changed
bull Growing number of incidents of computer misuse
bull Clarification at University level of the requirement to authenticate
bull Guidance from CHEST and JISC about the Universityrsquos responsibilities
CHEST Public Access and Library Terminals Use - Definitions
Walk-in User
A person who is not a currently registered student faculty member or employee of the licensed institution but is permitted by the institution to access the secure network via a computer or terminal within the Library premises is deemed to be an authorised user but only for the duration they are within the Library premises Institutions that provide access to networks and users who benefit from that access should regard it as normal to require an individual identity
Secure Network shall mean a network (whether a stand alone network or a virtual network within the Internet) which is only accessible to Authorised Users whose identities are authenticated by the Institution at the time of log-in and periodically thereafter consistent with current best practice and whose conduct is subject to regulation by the Institution
(httpwwweduservorgukchestdatasetswalk-in-usershtml)
What changed
bull Growing number of incidents of computer misuse
bull Clarification at University level of the requirement to authenticate
bull Guidance from CHEST and JISC about the Universityrsquos responsibilities
bull Dawning realisation within the Library that the status quo was unsustainable
Possible Options
Option Onebull Require a University Login to all Library PCs
buthellipbull ISS not willing to register 12000 new usersbull Library unable to withdraw access for these
users
Possible Options
Option Twobull Issue a Generic Login to External Users from
our Counter
buthellipbull Time consuming to administerbull Inconvenient for our usersbull What about when the Library is unstaffed
Possible Options
Option Threebull Forget about users logging in and instead run
an extensive CCTV system overlooking the Library Intranet PCs
buthellipbull Very expensivebull No authentication of PC usersbull Therefore failed to meet the minimum
institutional and national standards
Possible Options
Option Fourbull Authenticate our users using a third-party product
(CybraryN) linked to our Innovative system via the Patron API interface
bull Reasonable costbull Track record of Innovative integrationbull Achieves authentication for all Library usersbull Permits access whenever the Library is openbull Minimal administrationbull Meets national and institutional standards
How Does It Work Out of the Box
Issues to Overcome
1 Patron API Security Holebull Notoriously insecure
bull Confidential data sent over the network
bull IP address restriction not effective
bull Threat of data harvesting
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAMbull Had recently been introduced
bull CybraryN more stringent
bull WAM more forgiving
bull Wanted to avoid user confusion
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAM
3 Logging of usage databull Pattern of lsquoexternalrsquo PC use a mystery
bull Collecting data from individual PCs inefficient
bull Central log of usage preferable
Issues to Overcome
1 Patron API Security Hole2 Consistency with WAM3 Logging of usage data4 Limitations of CybraryN software
bull Product designed to work with various LMS (including Innovative)
bull An alternative setup required development work by CybraryN themselves
Middle Service Based Authentication
Middle Service Key Points
bull Simple CGI Script written in Perl using existing modules
bull Sits on the Universityrsquos main webserver bull Configured so that the CybraryN client
thinks the Middle Service is a web pagebull While WAM treats it as a web browser
making a WAM requestbull All requests logged on the webserver ndash
successful or notbull Log can be used for troubleshooting or for
usage statistics
Implementation
bull Introduced in Summer 2005 in our six campus Libraries
bull Our Main Libraries began with four CybraryN PCs each
bull Health Sciences Library began with fourteenbull External members can use their name and Library
barcode to authenticate themselvesbull Day visitors have to produce ID and sign the
Universityrsquos Acceptable Use Policy in order to receive a day ticket
bull Has proved very nearly trouble free
And finallyhellip
Any Questions
bull If you are interested we are happy to answer further questions share the script and provide implementation advice
bull But we cannot offer ongoing supportbull Contact rcrowleyleedsacuk
- Slide 13
- Slide 18
-
LEEDS UNIVERSITY ACCESS CONTROL amp ACCOUNT MANAGEMENT POLICY
25 Identification and Authentication All users of University systems must be identified and authenticated by systems that they access using at least two sources of information Prior to using University systems users must
1048766 Present their identity to the security mechanisms of the system by entering a user-id or user-name that has been allocated to their computer account or by presenting some other form of system recognised identity and
1048766 authenticate themselves by providing information such as a password or PIN that the system corroborates as a binding between the person and the identifier and validates them as being an authorised user
What changed
bull Growing number of incidents of computer misuse
bull Clarification at University level of the requirement to authenticate
bull Guidance from CHEST and JISC about the Universityrsquos responsibilities
CHEST Public Access and Library Terminals Use - Definitions
Walk-in User
