Re: [CODE4LIB] [RESOLVED] Re: HTTPS EZproxy question / RFC 6125
There are 3 basic approaches to rewriting proxy servers that I have seen in the wild, each with their own strengths and weaknesses: 1) Proxy by port This is the original EZproxy model, where each proxied resource gets its own port number. This runs afoul of firewall rules to non port 80/443 resources, and it creates a problem for SSL access, as clients try both HTTP and HTTPS to the same port number, and EZproxy is not setup to differentiate both protocols accessing the same port. With more and more resources moving to HTTPS, the end of this solution as a viable option is in sight. 2) Proxy by hostname This is the current preferred EZproxy model, as it addresses the HTTP(S) port issue, but as you have identified, it instead creates a hostname mangling issue, and now I’m curious myself about how EZproxy will handle a hyphenated SSL site as well with HttpsHyphens enabled. I /think/ it does the right thing by mapping the hostname back to the original internally, as a “-“ in hostnames for release versioning is how the Google App Engine platform works, but I have not explicitly investigated that. 3) Proxy by path A different proxy product that we use, Muse Proxy from Edulib, leverages proxy by path, where the original website URL is deconstructed and passed to the proxy server as query arguments. This approach has worked fairly well as it cleanly avoids the hostname mangling issues, though some of the new “single page web apps” that use JavaScript routing patterns can be interesting, so the vendor has added proxy by hostname support as an option for those sites as a fallback. So there is no perfect solution, but some work better than others. I’m looking forward to expanding our use of the proxy by path approach, as that is a very clean approach to this problem, and it seems to have fewer caveats than the other two approaches. -- Andrew Anderson, Director of Development, Library and Information Resources Network, Inc. http://www.lirn.net/ | http://www.twitter.com/LIRNnotes | http://www.facebook.com/LIRNnotes On Dec 18, 2014, at 17:04, Stuart A. Yeates syea...@gmail.com wrote: It appears that the core of my problem was that I was unaware of Option HttpsHyphens / NoHttpsHyphens which toggle between proxying on https://www.somedb.com.ezproxy.yourlib.org and https://www-somedb-com.ezproxy.yourlib.org and allows infinitely nested domains to be proxied using a simple wildcard cert by compressing things. The paranoid in me is screaming that there's an interesting brokenness in here when a separate hosted resource is at https://www-somedb.com/, but I'm trying to overlook that. cheers stuart -- ...let us be heard from red core to black sky On Mon, Dec 15, 2014 at 9:24 AM, Stuart A. Yeates syea...@gmail.com wrote: Some resources are only available only via HTTPS. Previously we used a wildcard certificate, I can't swear that it was ever tested as working, but we weren't getting any complaints. Recently browser security has been tightened and RFC 6125 has appeared and been implemented and proxing of https resources with a naive wildcard cert no longer works (we're getting complaints and are able to duplicate the issues). At https://security.stackexchange.com/questions/10538/what-certificates-are-needed-for-multi-level-subdomains there is an interesting solution with multiple wildcards in the same cert: foo.com *.foo.com *.*.foo.com ... There is also the possibility that we can just grep the logs for every machine name ever accessed and generate a huge list. Has anyone tried these options? Successes? Failures? Thoughts? cheers stuart -- ...let us be heard from red core to black sky
[CODE4LIB] NEC4L
For those interested in a New England Code4Lib The survey results are in! There were a total of 74 respondents who all want a NEC4L 2015! 39% would prefer to have a NEC4L in April and 13% in March 2015. 32% want to stay in the Boston area while 16% prefer Western Mass. Everyone who answered the survey wants an annual NEC4L and 59% would like the annual NEC4L to move around New England. These are great answers. And Thank you to everyone who responded. I have a couple of potential hosts. Going forward, please check the NEC4L wiki (http://wiki.code4lib.org/index.php/NEC4L) for updates on the upcoming conference and details. Happy Holidays Jennifer Eustis Univ. of Connecticut
Re: [CODE4LIB] NEC4L
It is so cool that we have “franchises”. —Eric Morgan
Re: [CODE4LIB] linked data and open access
