[CODE4LIB] Using OpenID in libraries
I hadn't been too clear on OpenID but a week or two ago I listened to a recording of a talk about that explained it well. I can't find it again, unfortunately, but you can take my word for it that it was pretty good. Is OpenID being used in libraries? It struck me that it could work well for library systems that share resources: two systems that are part of the same consortium or provincial/state system; two neighbouring public systems that let people from one borrow at the other; academic libraries that want to make it easy for visiting profs and grad students to get temporary access to online resources; etc. Say I live in Lower Mowat but one day I'm in Upper Mowat, in the next municipality (or county, or whatever) over, visiting my tailor. The two library systems are separate but share their resources. I pop into the library to update my Twittering friends on my inseam measurement. I don't actually have an account at the Upper Mowat Library, but I log in to one of their computers using my Lower Mowat-supplied OpenID identifier, and the Upper Mowat system recognizes where I'm from and gives me access to everything. Bill -- William Denton, Toronto : miskatonic.org : frbr.org : openfrbr.org
Re: [CODE4LIB] Using OpenID in libraries
So far, I haven't heard much about OpenID in libraries. It will change, I'm sure. Once you get past the bureaucracy(sp?), OpenID+Z39.83(NCIP) will make libraries' pretty much borderless. Especially now that Evergreen is going to force commercial ILS vendors' to make their systems worth their cost ;) --Don On 3/22/07, William Denton <[EMAIL PROTECTED]> wrote: I hadn't been too clear on OpenID but a week or two ago I listened to a recording of a talk about that explained it well. I can't find it again, unfortunately, but you can take my word for it that it was pretty good. Is OpenID being used in libraries? It struck me that it could work well for library systems that share resources: two systems that are part of the same consortium or provincial/state system; two neighbouring public systems that let people from one borrow at the other; academic libraries that want to make it easy for visiting profs and grad students to get temporary access to online resources; etc. Say I live in Lower Mowat but one day I'm in Upper Mowat, in the next municipality (or county, or whatever) over, visiting my tailor. The two library systems are separate but share their resources. I pop into the library to update my Twittering friends on my inseam measurement. I don't actually have an account at the Upper Mowat Library, but I log in to one of their computers using my Lower Mowat-supplied OpenID identifier, and the Upper Mowat system recognizes where I'm from and gives me access to everything. Bill -- William Denton, Toronto : miskatonic.org : frbr.org : openfrbr.org
Re: [CODE4LIB] Using OpenID in libraries
I haven't seen much in library world outside of some talk/discussion. I did come across one academia that did implement it: http://blog.case.edu/jms18/2007/03/09/openid_server_integrated_with_cas Not sure if it's taken off much otherwise in the academic or public sector. I think quite a few are lucky to get any authentication working well. Ryan On 3/22/07, William Denton <[EMAIL PROTECTED]> wrote: I hadn't been too clear on OpenID but a week or two ago I listened to a recording of a talk about that explained it well. I can't find it again, unfortunately, but you can take my word for it that it was pretty good. Is OpenID being used in libraries? It struck me that it could work well for library systems that share resources: two systems that are part of the same consortium or provincial/state system; two neighbouring public systems that let people from one borrow at the other; academic libraries that want to make it easy for visiting profs and grad students to get temporary access to online resources; etc. Say I live in Lower Mowat but one day I'm in Upper Mowat, in the next municipality (or county, or whatever) over, visiting my tailor. The two library systems are separate but share their resources. I pop into the library to update my Twittering friends on my inseam measurement. I don't actually have an account at the Upper Mowat Library, but I log in to one of their computers using my Lower Mowat-supplied OpenID identifier, and the Upper Mowat system recognizes where I'm from and gives me access to everything. Bill -- William Denton, Toronto : miskatonic.org : frbr.org : openfrbr.org
Re: [CODE4LIB] Using OpenID in libraries
That would work if both (or all) library systems shared access to the same online resources equally. Or I suppose one could have a system of automatic forwarding/ authentication based on id? That would be cool, but I wonder how hard would it be to implement? Here in Florida, the State Library provides state-wide access to a lot of online resources. Some libraries have more, based on their own subscriptions, but access to the basic level provided by the State Library is free for everyone who has a library card. Not exactly the same idea, but it is an example of an overarching agency providing more or less seamless access. Carol Bean On Mar 22, 2007, at 10:09 PM, William Denton wrote: I hadn't been too clear on OpenID but a week or two ago I listened to a recording of a talk about that explained it well. I can't find it again, unfortunately, but you can take my word for it that it was pretty good. Is OpenID being used in libraries? It struck me that it could work well for library systems that share resources: two systems that are part of the same consortium or provincial/state system; two neighbouring public systems that let people from one borrow at the other; academic libraries that want to make it easy for visiting profs and grad students to get temporary access to online resources; etc. Say I live in Lower Mowat but one day I'm in Upper Mowat, in the next municipality (or county, or whatever) over, visiting my tailor. The two library systems are separate but share their resources. I pop into the library to update my Twittering friends on my inseam measurement. I don't actually have an account at the Upper Mowat Library, but I log in to one of their computers using my Lower Mowat-supplied OpenID identifier, and the Upper Mowat system recognizes where I'm from and gives me access to everything. Bill -- William Denton, Toronto : miskatonic.org : frbr.org : openfrbr.org
Re: [CODE4LIB] Using OpenID in libraries