A person who is not a currently registered student faculty member or employee of the licensed institution but is permitted by the institution to access the secure network via a computer or terminal within the Library premises is deemed to be an authorised user but only for the duration they are within the Library premises Institutions that provide access to networks and users who benefit from that access should regard it as normal to require an individual identity
Secure Network shall mean a network (whether a stand alone network or a virtual network within the Internet) which is only accessible to Authorised Users whose identities are authenticated by the Institution at the time of log-in and periodically thereafter consistent with current best practice and whose conduct is subject to regulation by the Institution
(httpwwweduservorgukchestdatasetswalk-in-usershtml)
What changed
bull Growing number of incidents of computer misuse
bull Clarification at University level of the requirement to authenticate
bull Guidance from CHEST and JISC about the Universityrsquos responsibilities
bull Dawning realisation within the Library that the status quo was unsustainable
Possible Options
Option Onebull Require a University Login to all Library PCs
buthellipbull ISS not willing to register 12000 new usersbull Library unable to withdraw access for these
users
Possible Options
Option Twobull Issue a Generic Login to External Users from
our Counter
buthellipbull Time consuming to administerbull Inconvenient for our usersbull What about when the Library is unstaffed
Possible Options
Option Threebull Forget about users logging in and instead run
an extensive CCTV system overlooking the Library Intranet PCs
buthellipbull Very expensivebull No authentication of PC usersbull Therefore failed to meet the minimum
institutional and national standards
Possible Options
Option Fourbull Authenticate our users using a third-party product
(CybraryN) linked to our Innovative system via the Patron API interface
bull Reasonable costbull Track record of Innovative integrationbull Achieves authentication for all Library usersbull Permits access whenever the Library is openbull Minimal administrationbull Meets national and institutional standards
How Does It Work Out of the Box
Issues to Overcome
1 Patron API Security Holebull Notoriously insecure
bull Confidential data sent over the network
bull IP address restriction not effective
bull Threat of data harvesting
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAMbull Had recently been introduced
bull CybraryN more stringent
bull WAM more forgiving
bull Wanted to avoid user confusion
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAM
3 Logging of usage databull Pattern of lsquoexternalrsquo PC use a mystery
bull Collecting data from individual PCs inefficient
bull Central log of usage preferable
Issues to Overcome
1 Patron API Security Hole2 Consistency with WAM3 Logging of usage data4 Limitations of CybraryN software
bull Product designed to work with various LMS (including Innovative)
bull An alternative setup required development work by CybraryN themselves
Middle Service Based Authentication
Middle Service Key Points
bull Simple CGI Script written in Perl using existing modules
bull Sits on the Universityrsquos main webserver bull Configured so that the CybraryN client
thinks the Middle Service is a web pagebull While WAM treats it as a web browser
making a WAM requestbull All requests logged on the webserver ndash
successful or notbull Log can be used for troubleshooting or for
usage statistics
Implementation
bull Introduced in Summer 2005 in our six campus Libraries
bull Our Main Libraries began with four CybraryN PCs each
bull Health Sciences Library began with fourteenbull External members can use their name and Library
barcode to authenticate themselvesbull Day visitors have to produce ID and sign the
Universityrsquos Acceptable Use Policy in order to receive a day ticket
bull Has proved very nearly trouble free
And finallyhellip
Any Questions
bull If you are interested we are happy to answer further questions share the script and provide implementation advice
bull But we cannot offer ongoing supportbull Contact rcrowleyleedsacuk
- Slide 13
- Slide 18
-
What changed
bull Growing number of incidents of computer misuse
bull Clarification at University level of the requirement to authenticate
bull Guidance from CHEST and JISC about the Universityrsquos responsibilities
CHEST Public Access and Library Terminals Use - Definitions
Walk-in User
A person who is not a currently registered student faculty member or employee of the licensed institution but is permitted by the institution to access the secure network via a computer or terminal within the Library premises is deemed to be an authorised user but only for the duration they are within the Library premises Institutions that provide access to networks and users who benefit from that access should regard it as normal to require an individual identity
Secure Network shall mean a network (whether a stand alone network or a virtual network within the Internet) which is only accessible to Authorised Users whose identities are authenticated by the Institution at the time of log-in and periodically thereafter consistent with current best practice and whose conduct is subject to regulation by the Institution
(httpwwweduservorgukchestdatasetswalk-in-usershtml)
What changed
bull Growing number of incidents of computer misuse
bull Clarification at University level of the requirement to authenticate
bull Guidance from CHEST and JISC about the Universityrsquos responsibilities
bull Dawning realisation within the Library that the status quo was unsustainable