Greetings all, Somebody mentioned that the reason you see so much more Linked Data in Europe is that they have been working with RDF in research and development projects for much longer than us and I cannot agree more. Their PhD students have their research developed around semantic web technologies and their PhD programs are strong and mature. Just look at what all those national libraries have done. Also the work of some teams and individuals is impressive. I would like to mention Europeana which is doing an amazing job of bringing digital collections from all over Europe into one centralized place. And it’s bringing them together by providing a data model used by the partner national libraries to model and map their data. By doing this all partner national libraries are engaging in linked data work and getting their hands dirty. Also I think it is important to mention that this is not driven by any money, since of course we all know there is no money in libraries. They don't care that there is no money, they care about research. Somebody else pointed out that we have no national library - but we do have the Library of Congress so that cannot be a valid excuse (in my opinion). As for not having a LD platform to work on, here I disagree. There is the VIVO semantic web application and few other similar ones. VIVO was developed by Cornell University in 2003 as a relational database and with an NIH grant in 2009 grew to become an open source project based on semantic web principles. VIVO is an open, shared platform for connecting scholars, research communities, campuses, and countries using Linked Open Data. VIVO links data from institutional and public sources to create web profiles populated with researcher interests, activities, and accomplishments. It uses ontologies to express relationships between entities/individuals. The VIVO-ISF 1.6 ontology is a combination of the eagle-i ontology (Dr. Melissa Haendel from OHSU the brain behind it) already mentioned by someone. Only the subset of the VIVO-ISF is used in the VIVO application. Same for other ontologies used in VIVO: FOAF, BIBO, FABIO, SKOS, CiTO, CItation, OBO, VCARD. It is a great application developed by Cornell’s brilliant team and few other institutions as a result of the NIH grant. I know of few people working with VIVO that are on this list and they can jump in to explain further but I wanted to bring it to your attention since nobody mentioned it so far. And I am bringing this up since I do not agree that “no one has really show an impressive end user use for linked data, which American decision making tends to be more driven by.” We have VIVO – developed here in the States. It is embraced by many institutions in Europe, Latin America, Australia, New Zealand. An interesting observation - many developers working on VIVO are not employed by the libraries, but by the provost office or a similar office and that is why we don't hear much about VIVO on this list or any other library specific list. Remember it was developed by the Cornell library staff. Also another brilliant application developed by people at ISI in California is the Karma data integration tool. Just take a look at what they have done: http://www.isi.edu/integration/karma/ Works great for modeling data into semantic web VIVO compliant data format – produces N-Triples. This is the tool some of us in the VIVO community use to produce RDF data. If I was constrained to one sentence comment on this list this is what I would have said: there is work done with linked data here in the States and there are applications that have demonstrated an impressive end user use for linked data. And there are many more to come. Regards and Happy Holidays, Violeta Violeta Ilik Digital Innovations Librarian Galter Health Sciences Library Feinberg School of Medicine Northwestern University Clinical and Translational Sciences Institute (NUCATS) 303 E. Chicago Ave, 2-212 Chicago, Illinois 60611 office: (312) 503 0421 violeta.ilik at northwestern.edu www.galter.northwestern.eduhttp://www.galter.northwestern.edu/ http://www.galter.northwestern.edu/staff/Violeta-Ilik From: Code for Libraries [CODE4LIB@LISTSERV.ND.EDU] on behalf of Karen Coyle [li...@kcoyle.net] Sent: Tuesday, December 23, 2014 4:58 PM To: CODE4LIB@LISTSERV.ND.EDU Subject: Re: [CODE4LIB] linked data and open access Off the top of my head: http://www.epsiplatform.eu/content/what-linked-open-government-data http://aims.fao.org/agris http://data.gov.uk/location http://datos.bne.es/ http://statistics.data.gov.uk/ http://europeana.eu/ etc. What linked and open provide is exactly what it says - linked=able to be used in combination with data from other Web resources; open=anyone can use the data. There are projects that are using CSV or XSL files, but those function as self-contained bits of data, without the linking, even if they are openly