Bill, I have thought about this (although not in regards to logging library workstations -- that'd be difficult but awesome), especially now that Georgia Tech is implementing lifetime accounts. The project that we are currently trying to pull together (GaTher -- which is sort of a library building/citation management tool, although a bit more sophisticated than that) intends to use OpenID to allow people to invite non-GT people into their GaTher groups. Now that accounts here are permanent, a GT person can use their GT OpenID without fear of losing their identity when they graduate/move on. -Ross. On 3/22/07, William Denton <[EMAIL PROTECTED]> wrote: I hadn't been too clear on OpenID but a week or two ago I listened to a recording of a talk about that explained it well. I can't find it again, unfortunately, but you can take my word for it that it was pretty good. Is OpenID being used in libraries? It struck me that it could work well for library systems that share resources: two systems that are part of the same consortium or provincial/state system; two neighbouring public systems that let people from one borrow at the other; academic libraries that want to make it easy for visiting profs and grad students to get temporary access to online resources; etc. Say I live in Lower Mowat but one day I'm in Upper Mowat, in the next municipality (or county, or whatever) over, visiting my tailor. The two library systems are separate but share their resources. I pop into the library to update my Twittering friends on my inseam measurement. I don't actually have an account at the Upper Mowat Library, but I log in to one of their computers using my Lower Mowat-supplied OpenID identifier, and the Upper Mowat system recognizes where I'm from and gives me access to everything. Bill -- William Denton, Toronto : miskatonic.org : frbr.org : openfrbr.org
Re: [CODE4LIB] Using OpenID in libraries
On 22-Mar-07, at 22:09 , William Denton wrote: Say I live in Lower Mowat but one day I'm in Upper Mowat, in the next municipality (or county, or whatever) over, visiting my tailor. The two library systems are separate but share their resources. I pop into the library to update my Twittering friends on my inseam measurement. I don't actually have an account at the Upper Mowat Library, but I log in to one of their computers using my Lower Mowat-supplied OpenID identifier, and the Upper Mowat system recognizes where I'm from and gives me access to everything. Bill, this sounds intriguing. The hard part of this process will be federating the patron databases into the OpenID framework. Right now some ILSs support querying an external LDAP server to authenticate patrons (III does this for logging in to the opac to place holds, for example), and some external systems support querying the patron database to authenticate (certain wireless access points and internet terminal management systems do this). So, when I walk in to my library and set up my library account, instead of them giving me a PIN with which to log in, I give them my OpenID (they might still give me a PIN, so people without OpenIDs can use the system, but I'll ignore it). Then, when I attempt to access services, I will select the "log in with my OpenID" option, it will pass off to the OpenID infrastructure, which will return 'aye' or 'nay', and then I'll be in, and the ILS will look up my authenticated OpenID in the patron database to find out how much money I owe in fines. It's not clear to me that NCIP comes in to the process, since that's a different (very heavy) way of passing authentication information around that I don't think fits well with the OpenID framework, but that something that I've have to look deeper into. - David -- David J. Fiander Digital Services Librarian
Re: [CODE4LIB] Using OpenID in libraries
Ryan's message (I guess seeing "academia") made me think of Athens, which made me further think "Hey, Subscription Databases are just ITCHING for OpenID!". I mean, come on... The methods we have for database authentication aren't working well... 1) authenticating to a proxy and browsing the database through it: Extra bandwidth is needed, meaning additional cost 2) HTTP_REFERER: Lots of firewalls are blocking this... not to mention the need to click about 3+ layers of links and potentially entering a library card number before using the resource 3) Registering a service-specific user ID in the library or remote via method 1 or 2: Who wants another username/password? Here's a scenario: I want to access Novelist. So, I go to my library web site. I disable my firewall so that HTTP_REFERER will be passed on. I dig out my library card and enter the number on Ebsco's page. I'm finally where I want to be... Now, if Novelist implemented OpenID, I could simply go straight there (whether or not I've ever been there), I can just go to the Novelist web site and enter the OpenID that I've set up with my library. 1 step, 1 set of credentials. All is good. And, this could potentially be expanded so that if my patron is delinquent, the database can deny him access! Now, come on... who doesn't think OpenID would be GREAT for subscription databases? On 3/22/07, Ryan Eby <[EMAIL PROTECTED]> wrote: I haven't seen much in library world outside of some talk/discussion. I did come across one academia that did implement it: http://blog.case.edu/jms18/2007/03/09/openid_server_integrated_with_cas Not sure if it's taken off much otherwise in the academic or public sector. I think quite a few are lucky to get any authentication working well. Ryan On 3/22/07, William Denton <[EMAIL PROTECTED]> wrote: > I hadn't been too clear on OpenID but a week or two ago I listened to a > recording of a talk about that explained it well. I can't find it again, > unfortunately, but you can take my word for it that it was pretty good. > > Is OpenID being used in libraries? It struck me that it could work well > for library systems that share resources: two systems that are part of the > same consortium or provincial/state system; two neighbouring public > systems that let people from one borrow at the other; academic libraries > that want to make it easy for visiting profs and grad students to get > temporary access to online resources; etc. > > Say I live in Lower Mowat but one day I'm in Upper Mowat, in the next > municipality (or county, or whatever) over, visiting my tailor. The two > library systems are separate but share their resources. I pop into the > library to update my Twittering friends on my inseam measurement. I don't > actually have an account at the Upper Mowat Library, but I log in to one > of their computers using my Lower Mowat-supplied OpenID identifier, and > the Upper Mowat system recognizes where I'm from and gives me access to > everything. > > Bill > -- > William Denton, Toronto : miskatonic.org : frbr.org : openfrbr.org >
Re: [CODE4LIB] Using OpenID in libraries
On 22-Mar-07, at 22:51 , Don McMorris wrote: Now, if Novelist implemented OpenID, I could simply go straight there (whether or not I've ever been there), I can just go to the Novelist web site and enter the OpenID that I've set up with my library. 1 step, 1 set of credentials. All is good. Of course, this implies that I need a separate OpenID for ever institution with which I'm affilliated, which kinda defeats the purpose of the OpenID, I think. - David -- David J. Fiander Digital Services Librarian
Re: [CODE4LIB] Using OpenID in libraries
On 3/22/07, Don McMorris <[EMAIL PROTECTED]> wrote: Ryan's message (I guess seeing "academia") made me think of Athens, which made me further think "Hey, Subscription Databases are just ITCHING for OpenID!". I mean, come on... The methods we have for database authentication aren't working well... Well, naturally, academia has thought of this and overengineered it to death: http://shibboleth.internet2.edu/ which is why it's taken 7years so far and there is still very few implementations. -Ross.