Possible Options
Option Onebull Require a University Login to all Library PCs
buthellipbull ISS not willing to register 12000 new usersbull Library unable to withdraw access for these
users
Possible Options
Option Twobull Issue a Generic Login to External Users from
our Counter
buthellipbull Time consuming to administerbull Inconvenient for our usersbull What about when the Library is unstaffed
Possible Options
Option Threebull Forget about users logging in and instead run
an extensive CCTV system overlooking the Library Intranet PCs
buthellipbull Very expensivebull No authentication of PC usersbull Therefore failed to meet the minimum
institutional and national standards
Possible Options
Option Fourbull Authenticate our users using a third-party product
(CybraryN) linked to our Innovative system via the Patron API interface
bull Reasonable costbull Track record of Innovative integrationbull Achieves authentication for all Library usersbull Permits access whenever the Library is openbull Minimal administrationbull Meets national and institutional standards
How Does It Work Out of the Box
Issues to Overcome
1 Patron API Security Holebull Notoriously insecure
bull Confidential data sent over the network
bull IP address restriction not effective
bull Threat of data harvesting
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAMbull Had recently been introduced
bull CybraryN more stringent
bull WAM more forgiving
bull Wanted to avoid user confusion
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAM
3 Logging of usage databull Pattern of lsquoexternalrsquo PC use a mystery
bull Collecting data from individual PCs inefficient
bull Central log of usage preferable
Issues to Overcome
1 Patron API Security Hole2 Consistency with WAM3 Logging of usage data4 Limitations of CybraryN software
bull Product designed to work with various LMS (including Innovative)
bull An alternative setup required development work by CybraryN themselves
Middle Service Based Authentication
Middle Service Key Points
bull Simple CGI Script written in Perl using existing modules
bull Sits on the Universityrsquos main webserver bull Configured so that the CybraryN client
thinks the Middle Service is a web pagebull While WAM treats it as a web browser
making a WAM requestbull All requests logged on the webserver ndash
successful or notbull Log can be used for troubleshooting or for
usage statistics
Implementation
bull Introduced in Summer 2005 in our six campus Libraries
bull Our Main Libraries began with four CybraryN PCs each
bull Health Sciences Library began with fourteenbull External members can use their name and Library
barcode to authenticate themselvesbull Day visitors have to produce ID and sign the
Universityrsquos Acceptable Use Policy in order to receive a day ticket
bull Has proved very nearly trouble free
And finallyhellip
Any Questions
bull If you are interested we are happy to answer further questions share the script and provide implementation advice
bull But we cannot offer ongoing supportbull Contact rcrowleyleedsacuk
- Slide 13
- Slide 18
-
CHEST Public Access and Library Terminals Use - Definitions
Walk-in User
A person who is not a currently registered student faculty member or employee of the licensed institution but is permitted by the institution to access the secure network via a computer or terminal within the Library premises is deemed to be an authorised user but only for the duration they are within the Library premises Institutions that provide access to networks and users who benefit from that access should regard it as normal to require an individual identity
Secure Network shall mean a network (whether a stand alone network or a virtual network within the Internet) which is only accessible to Authorised Users whose identities are authenticated by the Institution at the time of log-in and periodically thereafter consistent with current best practice and whose conduct is subject to regulation by the Institution
(httpwwweduservorgukchestdatasetswalk-in-usershtml)
What changed
bull Growing number of incidents of computer misuse
bull Clarification at University level of the requirement to authenticate
bull Guidance from CHEST and JISC about the Universityrsquos responsibilities
bull Dawning realisation within the Library that the status quo was unsustainable
Possible Options
Option Onebull Require a University Login to all Library PCs
buthellipbull ISS not willing to register 12000 new usersbull Library unable to withdraw access for these
users
Possible Options
Option Twobull Issue a Generic Login to External Users from
our Counter
buthellipbull Time consuming to administerbull Inconvenient for our usersbull What about when the Library is unstaffed
Possible Options
Option Threebull Forget about users logging in and instead run
an extensive CCTV system overlooking the Library Intranet PCs
buthellipbull Very expensivebull No authentication of PC usersbull Therefore failed to meet the minimum
institutional and national standards
Possible Options
Option Fourbull Authenticate our users using a third-party product
(CybraryN) linked to our Innovative system via the Patron API interface
bull Reasonable costbull Track record of Innovative integrationbull Achieves authentication for all Library usersbull Permits access whenever the Library is openbull Minimal administrationbull Meets national and institutional standards
How Does It Work Out of the Box
Issues to Overcome
1 Patron API Security Holebull Notoriously insecure
bull Confidential data sent over the network
bull IP address restriction not effective
bull Threat of data harvesting
