Re: [CODE4LIB] Using OpenID in libraries
AquaBrowser Library will support OpenID for logging into your library stuff. Going beyond that, Jeremy touches a good point on trust. Since AquaBrowser is cross-datasource (ILSes, DBs, etc - both indexed and federated) we are considering hooking into auth systems under water, by allowing users to couple trust information (LDAP, library card pins, along those lines) to their openid-based account. A question for us is how (or whether!) to make that latter part an open infrastructure to others, by including some way to guarantee user consent per individual action. Anyone interested I can give a url to give it a whirl when it's hitting alpha-ish state. -- Taco Ekkel Director of Development Medialab Solutions B.V. AquaBrowser Library - Search, Discover, Refine Modemstraat 2B / 1033 RW / Amsterdam / +31(0)20 635 3190 / www.aquabrowser.com On 3/23/07, William Denton [EMAIL PROTECTED] wrote: I hadn't been too clear on OpenID but a week or two ago I listened to a recording of a talk about that explained it well. I can't find it again, unfortunately, but you can take my word for it that it was pretty good. Is OpenID being used in libraries? It struck me that it could work well for library systems that share resources: two systems that are part of the same consortium or provincial/state system; two neighbouring public systems that let people from one borrow at the other; academic libraries that want to make it easy for visiting profs and grad students to get temporary access to online resources; etc. Say I live in Lower Mowat but one day I'm in Upper Mowat, in the next municipality (or county, or whatever) over, visiting my tailor. The two library systems are separate but share their resources. I pop into the library to update my Twittering friends on my inseam measurement. I don't actually have an account at the Upper Mowat Library, but I log in to one of their computers using my Lower Mowat-supplied OpenID identifier, and the Upper Mowat system recognizes where I'm from and gives me access to everything. Bill -- William Denton, Toronto : miskatonic.org : frbr.org : openfrbr.org
Re: [CODE4LIB] Using OpenID in libraries
Jeremy Frumkin wrote: Ok, so this is a good example for where I¹m failing to see the advantage to OpenID over the current local authentication provided by a university / library. As Nathan explains, to identify your link resolver(s) to a particular database (or 'source') you are using. How can a foreign third party (vended or free) database use your local authentication login? Instead, what they use currently is IP address. Which is broken in several ways anyone who has worked with IP-address-as-identity, common for authentication in our current environments, has realized. IP address is not identity. Several people (with different institutional affiliation/licenses held/link resolvers used) may share an IP address, and one person may have several IP addresses. IP address to people is a many to many mapping, and thus is horribly broken for identification and authentication, and leads to all sorts of problems many of us must continually try to work around, not very succesfully. Jonathan Why would I need to use OpenID as opposed to my current account that my library provides me? As I understand the current OpenURL workflow, OpenURL doesn¹t do anything with authentication / authorization that happens at the information source or at the institution¹s proxy server. Again, OpenID doesn¹t say anything about trust; it only speaks to authenticating that I am the owner of my OpenID URI. I¹m truly trying to play devil¹s advocate here; I believe that OpenID is a step in the right direction, and we even have plans for adding OpenID support in LibraryFind. I¹m really trying to tease out where the added-value is and how it might best link up to trust systems. All that being said, I¹m still good for that beer, Nate. :-) -- jaf On 3/23/07 9:20 AM, Nathan Vack [EMAIL PROTECTED] wrote: On Mar 22, 2007, at 10:51 PM, Jeremy Frumkin wrote: It isn¹t clear to me that there is enough added value to libraries at this point to adopt OpenID of course, I¹d be glad to buy someone a beer if they provide a use case to convince me otherwise ;-) OK, I'll bite: * We build a registry mapping OpenID providers to OpenURL resolvers. * A user comes to our tool for finding licensed material (eg, a LibraryFind implementation) * If (by IP, OCLC's link resolver) we know the OpenURL resolver, rewrite URLs to point at that resolver. * Otherwise, we punt to an OpenID login form, and look them up in the OpenID - Resolver registry, and use that resolver when rewriting links. Now, anyone whose institution has both has an OpenURL resolver and provides OpenIDs can use our tool, without making any interaction with us. The really nice thing is that (at least for us) the OpenID resolver handles trust issues, proxying requests if necessary. The resolver doesn't need to be OpenID-aware -- though it would make for a nicer experience. Cheers, -Nate === Jeremy Frumkin The Gray Chair for Innovative Library Services 121 The Valley Library, Oregon State University Corvallis OR 97331-4501 [EMAIL PROTECTED] 541.737.9928 541.737.3453 (Fax) 541.230.4483 (Cell) === Without ambition one starts nothing. Without work one finishes nothing. - Emerson -- Jonathan Rochkind Sr. Programmer/Analyst The Sheridan Libraries Johns Hopkins University 410.516.8886 rochkind (at) jhu.edu
Re: [CODE4LIB] Using OpenID in libraries