Re: [CODE4LIB] Using OpenID in libraries
While OpenID has potential within certain contexts, I have difficulty seeing it being quickly adopted by libraries, universities, or other entities that need to relate real identities to an OpenID. OpenID doesn¹t do trust; it explicitly says it is not a trust system. For libraries to adopt OpenID, they need to somehow link OpenID to a trust system. It isn¹t clear to me that there is enough added value to libraries at this point to adopt OpenID of course, I¹d be glad to buy someone a beer if they provide a use case to convince me otherwise ;-) -- jaf On 3/22/07 8:37 PM, "Ross Singer" <[EMAIL PROTECTED]> wrote: > On 3/22/07, Don McMorris <[EMAIL PROTECTED]> wrote: >> > >> > Ryan's message (I guess seeing "academia") made me think of Athens, >> > which made me further think "Hey, Subscription Databases are just >> > ITCHING for OpenID!". I mean, come on... The methods we have for >> > database authentication aren't working well... > > > Well, naturally, academia has thought of this and overengineered it to > death: > > http://shibboleth.internet2.edu/ > > which is why it's taken 7years so far and there is still very few > implementations. > > -Ross. > === Jeremy Frumkin The Gray Chair for Innovative Library Services 121 The Valley Library, Oregon State University Corvallis OR 97331-4501 [EMAIL PROTECTED] 541.737.9928 541.737.3453 (Fax) 541.230.4483 (Cell) === " Without ambition one starts nothing. Without work one finishes nothing. " - Emerson
Re: [CODE4LIB] Using OpenID in libraries
On 3/23/07, Jeremy Frumkin <[EMAIL PROTECTED]> wrote: While OpenID has potential within certain contexts, I have difficulty seeing it being quickly adopted by libraries, universities, or other entities that need to relate real identities to an OpenID. OpenID doesn¹t do trust; it explicitly says it is not a trust system. For libraries to adopt OpenID, they need to somehow link OpenID to a trust system. It isn¹t clear to me that there is enough added value to libraries at this point to adopt OpenID of course, I¹d be glad to buy someone a beer if they provide a use case to convince me otherwise ;-) I can only offer you a beer of agreement; OpenID is fantastic for geeks who can control their online environment, but hopeless for normal people. The only trust given in the system is based on the trust of the ID source, and in many cases that's just as hard to come by in new shapes as it has been in the past. For *me* OpenID is fantastic, but for my wife it means nothing. I suspect most of our patrons are in the latter category, but hey, we're going to implement OpenID cross-system soon so at least we're trying. :) Alex -- --- Project Wrangler, SOA, Information Alchymist, UX, RESTafarian, Topic Maps -- http://shelter.nu/blog/
Re: [CODE4LIB] Using OpenID in libraries
I haven't seen this mentioned yet, but it seems to me that another possible application of OpenID might be to uniquely digital identifier for authors. In other words, the OpenID could serve as a basis for a sort of open access authority control service (in addition to the obvious single sign-on purpose) Harrison On 3/22/07, William Denton <[EMAIL PROTECTED]> wrote: I hadn't been too clear on OpenID but a week or two ago I listened to a recording of a talk about that explained it well. I can't find it again, unfortunately, but you can take my word for it that it was pretty good. Is OpenID being used in libraries? It struck me that it could work well for library systems that share resources: two systems that are part of the same consortium or provincial/state system; two neighbouring public systems that let people from one borrow at the other; academic libraries that want to make it easy for visiting profs and grad students to get temporary access to online resources; etc. Say I live in Lower Mowat but one day I'm in Upper Mowat, in the next municipality (or county, or whatever) over, visiting my tailor. The two library systems are separate but share their resources. I pop into the library to update my Twittering friends on my inseam measurement. I don't actually have an account at the Upper Mowat Library, but I log in to one of their computers using my Lower Mowat-supplied OpenID identifier, and the Upper Mowat system recognizes where I'm from and gives me access to everything. Bill -- William Denton, Toronto : miskatonic.org : frbr.org : openfrbr.org -- Harrison Dekker Coordinator of Data Services Doe/Moffitt Libraries, UC Berkeley
Re: [CODE4LIB] Using OpenID in libraries
On Mar 23, 2007, at 1:21 AM, Alexander Johannesen wrote: I suspect most of our patrons are in the latter category, but hey, we're going to implement OpenID cross-system soon so at least we're trying. :) I think experimentation and research are needed in the application of openid in libraries...so it's good to hear you are trying. Please consider publishing your findings if you haven't already. //Ed
Re: [CODE4LIB] Using OpenID in libraries
i can see many library administrators being skeptical about openid... at my library we're actively looking at shibboleth. i don't know enough about either one yet to speak intelligently about them, but..doesn't shibboleth operate similarly to openid? cheers, susan Susan Teague Rector Library Information Systems Web Applications Manager VCU Libraries 804-828-0032 [EMAIL PROTECTED] Jeremy Frumkin wrote: While OpenID has potential within certain contexts, I have difficulty seeing it being quickly adopted by libraries, universities, or other entities that need to relate real identities to an OpenID. OpenID doesn¹t do trust; it explicitly says it is not a trust system. For libraries to adopt OpenID, they need to somehow link OpenID to a trust system. It isn¹t clear to me that there is enough added value to libraries at this point to adopt OpenID of course, I¹d be glad to buy someone a beer if they provide a use case to convince me otherwise ;-) -- jaf On 3/22/07 8:37 PM, "Ross Singer" <[EMAIL PROTECTED]> wrote: On 3/22/07, Don McMorris <[EMAIL PROTECTED]> wrote: Ryan's message (I guess seeing "academia") made me think of Athens, which made me further think "Hey, Subscription Databases are just ITCHING for OpenID!". I mean, come on... The methods we have for database authentication aren't working well... Well, naturally, academia has thought of this and overengineered it to death: http://shibboleth.internet2.edu/ which is why it's taken 7years so far and there is still very few implementations. -Ross. === Jeremy Frumkin The Gray Chair for Innovative Library Services 121 The Valley Library, Oregon State University Corvallis OR 97331-4501 [EMAIL PROTECTED] 541.737.9928 541.737.3453 (Fax) 541.230.4483 (Cell) === " Without ambition one starts nothing. Without work one finishes nothing. " - Emerson