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAMbull Had recently been introduced
bull CybraryN more stringent
bull WAM more forgiving
bull Wanted to avoid user confusion
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAM
3 Logging of usage databull Pattern of lsquoexternalrsquo PC use a mystery
bull Collecting data from individual PCs inefficient
bull Central log of usage preferable
Issues to Overcome
1 Patron API Security Hole2 Consistency with WAM3 Logging of usage data4 Limitations of CybraryN software
bull Product designed to work with various LMS (including Innovative)
bull An alternative setup required development work by CybraryN themselves
Middle Service Based Authentication
Middle Service Key Points
bull Simple CGI Script written in Perl using existing modules
bull Sits on the Universityrsquos main webserver bull Configured so that the CybraryN client
thinks the Middle Service is a web pagebull While WAM treats it as a web browser
making a WAM requestbull All requests logged on the webserver ndash
successful or notbull Log can be used for troubleshooting or for
usage statistics
Implementation
bull Introduced in Summer 2005 in our six campus Libraries
bull Our Main Libraries began with four CybraryN PCs each
bull Health Sciences Library began with fourteenbull External members can use their name and Library
barcode to authenticate themselvesbull Day visitors have to produce ID and sign the
Universityrsquos Acceptable Use Policy in order to receive a day ticket
bull Has proved very nearly trouble free
And finallyhellip
Any Questions
bull If you are interested we are happy to answer further questions share the script and provide implementation advice
bull But we cannot offer ongoing supportbull Contact rcrowleyleedsacuk
- Slide 13
- Slide 18
-
What changed
bull Growing number of incidents of computer misuse
bull Clarification at University level of the requirement to authenticate
bull Guidance from CHEST and JISC about the Universityrsquos responsibilities
bull Dawning realisation within the Library that the status quo was unsustainable
Possible Options
Option Onebull Require a University Login to all Library PCs
buthellipbull ISS not willing to register 12000 new usersbull Library unable to withdraw access for these
users
Possible Options
Option Twobull Issue a Generic Login to External Users from
our Counter
buthellipbull Time consuming to administerbull Inconvenient for our usersbull What about when the Library is unstaffed
Possible Options
Option Threebull Forget about users logging in and instead run
an extensive CCTV system overlooking the Library Intranet PCs
buthellipbull Very expensivebull No authentication of PC usersbull Therefore failed to meet the minimum
institutional and national standards
Possible Options
Option Fourbull Authenticate our users using a third-party product
(CybraryN) linked to our Innovative system via the Patron API interface
bull Reasonable costbull Track record of Innovative integrationbull Achieves authentication for all Library usersbull Permits access whenever the Library is openbull Minimal administrationbull Meets national and institutional standards
How Does It Work Out of the Box
Issues to Overcome
1 Patron API Security Holebull Notoriously insecure
bull Confidential data sent over the network
bull IP address restriction not effective
bull Threat of data harvesting
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAMbull Had recently been introduced
bull CybraryN more stringent
bull WAM more forgiving
bull Wanted to avoid user confusion
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAM
3 Logging of usage databull Pattern of lsquoexternalrsquo PC use a mystery
bull Collecting data from individual PCs inefficient
bull Central log of usage preferable
Issues to Overcome
1 Patron API Security Hole2 Consistency with WAM3 Logging of usage data4 Limitations of CybraryN software
bull Product designed to work with various LMS (including Innovative)
bull An alternative setup required development work by CybraryN themselves
Middle Service Based Authentication
Middle Service Key Points
bull Simple CGI Script written in Perl using existing modules
bull Sits on the Universityrsquos main webserver bull Configured so that the CybraryN client
thinks the Middle Service is a web pagebull While WAM treats it as a web browser
making a WAM requestbull All requests logged on the webserver ndash
successful or notbull Log can be used for troubleshooting or for
usage statistics
Implementation
bull Introduced in Summer 2005 in our six campus Libraries
bull Our Main Libraries began with four CybraryN PCs each
bull Health Sciences Library began with fourteenbull External members can use their name and Library
barcode to authenticate themselvesbull Day visitors have to produce ID and sign the
Universityrsquos Acceptable Use Policy in order to receive a day ticket
bull Has proved very nearly trouble free
And finallyhellip
Any Questions
bull If you are interested we are happy to answer further questions share the script and provide implementation advice
bull But we cannot offer ongoing supportbull Contact rcrowleyleedsacuk
- Slide 13
- Slide 18
-
Possible Options
Option Onebull Require a University Login to all Library PCs
buthellipbull ISS not willing to register 12000 new usersbull Library unable to withdraw access for these
users
Possible Options
Option Twobull Issue a Generic Login to External Users from
our Counter
buthellipbull Time consuming to administerbull Inconvenient for our usersbull What about when the Library is unstaffed
Possible Options
Option Threebull Forget about users logging in and instead run