Re: [CODE4LIB] Using OpenID in libraries
Ross! You're not supposed to actually _say_ it! - David On 22-Mar-07, at 23:37 , Ross Singer wrote: On 3/22/07, Don McMorris <[EMAIL PROTECTED]> wrote: Ryan's message (I guess seeing "academia") made me think of Athens, which made me further think "Hey, Subscription Databases are just ITCHING for OpenID!". I mean, come on... The methods we have for database authentication aren't working well... Well, naturally, academia has thought of this and overengineered it to death: http://shibboleth.internet2.edu/ which is why it's taken 7years so far and there is still very few implementations. -Ross. -- David J. Fiander Digital Services Librarian
Re: [CODE4LIB] Using OpenID in libraries
I believe Andy Powell wrote up a blog entry on this possibility... Yep, he did it¹s aat http://efoundations.typepad.com/efoundations/2007/01/repositories_an.html -- jaf On 3/22/07 9:16 PM, "Harrison Dekker" <[EMAIL PROTECTED]> wrote: > I haven't seen this mentioned yet, but it seems to me that another possible > application of OpenID might be to uniquely digital identifier for authors. > In other words, the OpenID could serve as a basis for a sort of open access > authority control service (in addition to the obvious single sign-on > purpose) > > Harrison > > On 3/22/07, William Denton <[EMAIL PROTECTED]> wrote: >> > >> > I hadn't been too clear on OpenID but a week or two ago I listened to a >> > recording of a talk about that explained it well. I can't find it again, >> > unfortunately, but you can take my word for it that it was pretty good. >> > >> > Is OpenID being used in libraries? It struck me that it could work well >> > for library systems that share resources: two systems that are part of the >> > same consortium or provincial/state system; two neighbouring public >> > systems that let people from one borrow at the other; academic libraries >> > that want to make it easy for visiting profs and grad students to get >> > temporary access to online resources; etc. >> > >> > Say I live in Lower Mowat but one day I'm in Upper Mowat, in the next >> > municipality (or county, or whatever) over, visiting my tailor. The two >> > library systems are separate but share their resources. I pop into the >> > library to update my Twittering friends on my inseam measurement. I don't >> > actually have an account at the Upper Mowat Library, but I log in to one >> > of their computers using my Lower Mowat-supplied OpenID identifier, and >> > the Upper Mowat system recognizes where I'm from and gives me access to >> > everything. >> > >> > Bill >> > -- >> > William Denton, Toronto : miskatonic.org : frbr.org : openfrbr.org >> > > > > > -- > Harrison Dekker > Coordinator of Data Services > Doe/Moffitt Libraries, UC Berkeley > -- jaf === Jeremy Frumkin The Gray Chair for Innovative Library Services 121 The Valley Library, Oregon State University Corvallis OR 97331-4501 [EMAIL PROTECTED] 541.737.9928 541.737.3453 (Fax) 541.230.4483 (Cell) === " Without ambition one starts nothing. Without work one finishes nothing. " - Emerson
Re: [CODE4LIB] Using OpenID in libraries
My rule about Shibboleth is that it takes twice as long to implement as you planned, even if you take this rule into account. That was funny when we were in the second year of a one-year implentation timetable. Now that we're in the fifth year Thomas Dowling [EMAIL PROTECTED] On 3/23/2007 7:12 AM, David J. Fiander wrote: > Ross! You're not supposed to actually _say_ it! > > - David > > On 22-Mar-07, at 23:37 , Ross Singer wrote: > >> >> ...http://shibboleth.internet2.edu/ >> >> which is why it's taken 7years so far and there is still very few >> implementations. >>
Re: [CODE4LIB] Using OpenID in libraries
Ah ha! /That's/ the problem with Shibboleth -- every time anyone tries to implement it, they say it incorrectly and are subsequently killed, sending the institution back to square one. -Ross. On 3/23/07, David J. Fiander <[EMAIL PROTECTED]> wrote: Ross! You're not supposed to actually _say_ it! - David On 22-Mar-07, at 23:37 , Ross Singer wrote: > On 3/22/07, Don McMorris <[EMAIL PROTECTED]> wrote: >> >> Ryan's message (I guess seeing "academia") made me think of Athens, >> which made me further think "Hey, Subscription Databases are just >> ITCHING for OpenID!". I mean, come on... The methods we have for >> database authentication aren't working well... > > > Well, naturally, academia has thought of this and overengineered it to > death: > > http://shibboleth.internet2.edu/ > > which is why it's taken 7years so far and there is still very few > implementations. > > -Ross. -- David J. Fiander Digital Services Librarian
Re: [CODE4LIB] Using OpenID in libraries
On Mar 22, 2007, at 10:51 PM, Jeremy Frumkin wrote: It isn’t clear to me that there is enough added value to libraries at this point to adopt OpenID – of course, I’d be glad to buy someone a beer if they provide a use case to convince me otherwise ;-) OK, I'll bite: * We build a registry mapping OpenID providers to OpenURL resolvers. * A user comes to our tool for finding licensed material (eg, a LibraryFind implementation) * If (by IP, OCLC's link resolver) we know the OpenURL resolver, rewrite URLs to point at that resolver. * Otherwise, we punt to an OpenID login form, and look them up in the OpenID -> Resolver registry, and use that resolver when rewriting links. Now, anyone whose institution has both has an OpenURL resolver and provides OpenIDs can use our tool, without making any interaction with us. The really nice thing is that (at least for us) the OpenID resolver handles trust issues, proxying requests if necessary. The resolver doesn't need to be OpenID-aware -- though it would make for a nicer experience. Cheers, -Nate
Re: [CODE4LIB] Using OpenID in libraries
Ok, so this is a good example for where I¹m failing to see the advantage to OpenID over the current local authentication provided by a university / library. Why would I need to use OpenID as opposed to my current account that my library provides me? As I understand the current OpenURL workflow, OpenURL doesn¹t do anything with authentication / authorization that happens at the information source or at the institution¹s proxy server. Again, OpenID doesn¹t say anything about trust; it only speaks to authenticating that I am the owner of my OpenID URI. I¹m truly trying to play devil¹s advocate here; I believe that OpenID is a step in the right direction, and we even have plans for adding OpenID support in LibraryFind. I¹m really trying to tease out where the added-value is and how it might best link up to trust systems. All that being said, I¹m still good for that beer, Nate. :-) -- jaf On 3/23/07 9:20 AM, "Nathan Vack" <[EMAIL PROTECTED]> wrote: > On Mar 22, 2007, at 10:51 PM, Jeremy Frumkin wrote: > >> > It isn¹t clear to me that there is enough added value to libraries >> > at this point to adopt OpenID of course, I¹d be glad to buy >> > someone a beer if they provide a use case to convince me otherwise ;-) > > OK, I'll bite: > > * We build a registry mapping OpenID providers to OpenURL resolvers. > > * A user comes to our tool for finding licensed material (eg, a > LibraryFind implementation) > > * If (by IP, OCLC's link resolver) we know the OpenURL resolver, > rewrite URLs to point at that resolver. > > * Otherwise, we punt to an OpenID login form, and look them up in the > OpenID -> Resolver registry, and use that resolver when rewriting links. > > Now, anyone whose institution has both has an OpenURL resolver and > provides OpenIDs can use our tool, without making any interaction > with us. > > The really nice thing is that (at least for us) the OpenID resolver > handles trust issues, proxying requests if necessary. The resolver > doesn't need to be OpenID-aware -- though it would make for a nicer > experience. > > Cheers, > -Nate > === Jeremy Frumkin The Gray Chair for Innovative Library Services 121 The Valley Library, Oregon State University Corvallis OR 97331-4501 [EMAIL PROTECTED] 541.737.9928 541.737.3453 (Fax) 541.230.4483 (Cell) === " Without ambition one starts nothing. Without work one finishes nothing. " - Emerson
Re: [CODE4LIB] Using OpenID in libraries
On Mar 23, 2007, at 2:41 PM, Jeremy Frumkin wrote: Ok, so this is a good example for where I’m failing to see the advantage to OpenID over the current local authentication provided by a university / library. Why would I need to use OpenID as opposed to my current account that my library provides me? As I understand the current OpenURL workflow, OpenURL doesn’t do anything with authentication / authorization – that happens at the information source or at the institution’s proxy server. Again, OpenID doesn’t say anything about trust; it only speaks to authenticating that I am the owner of my OpenID URI. In this case, it'd just be a standard (read: potentially browser- supported, yay Sxipper) way for me to say "I'm with University X." The experience is nice, and it's really easy to implement. Honestly though, for this application, you could do the same with a pulldown menu, or the Google Scholar "Find Library" trick. Ultimately, I'd hope to see libraries agree on a set of attributes for classifying patrons, building registries of trusted providers, and using this as basis for offering services outside our own institutions. (There's a "Mashing Up The Library" entrant floating around in my mind, with this idea as the basis...) Being the owner of an OpenID URI doesn't say anything about trust, but it *does* give you enough information to build a trust system, as you also know who issued the ID. You probably don't care that I'm 'njvack,' but you may well care that the University of Wisconsin *says* I'm 'njvack' -- if you know, a priori, that we're trustworthy. But for me, the really attractive part is that one really doesn't need a lot of external support (*cough* Shibboleth *cough*) to start playing around. Cheers, -Nate
Re: [CODE4LIB] Using OpenID in libraries
> Ultimately, I'd hope to see libraries agree on a set of attributes > for classifying patrons, building registries of trusted providers, > and using this as basis for offering services outside our own > institutions. (There's a "Mashing Up The Library" entrant floating > around in my mind, with this idea as the basis...) :-) Sounds good! We're about to announce a closing date for the next round of judging, so now would be a good time to firm that idea up a bit. And I'll agree with "yay Sxipper", too! - http://tinyurl.com/2tujyj Paul -- Dr Paul Miller Senior Manager & Technology Evangelist, Talis w: www.talis.com/ m: +44 (7769) 740083 im: [EMAIL PROTECTED] [AIM, MSN and iChat] skype: napm1971 -- The very latest from Talis read the latest news at www.talis.com/news listen to our podcasts www.talis.com/podcasts see us at these events www.talis.com/events join the discussion here www.talis.com/forums join our developer community www.talis.com/tdn and read our blogs www.talis.com/blogs Any views or personal opinions expressed within this email may not be those of Talis Information Ltd. The content of this email message and any files that may be attached are confidential, and for the usage of the intended recipient only. If you are not the intended recipient, then please return this message to the sender and delete it. Any use of this e-mail by an unauthorised recipient is prohibited. Talis Information Ltd is a member of the Talis Group of companies and is registered in England No 3638278 with its registered office at Knights Court, Solihull Parkway, Birmingham Business Park, B37 7YB.