an extensive CCTV system overlooking the Library Intranet PCs
buthellipbull Very expensivebull No authentication of PC usersbull Therefore failed to meet the minimum
institutional and national standards
Possible Options
Option Fourbull Authenticate our users using a third-party product
(CybraryN) linked to our Innovative system via the Patron API interface
bull Reasonable costbull Track record of Innovative integrationbull Achieves authentication for all Library usersbull Permits access whenever the Library is openbull Minimal administrationbull Meets national and institutional standards
How Does It Work Out of the Box
Issues to Overcome
1 Patron API Security Holebull Notoriously insecure
bull Confidential data sent over the network
bull IP address restriction not effective
bull Threat of data harvesting
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAMbull Had recently been introduced
bull CybraryN more stringent
bull WAM more forgiving
bull Wanted to avoid user confusion
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAM
3 Logging of usage databull Pattern of lsquoexternalrsquo PC use a mystery
bull Collecting data from individual PCs inefficient
bull Central log of usage preferable
Issues to Overcome
1 Patron API Security Hole2 Consistency with WAM3 Logging of usage data4 Limitations of CybraryN software
bull Product designed to work with various LMS (including Innovative)
bull An alternative setup required development work by CybraryN themselves
Middle Service Based Authentication
Middle Service Key Points
bull Simple CGI Script written in Perl using existing modules
bull Sits on the Universityrsquos main webserver bull Configured so that the CybraryN client
thinks the Middle Service is a web pagebull While WAM treats it as a web browser
making a WAM requestbull All requests logged on the webserver ndash
successful or notbull Log can be used for troubleshooting or for
usage statistics
Implementation
bull Introduced in Summer 2005 in our six campus Libraries
bull Our Main Libraries began with four CybraryN PCs each
bull Health Sciences Library began with fourteenbull External members can use their name and Library
barcode to authenticate themselvesbull Day visitors have to produce ID and sign the
Universityrsquos Acceptable Use Policy in order to receive a day ticket
bull Has proved very nearly trouble free
And finallyhellip
Any Questions
bull If you are interested we are happy to answer further questions share the script and provide implementation advice
bull But we cannot offer ongoing supportbull Contact rcrowleyleedsacuk
- Slide 13
- Slide 18
-
Possible Options
Option Twobull Issue a Generic Login to External Users from
our Counter
buthellipbull Time consuming to administerbull Inconvenient for our usersbull What about when the Library is unstaffed
Possible Options
Option Threebull Forget about users logging in and instead run
an extensive CCTV system overlooking the Library Intranet PCs
buthellipbull Very expensivebull No authentication of PC usersbull Therefore failed to meet the minimum
institutional and national standards
Possible Options
Option Fourbull Authenticate our users using a third-party product
(CybraryN) linked to our Innovative system via the Patron API interface
bull Reasonable costbull Track record of Innovative integrationbull Achieves authentication for all Library usersbull Permits access whenever the Library is openbull Minimal administrationbull Meets national and institutional standards
How Does It Work Out of the Box
Issues to Overcome
1 Patron API Security Holebull Notoriously insecure
bull Confidential data sent over the network
bull IP address restriction not effective
bull Threat of data harvesting
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAMbull Had recently been introduced
bull CybraryN more stringent
bull WAM more forgiving
bull Wanted to avoid user confusion
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAM
3 Logging of usage databull Pattern of lsquoexternalrsquo PC use a mystery
bull Collecting data from individual PCs inefficient
bull Central log of usage preferable
Issues to Overcome
1 Patron API Security Hole2 Consistency with WAM3 Logging of usage data4 Limitations of CybraryN software
bull Product designed to work with various LMS (including Innovative)
bull An alternative setup required development work by CybraryN themselves
Middle Service Based Authentication
Middle Service Key Points
bull Simple CGI Script written in Perl using existing modules
bull Sits on the Universityrsquos main webserver bull Configured so that the CybraryN client
thinks the Middle Service is a web pagebull While WAM treats it as a web browser
making a WAM requestbull All requests logged on the webserver ndash
successful or notbull Log can be used for troubleshooting or for
usage statistics
Implementation
bull Introduced in Summer 2005 in our six campus Libraries
bull Our Main Libraries began with four CybraryN PCs each
bull Health Sciences Library began with fourteenbull External members can use their name and Library
barcode to authenticate themselvesbull Day visitors have to produce ID and sign the
Universityrsquos Acceptable Use Policy in order to receive a day ticket
bull Has proved very nearly trouble free
And finallyhellip
Any Questions
bull If you are interested we are happy to answer further questions share the script and provide implementation advice
bull But we cannot offer ongoing supportbull Contact rcrowleyleedsacuk
- Slide 13
- Slide 18
-
Possible Options
Option Threebull Forget about users logging in and instead run
an extensive CCTV system overlooking the Library Intranet PCs