Re: [CODE4LIB] Using OpenID in libraries
On 22 March 2007, William Denton wrote: I hadn't been too clear on OpenID but a week or two ago I listened to a recording of a talk about that explained it well. I can't find it again, unfortunately, but you can take my word for it that it was pretty good. It was Simon Willison at the Future of Web Apps conference in London, England, in February. See: http://simonwillison.net/2007/Mar/12/slidecast/ Bill -- William Denton, Toronto : miskatonic.org : frbr.org : openfrbr.org
Re: [CODE4LIB] Using OpenID in libraries
Nathan Vack wrote: OK, I'll bite: * We build a registry mapping OpenID providers to OpenURL resolvers. Yes, I've been thinking along exactly these lines too. One logical place for this registry to live is in the already existing OCLC Registry which already includes institutional link resolver registration. They just need to add a component for individual OpenID registration to one of the already existing link resovler registrations. I tried to explain this to someone at OCLC, but they didn't seem to understand what I was talking about, or the need. Perhaps I was talking to the wrong person. Jonathan * A user comes to our tool for finding licensed material (eg, a LibraryFind implementation) * If (by IP, OCLC's link resolver) we know the OpenURL resolver, rewrite URLs to point at that resolver. * Otherwise, we punt to an OpenID login form, and look them up in the OpenID -> Resolver registry, and use that resolver when rewriting links. Now, anyone whose institution has both has an OpenURL resolver and provides OpenIDs can use our tool, without making any interaction with us. The really nice thing is that (at least for us) the OpenID resolver handles trust issues, proxying requests if necessary. The resolver doesn't need to be OpenID-aware -- though it would make for a nicer experience. Cheers, -Nate -- Jonathan Rochkind Sr. Programmer/Analyst The Sheridan Libraries Johns Hopkins University 410.516.8886 rochkind (at) jhu.edu
Re: [CODE4LIB] Using OpenID in libraries
Jeremy Frumkin wrote: Ok, so this is a good example for where I¹m failing to see the advantage to OpenID over the current local authentication provided by a university / library. As Nathan explains, to identify your link resolver(s) to a particular database (or 'source') you are using. How can a foreign third party (vended or free) database use your local authentication login? Instead, what they use currently is IP address. Which is broken in several ways anyone who has worked with IP-address-as-identity, common for authentication in our current environments, has realized. IP address is not identity. Several people (with different institutional affiliation/licenses held/link resolvers used) may share an IP address, and one person may have several IP addresses. IP address to people is a many to many mapping, and thus is horribly broken for identification and authentication, and leads to all sorts of problems many of us must continually try to work around, not very succesfully. Jonathan Why would I need to use OpenID as opposed to my current account that my library provides me? As I understand the current OpenURL workflow, OpenURL doesn¹t do anything with authentication / authorization that happens at the information source or at the institution¹s proxy server. Again, OpenID doesn¹t say anything about trust; it only speaks to authenticating that I am the owner of my OpenID URI. I¹m truly trying to play devil¹s advocate here; I believe that OpenID is a step in the right direction, and we even have plans for adding OpenID support in LibraryFind. I¹m really trying to tease out where the added-value is and how it might best link up to trust systems. All that being said, I¹m still good for that beer, Nate. :-) -- jaf On 3/23/07 9:20 AM, "Nathan Vack" <[EMAIL PROTECTED]> wrote: On Mar 22, 2007, at 10:51 PM, Jeremy Frumkin wrote: It isn¹t clear to me that there is enough added value to libraries at this point to adopt OpenID of course, I¹d be glad to buy someone a beer if they provide a use case to convince me otherwise ;-) OK, I'll bite: * We build a registry mapping OpenID providers to OpenURL resolvers. * A user comes to our tool for finding licensed material (eg, a LibraryFind implementation) * If (by IP, OCLC's link resolver) we know the OpenURL resolver, rewrite URLs to point at that resolver. * Otherwise, we punt to an OpenID login form, and look them up in the OpenID -> Resolver registry, and use that resolver when rewriting links. Now, anyone whose institution has both has an OpenURL resolver and provides OpenIDs can use our tool, without making any interaction with us. The really nice thing is that (at least for us) the OpenID resolver handles trust issues, proxying requests if necessary. The resolver doesn't need to be OpenID-aware -- though it would make for a nicer experience. Cheers, -Nate === Jeremy Frumkin The Gray Chair for Innovative Library Services 121 The Valley Library, Oregon State University Corvallis OR 97331-4501 [EMAIL PROTECTED] 541.737.9928 541.737.3453 (Fax) 541.230.4483 (Cell) === " Without ambition one starts nothing. Without work one finishes nothing. " - Emerson -- Jonathan Rochkind Sr. Programmer/Analyst The Sheridan Libraries Johns Hopkins University 410.516.8886 rochkind (at) jhu.edu
Re: [CODE4LIB] Using OpenID in libraries
On 3/26/07 6:35 AM, "Jonathan Rochkind" <[EMAIL PROTECTED]> wrote: > Jeremy Frumkin wrote: >> > Ok, so this is a good example for where I¹m failing to see the advantage to >> > OpenID over the current local authentication provided by a university / >> > library. > As Nathan explains, to identify your link resolver(s) to a particular > database (or 'source') you are using. How can a foreign third party > (vended or free) database use your local authentication login? Instead, > what they use currently is IP address. > > Which is broken in several ways anyone who has worked with > IP-address-as-identity, common for authentication in our current > environments, has realized. IP address is not identity. Several people > (with different institutional affiliation/licenses held/link resolvers > used) may share an IP address, and one person may have several IP > addresses. IP address to people is a many to many mapping, and thus is > horribly broken for identification and authentication, and leads to all > sorts of problems many of us must continually try to work around, not > very succesfully. --- Right, except OpenID isn¹t going to do this; there needs to be an infrastructure in place where OpenID (or some other standard persistent identifying system) can sit on top of, and that¹s still the big problem. Now, maybe the tail will wag the dog, and OpenID will lead to efforts to build underlying trust infrastructure, but at the moment, that infrastructure does not exist. The easiest way to implement that infrastructure probably would be for every institution that might adopt OpenID to also become an OpenID provider, but then, unless there is a standard mechanism for linking one OpenID to another in a secure manner, we¹re back at having multiple OpenIDs depending on our context. I completely agree that IP-based authentication is not the long-term answer; maybe there is a path, however, to applying OpenID over our current IP-based auth / proxy servers in a manner that does add user-side value. As Nathan stated in an earlier email, the one big advantage OpenID has right now is that it is easy to start playing with, and maybe that¹s enough to start the wagging. -- jaf === Jeremy Frumkin The Gray Chair for Innovative Library Services 121 The Valley Library, Oregon State University Corvallis OR 97331-4501 [EMAIL PROTECTED] 541.737.9928 541.737.3453 (Fax) 541.230.4483 (Cell) === " Without ambition one starts nothing. Without work one finishes nothing. " - Emerson