buthellipbull Very expensivebull No authentication of PC usersbull Therefore failed to meet the minimum
institutional and national standards
Possible Options
Option Fourbull Authenticate our users using a third-party product
(CybraryN) linked to our Innovative system via the Patron API interface
bull Reasonable costbull Track record of Innovative integrationbull Achieves authentication for all Library usersbull Permits access whenever the Library is openbull Minimal administrationbull Meets national and institutional standards
How Does It Work Out of the Box
Issues to Overcome
1 Patron API Security Holebull Notoriously insecure
bull Confidential data sent over the network
bull IP address restriction not effective
bull Threat of data harvesting
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAMbull Had recently been introduced
bull CybraryN more stringent
bull WAM more forgiving
bull Wanted to avoid user confusion
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAM
3 Logging of usage databull Pattern of lsquoexternalrsquo PC use a mystery
bull Collecting data from individual PCs inefficient
bull Central log of usage preferable
Issues to Overcome
1 Patron API Security Hole2 Consistency with WAM3 Logging of usage data4 Limitations of CybraryN software
bull Product designed to work with various LMS (including Innovative)
bull An alternative setup required development work by CybraryN themselves
Middle Service Based Authentication
Middle Service Key Points
bull Simple CGI Script written in Perl using existing modules
bull Sits on the Universityrsquos main webserver bull Configured so that the CybraryN client
thinks the Middle Service is a web pagebull While WAM treats it as a web browser
making a WAM requestbull All requests logged on the webserver ndash
successful or notbull Log can be used for troubleshooting or for
usage statistics
Implementation
bull Introduced in Summer 2005 in our six campus Libraries
bull Our Main Libraries began with four CybraryN PCs each
bull Health Sciences Library began with fourteenbull External members can use their name and Library
barcode to authenticate themselvesbull Day visitors have to produce ID and sign the
Universityrsquos Acceptable Use Policy in order to receive a day ticket
bull Has proved very nearly trouble free
And finallyhellip
Any Questions
bull If you are interested we are happy to answer further questions share the script and provide implementation advice
bull But we cannot offer ongoing supportbull Contact rcrowleyleedsacuk
- Slide 13
- Slide 18
-
Possible Options
Option Fourbull Authenticate our users using a third-party product
(CybraryN) linked to our Innovative system via the Patron API interface
bull Reasonable costbull Track record of Innovative integrationbull Achieves authentication for all Library usersbull Permits access whenever the Library is openbull Minimal administrationbull Meets national and institutional standards
How Does It Work Out of the Box
Issues to Overcome
1 Patron API Security Holebull Notoriously insecure
bull Confidential data sent over the network
bull IP address restriction not effective
bull Threat of data harvesting
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAMbull Had recently been introduced
bull CybraryN more stringent
bull WAM more forgiving
bull Wanted to avoid user confusion
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAM
3 Logging of usage databull Pattern of lsquoexternalrsquo PC use a mystery
bull Collecting data from individual PCs inefficient
bull Central log of usage preferable
Issues to Overcome
1 Patron API Security Hole2 Consistency with WAM3 Logging of usage data4 Limitations of CybraryN software
bull Product designed to work with various LMS (including Innovative)
bull An alternative setup required development work by CybraryN themselves
Middle Service Based Authentication
Middle Service Key Points
bull Simple CGI Script written in Perl using existing modules
bull Sits on the Universityrsquos main webserver bull Configured so that the CybraryN client
thinks the Middle Service is a web pagebull While WAM treats it as a web browser
making a WAM requestbull All requests logged on the webserver ndash
successful or notbull Log can be used for troubleshooting or for
usage statistics
Implementation
bull Introduced in Summer 2005 in our six campus Libraries
bull Our Main Libraries began with four CybraryN PCs each
bull Health Sciences Library began with fourteenbull External members can use their name and Library
barcode to authenticate themselvesbull Day visitors have to produce ID and sign the
Universityrsquos Acceptable Use Policy in order to receive a day ticket
bull Has proved very nearly trouble free
And finallyhellip
Any Questions
bull If you are interested we are happy to answer further questions share the script and provide implementation advice
bull But we cannot offer ongoing supportbull Contact rcrowleyleedsacuk
- Slide 13
- Slide 18
-
How Does It Work Out of the Box
Issues to Overcome
1 Patron API Security Holebull Notoriously insecure
bull Confidential data sent over the network
bull IP address restriction not effective
bull Threat of data harvesting
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAMbull Had recently been introduced
bull CybraryN more stringent
bull WAM more forgiving
bull Wanted to avoid user confusion
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAM
3 Logging of usage databull Pattern of lsquoexternalrsquo PC use a mystery
bull Collecting data from individual PCs inefficient
bull Central log of usage preferable
Issues to Overcome