Re: [CODE4LIB] Using OpenID in libraries
On Mar 26, 2007, at 10:33 AM, Jeremy Frumkin wrote: The easiest way to implement that infrastructure probably would be for every institution that might adopt OpenID to also become an OpenID provider, but then, unless there is a standard mechanism for linking one OpenID to another in a secure manner, we’re back at having multiple OpenIDs depending on our context. This is true. It's even a Good Thing; it's kind of the whole point. Customers get to say, in essence, "Here's who I say I am. These providers will vouch for that." Customers get to choose which providers they want to identify them, and what data they want to release. It's only natural that I'd have more than one possible identity, and I don't want them linked together in some magical way. If I want to tell you about more than one identity profile, I should do that of my own volition. Making it really easy to choose my identity is the web browser's job. That's where Sxipper (and Firefox 3?) comes in. The big infrastructure we need to build is in deciding what's a trustworthy identity, and what we're willing to do with that knowledge. Cheers, -Nate
Re: [CODE4LIB] Using OpenID in libraries
Right, except OpenID isn¹t going to do this; there needs to be an infrastructure in place where OpenID (or some other standard persistent identifying system) can sit on top of, and that¹s still the big problem. Right, that's exactly what Nathan's original post suggested. Are we reading the same original post? But yes, this infrastructure is the real issue, whether is uses OpenID or Shibboleth, or something else. But it ought to use _some_ "universal single sign-on" method. I suggested that the OCLC Registry would be the logical house for this infrastructure, as its' already 75% of the way there. I think OCLC Registry is the... um, I've lost my metaphor. The thing that will wag the dog's tail. But you still need a way for individuals to log in. I suppose it could just be an OCLC-provided account. If OCLC implements OpenID for their Registry, after adding a feature for _individual_ registrations (individuals expressiong associations with the institutional registrations already there), then that's the way to wag the, um, dog. Jonathan Jeremy Frumkin wrote: On 3/26/07 6:35 AM, "Jonathan Rochkind" <[EMAIL PROTECTED]> wrote: Jeremy Frumkin wrote: Ok, so this is a good example for where I¹m failing to see the advantage to OpenID over the current local authentication provided by a university / library. As Nathan explains, to identify your link resolver(s) to a particular database (or 'source') you are using. How can a foreign third party (vended or free) database use your local authentication login? Instead, what they use currently is IP address. Which is broken in several ways anyone who has worked with IP-address-as-identity, common for authentication in our current environments, has realized. IP address is not identity. Several people (with different institutional affiliation/licenses held/link resolvers used) may share an IP address, and one person may have several IP addresses. IP address to people is a many to many mapping, and thus is horribly broken for identification and authentication, and leads to all sorts of problems many of us must continually try to work around, not very succesfully. --- Right, except OpenID isn¹t going to do this; there needs to be an infrastructure in place where OpenID (or some other standard persistent identifying system) can sit on top of, and that¹s still the big problem. Now, maybe the tail will wag the dog, and OpenID will lead to efforts to build underlying trust infrastructure, but at the moment, that infrastructure does not exist. The easiest way to implement that infrastructure probably would be for every institution that might adopt OpenID to also become an OpenID provider, but then, unless there is a standard mechanism for linking one OpenID to another in a secure manner, we¹re back at having multiple OpenIDs depending on our context. I completely agree that IP-based authentication is not the long-term answer; maybe there is a path, however, to applying OpenID over our current IP-based auth / proxy servers in a manner that does add user-side value. As Nathan stated in an earlier email, the one big advantage OpenID has right now is that it is easy to start playing with, and maybe that¹s enough to start the wagging. -- jaf === Jeremy Frumkin The Gray Chair for Innovative Library Services 121 The Valley Library, Oregon State University Corvallis OR 97331-4501 [EMAIL PROTECTED] 541.737.9928 541.737.3453 (Fax) 541.230.4483 (Cell) === " Without ambition one starts nothing. Without work one finishes nothing. " - Emerson -- Jonathan Rochkind Sr. Programmer/Analyst The Sheridan Libraries Johns Hopkins University 410.516.8886 rochkind (at) jhu.edu
Re: [CODE4LIB] Using OpenID in libraries
Back in January on NGC4LIB I proposed doing this, a universal ID system to use when browsing, using the FOAF structure. I got back answers that told me they were not getting the concept. This discussion on OpenID is very interesting and I hope this can be made to work. Steven C. Perkins On 3/26/07, Jonathan Rochkind <[EMAIL PROTECTED]> wrote: >Right, except OpenID isn¹t going to do this; there needs to be an > infrastructure in place where OpenID (or some other standard persistent > identifying system) can sit on top of, and that¹s still the big problem. Right, that's exactly what Nathan's original post suggested. Are we reading the same original post? But yes, this infrastructure is the real issue, whether is uses OpenID or Shibboleth, or something else. But it ought to use _some_ "universal single sign-on" method. I suggested that the OCLC Registry would be the logical house for this infrastructure, as its' already 75% of the way there. I think OCLC Registry is the... um, I've lost my metaphor. The thing that will wag the dog's tail. But you still need a way for individuals to log in. I suppose it could just be an OCLC-provided account. If OCLC implements OpenID for their Registry, after adding a feature for _individual_ registrations (individuals expressiong associations with the institutional registrations already there), then that's the way to wag the, um, dog. Jonathan Jeremy Frumkin wrote: > On 3/26/07 6:35 AM, "Jonathan Rochkind" <[EMAIL PROTECTED]> wrote: > > >> Jeremy Frumkin wrote: >> Ok, so this is a good example for where I¹m failing to see the advantage to OpenID over the current local authentication provided by a university / library. >> As Nathan explains, to identify your link resolver(s) to a particular >> database (or 'source') you are using. How can a foreign third party >> (vended or free) database use your local authentication login? Instead, >> what they use currently is IP address. >> >> Which is broken in several ways anyone who has worked with >> IP-address-as-identity, common for authentication in our current >> environments, has realized. IP address is not identity. Several people >> (with different institutional affiliation/licenses held/link resolvers >> used) may share an IP address, and one person may have several IP >> addresses. IP address to people is a many to many mapping, and thus is >> horribly broken for identification and authentication, and leads to all >> sorts of problems many of us must continually try to work around, not >> very succesfully. >> > > --- > > Right, except OpenID isn¹t going to do this; there needs to be an > infrastructure in place where OpenID (or some other standard persistent > identifying system) can sit on top of, and that¹s still the big problem. > Now, maybe the tail will wag the dog, and OpenID will lead to efforts to > build underlying trust infrastructure, but at the moment, that > infrastructure does not exist. The easiest way to implement that > infrastructure probably would be for every institution that might adopt > OpenID to also become an OpenID provider, but then, unless there is a > standard mechanism for linking one OpenID to another in a secure manner, > we¹re back at having multiple OpenIDs depending on our context. I completely > agree that IP-based authentication is not the long-term answer; maybe there > is a path, however, to applying OpenID over our current IP-based auth / > proxy servers in a manner that does add user-side value. As Nathan stated in > an earlier email, the one big advantage OpenID has right now is that it is > easy to start playing with, and maybe that¹s enough to start the wagging. > > -- jaf > > === > Jeremy Frumkin > The Gray Chair for Innovative Library Services > 121 The Valley Library, Oregon State University > Corvallis OR 97331-4501 > > [EMAIL PROTECTED] > > 541.737.9928 > 541.737.3453 (Fax) > 541.230.4483 (Cell) > === > " Without ambition one starts nothing. Without work one finishes nothing. " > - Emerson > > -- Jonathan Rochkind Sr. Programmer/Analyst The Sheridan Libraries Johns Hopkins University 410.516.8886 rochkind (at) jhu.edu
Re: [CODE4LIB] Using OpenID in libraries
>Back in January on NGC4LIB I proposed doing this, a universal ID system to >use when browsing, using the FOAF structure. I got back answers that told >me they were not getting the concept. This discussion on OpenID is very >interesting and I hope this can be made to work. Hi Steven, Tim Berners-Lee [1], among others, have brought up FOAF (Friend-Of-A-Friend) in connection to OpenID as a way to establish trust networks. You could argue that the attributes support in shibboleth could accomplish the same thing, but the difference might be that people like Sir Tim are seeing some synergy in OpenID and FOAF whereas shibboleth doesn't seem to capture the attention of the mainstream web folks. Not that FOAF is without its own detractors, but here's a variation of a syntax I have seen for indicating trust, in this case, in Ed Summers' Ruby knowledge (the syntax is a little dated but you get the idea). Extend this to indicate, for example, a fondness for the music of Howlin' Wolf, or some other kind of preference information, and creating systems that respond dynamically to user background and preferences might be possible : http://www.w3.org/1999/02/22-rdf-syntax-ns#"; xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#"; xmlns:foaf="http://xmlns.com/foaf/0.1/"; xmlns:trust="http://www.perceive.net/schemas/20020725/trust#";> http://dmoz.org/Computers/Programming/Languages/Ruby/"; /> OpenID implementations may already have a little plumbing for this kind of thing with "personas" but it still comes back to how much a service is willing to accept from a particular OpenID provider. I would be curious whether the above kind of syntax could fit into the Yadis system used by OpenID because I am very unclear how FOAF and OpenID could/should intersect. There is also talk about OpenID support being built into browsers, things would get really interesting if the web browser started to broadcast an OpenID to web services. art --- 1. http://dig.csail.mit.edu/breadcrumbs/node/170
Re: [CODE4LIB] Using OpenID in libraries
AquaBrowser Library will support OpenID for logging into your library stuff. Going beyond that, Jeremy touches a good point on trust. Since AquaBrowser is cross-datasource (ILSes, DBs, etc - both indexed and federated) we are considering hooking into auth systems under water, by allowing users to couple trust information (LDAP, library card pins, along those lines) to their openid-based account. A question for us is how (or whether!) to make that latter part an open infrastructure to others, by including some way to guarantee user consent per individual action. Anyone interested I can give a url to give it a whirl when it's hitting alpha-ish state. -- Taco Ekkel Director of Development Medialab Solutions B.V. AquaBrowser Library - Search, Discover, Refine Modemstraat 2B / 1033 RW / Amsterdam / +31(0)20 635 3190 / www.aquabrowser.com On 3/23/07, William Denton <[EMAIL PROTECTED]> wrote: I hadn't been too clear on OpenID but a week or two ago I listened to a recording of a talk about that explained it well. I can't find it again, unfortunately, but you can take my word for it that it was pretty good. Is OpenID being used in libraries? It struck me that it could work well for library systems that share resources: two systems that are part of the same consortium or provincial/state system; two neighbouring public systems that let people from one borrow at the other; academic libraries that want to make it easy for visiting profs and grad students to get temporary access to online resources; etc. Say I live in Lower Mowat but one day I'm in Upper Mowat, in the next municipality (or county, or whatever) over, visiting my tailor. The two library systems are separate but share their resources. I pop into the library to update my Twittering friends on my inseam measurement. I don't actually have an account at the Upper Mowat Library, but I log in to one of their computers using my Lower Mowat-supplied OpenID identifier, and the Upper Mowat system recognizes where I'm from and gives me access to everything. Bill -- William Denton, Toronto : miskatonic.org : frbr.org : openfrbr.org