1 Patron API Security Hole2 Consistency with WAM3 Logging of usage data4 Limitations of CybraryN software
bull Product designed to work with various LMS (including Innovative)
bull An alternative setup required development work by CybraryN themselves
Middle Service Based Authentication
Middle Service Key Points
bull Simple CGI Script written in Perl using existing modules
bull Sits on the Universityrsquos main webserver bull Configured so that the CybraryN client
thinks the Middle Service is a web pagebull While WAM treats it as a web browser
making a WAM requestbull All requests logged on the webserver ndash
successful or notbull Log can be used for troubleshooting or for
usage statistics
Implementation
bull Introduced in Summer 2005 in our six campus Libraries
bull Our Main Libraries began with four CybraryN PCs each
bull Health Sciences Library began with fourteenbull External members can use their name and Library
barcode to authenticate themselvesbull Day visitors have to produce ID and sign the
Universityrsquos Acceptable Use Policy in order to receive a day ticket
bull Has proved very nearly trouble free
And finallyhellip
Any Questions
bull If you are interested we are happy to answer further questions share the script and provide implementation advice
bull But we cannot offer ongoing supportbull Contact rcrowleyleedsacuk
- Slide 13
- Slide 18
-
Issues to Overcome
1 Patron API Security Holebull Notoriously insecure
bull Confidential data sent over the network
bull IP address restriction not effective
bull Threat of data harvesting
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAMbull Had recently been introduced
bull CybraryN more stringent
bull WAM more forgiving
bull Wanted to avoid user confusion
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAM
3 Logging of usage databull Pattern of lsquoexternalrsquo PC use a mystery
bull Collecting data from individual PCs inefficient
bull Central log of usage preferable
Issues to Overcome
1 Patron API Security Hole2 Consistency with WAM3 Logging of usage data4 Limitations of CybraryN software
bull Product designed to work with various LMS (including Innovative)
bull An alternative setup required development work by CybraryN themselves
Middle Service Based Authentication
Middle Service Key Points
bull Simple CGI Script written in Perl using existing modules
bull Sits on the Universityrsquos main webserver bull Configured so that the CybraryN client
thinks the Middle Service is a web pagebull While WAM treats it as a web browser
making a WAM requestbull All requests logged on the webserver ndash
successful or notbull Log can be used for troubleshooting or for
usage statistics
Implementation
bull Introduced in Summer 2005 in our six campus Libraries
bull Our Main Libraries began with four CybraryN PCs each
bull Health Sciences Library began with fourteenbull External members can use their name and Library
barcode to authenticate themselvesbull Day visitors have to produce ID and sign the
Universityrsquos Acceptable Use Policy in order to receive a day ticket
bull Has proved very nearly trouble free
And finallyhellip
Any Questions
bull If you are interested we are happy to answer further questions share the script and provide implementation advice
bull But we cannot offer ongoing supportbull Contact rcrowleyleedsacuk
- Slide 13
- Slide 18
-
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAMbull Had recently been introduced
bull CybraryN more stringent
bull WAM more forgiving
bull Wanted to avoid user confusion
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAM
3 Logging of usage databull Pattern of lsquoexternalrsquo PC use a mystery
bull Collecting data from individual PCs inefficient
bull Central log of usage preferable
Issues to Overcome
1 Patron API Security Hole2 Consistency with WAM3 Logging of usage data4 Limitations of CybraryN software
bull Product designed to work with various LMS (including Innovative)
bull An alternative setup required development work by CybraryN themselves
Middle Service Based Authentication
Middle Service Key Points
bull Simple CGI Script written in Perl using existing modules
bull Sits on the Universityrsquos main webserver bull Configured so that the CybraryN client
thinks the Middle Service is a web pagebull While WAM treats it as a web browser
making a WAM requestbull All requests logged on the webserver ndash
successful or notbull Log can be used for troubleshooting or for
usage statistics
Implementation
bull Introduced in Summer 2005 in our six campus Libraries
bull Our Main Libraries began with four CybraryN PCs each
bull Health Sciences Library began with fourteenbull External members can use their name and Library
barcode to authenticate themselvesbull Day visitors have to produce ID and sign the
Universityrsquos Acceptable Use Policy in order to receive a day ticket
bull Has proved very nearly trouble free
And finallyhellip
Any Questions
bull If you are interested we are happy to answer further questions share the script and provide implementation advice
bull But we cannot offer ongoing supportbull Contact rcrowleyleedsacuk
- Slide 13
- Slide 18
-
Issues to Overcome
1 Patron API Security Hole
2 Consistency with WAM
3 Logging of usage databull Pattern of lsquoexternalrsquo PC use a mystery
bull Collecting data from individual PCs inefficient
bull Central log of usage preferable
Issues to Overcome
1 Patron API Security Hole2 Consistency with WAM3 Logging of usage data4 Limitations of CybraryN software
bull Product designed to work with various LMS (including Innovative)
bull An alternative setup required development work by CybraryN themselves
Middle Service Based Authentication
Middle Service Key Points
bull Simple CGI Script written in Perl using existing modules
bull Sits on the Universityrsquos main webserver bull Configured so that the CybraryN client
thinks the Middle Service is a web pagebull While WAM treats it as a web browser
making a WAM requestbull All requests logged on the webserver ndash
successful or notbull Log can be used for troubleshooting or for
usage statistics
Implementation
bull Introduced in Summer 2005 in our six campus Libraries
bull Our Main Libraries began with four CybraryN PCs each
bull Health Sciences Library began with fourteenbull External members can use their name and Library
barcode to authenticate themselvesbull Day visitors have to produce ID and sign the
Universityrsquos Acceptable Use Policy in order to receive a day ticket
bull Has proved very nearly trouble free
And finallyhellip
Any Questions
bull If you are interested we are happy to answer further questions share the script and provide implementation advice
bull But we cannot offer ongoing supportbull Contact rcrowleyleedsacuk
- Slide 13
- Slide 18
-
Issues to Overcome
1 Patron API Security Hole2 Consistency with WAM3 Logging of usage data4 Limitations of CybraryN software
bull Product designed to work with various LMS (including Innovative)
bull An alternative setup required development work by CybraryN themselves
Middle Service Based Authentication
Middle Service Key Points
bull Simple CGI Script written in Perl using existing modules
bull Sits on the Universityrsquos main webserver bull Configured so that the CybraryN client
thinks the Middle Service is a web pagebull While WAM treats it as a web browser
making a WAM requestbull All requests logged on the webserver ndash
successful or notbull Log can be used for troubleshooting or for
usage statistics
Implementation
bull Introduced in Summer 2005 in our six campus Libraries
bull Our Main Libraries began with four CybraryN PCs each
bull Health Sciences Library began with fourteenbull External members can use their name and Library
barcode to authenticate themselvesbull Day visitors have to produce ID and sign the
Universityrsquos Acceptable Use Policy in order to receive a day ticket
bull Has proved very nearly trouble free
And finallyhellip
Any Questions
bull If you are interested we are happy to answer further questions share the script and provide implementation advice
bull But we cannot offer ongoing supportbull Contact rcrowleyleedsacuk
- Slide 13
- Slide 18
-
Middle Service Based Authentication
Middle Service Key Points
bull Simple CGI Script written in Perl using existing modules
bull Sits on the Universityrsquos main webserver bull Configured so that the CybraryN client
thinks the Middle Service is a web pagebull While WAM treats it as a web browser
making a WAM requestbull All requests logged on the webserver ndash
successful or notbull Log can be used for troubleshooting or for
usage statistics
Implementation
bull Introduced in Summer 2005 in our six campus Libraries
bull Our Main Libraries began with four CybraryN PCs each
bull Health Sciences Library began with fourteenbull External members can use their name and Library
barcode to authenticate themselvesbull Day visitors have to produce ID and sign the
Universityrsquos Acceptable Use Policy in order to receive a day ticket
bull Has proved very nearly trouble free
And finallyhellip
Any Questions
bull If you are interested we are happy to answer further questions share the script and provide implementation advice
bull But we cannot offer ongoing supportbull Contact rcrowleyleedsacuk
- Slide 13
- Slide 18
-
Middle Service Key Points
bull Simple CGI Script written in Perl using existing modules
bull Sits on the Universityrsquos main webserver bull Configured so that the CybraryN client
thinks the Middle Service is a web pagebull While WAM treats it as a web browser
making a WAM requestbull All requests logged on the webserver ndash
successful or notbull Log can be used for troubleshooting or for
usage statistics
Implementation
bull Introduced in Summer 2005 in our six campus Libraries
bull Our Main Libraries began with four CybraryN PCs each
bull Health Sciences Library began with fourteenbull External members can use their name and Library
barcode to authenticate themselvesbull Day visitors have to produce ID and sign the
Universityrsquos Acceptable Use Policy in order to receive a day ticket
bull Has proved very nearly trouble free
And finallyhellip
Any Questions
bull If you are interested we are happy to answer further questions share the script and provide implementation advice
bull But we cannot offer ongoing supportbull Contact rcrowleyleedsacuk
- Slide 13
- Slide 18
-
Implementation
bull Introduced in Summer 2005 in our six campus Libraries
bull Our Main Libraries began with four CybraryN PCs each
bull Health Sciences Library began with fourteenbull External members can use their name and Library
barcode to authenticate themselvesbull Day visitors have to produce ID and sign the
Universityrsquos Acceptable Use Policy in order to receive a day ticket
bull Has proved very nearly trouble free
And finallyhellip
Any Questions
bull If you are interested we are happy to answer further questions share the script and provide implementation advice
bull But we cannot offer ongoing supportbull Contact rcrowleyleedsacuk
- Slide 13
- Slide 18
-
And finallyhellip
Any Questions
bull If you are interested we are happy to answer further questions share the script and provide implementation advice
bull But we cannot offer ongoing supportbull Contact rcrowleyleedsacuk
- Slide 13
- Slide 18
-
Related Documents