On 3/26/07 6:35 AM, Jonathan Rochkind [EMAIL PROTECTED] wrote: Jeremy Frumkin wrote: Ok, so this is a good example for where I¹m failing to see the advantage to OpenID over the current local authentication provided by a university / library. As Nathan explains, to identify your link resolver(s) to a particular database (or 'source') you are using. How can a foreign third party (vended or free) database use your local authentication login? Instead, what they use currently is IP address. Which is broken in several ways anyone who has worked with IP-address-as-identity, common for authentication in our current environments, has realized. IP address is not identity. Several people (with different institutional affiliation/licenses held/link resolvers used) may share an IP address, and one person may have several IP addresses. IP address to people is a many to many mapping, and thus is horribly broken for identification and authentication, and leads to all sorts of problems many of us must continually try to work around, not very succesfully. --- Right, except OpenID isn¹t going to do this; there needs to be an infrastructure in place where OpenID (or some other standard persistent identifying system) can sit on top of, and that¹s still the big problem. Now, maybe the tail will wag the dog, and OpenID will lead to efforts to build underlying trust infrastructure, but at the moment, that infrastructure does not exist. The easiest way to implement that infrastructure probably would be for every institution that might adopt OpenID to also become an OpenID provider, but then, unless there is a standard mechanism for linking one OpenID to another in a secure manner, we¹re back at having multiple OpenIDs depending on our context. I completely agree that IP-based authentication is not the long-term answer; maybe there is a path, however, to applying OpenID over our current IP-based auth / proxy servers in a manner that does add user-side value. As Nathan stated in an earlier email, the one big advantage OpenID has right now is that it is easy to start playing with, and maybe that¹s enough to start the wagging. -- jaf === Jeremy Frumkin The Gray Chair for Innovative Library Services 121 The Valley Library, Oregon State University Corvallis OR 97331-4501 [EMAIL PROTECTED] 541.737.9928 541.737.3453 (Fax) 541.230.4483 (Cell) === Without ambition one starts nothing. Without work one finishes nothing. - Emerson
Re: [CODE4LIB] Using OpenID in libraries
Right, except OpenID isn¹t going to do this; there needs to be an infrastructure in place where OpenID (or some other standard persistent identifying system) can sit on top of, and that¹s still the big problem. Right, that's exactly what Nathan's original post suggested. Are we reading the same original post? But yes, this infrastructure is the real issue, whether is uses OpenID or Shibboleth, or something else. But it ought to use _some_ universal single sign-on method. I suggested that the OCLC Registry would be the logical house for this infrastructure, as its' already 75% of the way there. I think OCLC Registry is the... um, I've lost my metaphor. The thing that will wag the dog's tail. But you still need a way for individuals to log in. I suppose it could just be an OCLC-provided account. If OCLC implements OpenID for their Registry, after adding a feature for _individual_ registrations (individuals expressiong associations with the institutional registrations already there), then that's the way to wag the, um, dog. Jonathan Jeremy Frumkin wrote: On 3/26/07 6:35 AM, Jonathan Rochkind [EMAIL PROTECTED] wrote: Jeremy Frumkin wrote: Ok, so this is a good example for where I¹m failing to see the advantage to OpenID over the current local authentication provided by a university / library. As Nathan explains, to identify your link resolver(s) to a particular database (or 'source') you are using. How can a foreign third party (vended or free) database use your local authentication login? Instead, what they use currently is IP address. Which is broken in several ways anyone who has worked with IP-address-as-identity, common for authentication in our current environments, has realized. IP address is not identity. Several people (with different institutional affiliation/licenses held/link resolvers used) may share an IP address, and one person may have several IP addresses. IP address to people is a many to many mapping, and thus is horribly broken for identification and authentication, and leads to all sorts of problems many of us must continually try to work around, not very succesfully. --- Right, except OpenID isn¹t going to do this; there needs to be an infrastructure in place where OpenID (or some other standard persistent identifying system) can sit on top of, and that¹s still the big problem. Now, maybe the tail will wag the dog, and OpenID will lead to efforts to build underlying trust infrastructure, but at the moment, that infrastructure does not exist. The easiest way to implement that infrastructure probably would be for every institution that might adopt OpenID to also become an OpenID provider, but then, unless there is a standard mechanism for linking one OpenID to another in a secure manner, we¹re back at having multiple OpenIDs depending on our context. I completely agree that IP-based authentication is not the long-term answer; maybe there is a path, however, to applying OpenID over our current IP-based auth / proxy servers in a manner that does add user-side value. As Nathan stated in an earlier email, the one big advantage OpenID has right now is that it is easy to start playing with, and maybe that¹s enough to start the wagging. -- jaf === Jeremy Frumkin The Gray Chair for Innovative Library Services 121 The Valley Library, Oregon State University Corvallis OR 97331-4501 [EMAIL PROTECTED] 541.737.9928 541.737.3453 (Fax) 541.230.4483 (Cell) === Without ambition one starts nothing. Without work one finishes nothing. - Emerson -- Jonathan Rochkind Sr. Programmer/Analyst The Sheridan Libraries Johns Hopkins University 410.516.8886 rochkind (at) jhu.edu
Re: [CODE4LIB] Using OpenID in libraries
Back in January on NGC4LIB I proposed doing this, a universal ID system to use when browsing, using the FOAF structure. I got back answers that told me they were not getting the concept. This discussion on OpenID is very interesting and I hope this can be made to work. Steven C. Perkins On 3/26/07, Jonathan Rochkind [EMAIL PROTECTED] wrote: Right, except OpenID isn¹t going to do this; there needs to be an infrastructure in place where OpenID (or some other standard persistent identifying system) can sit on top of, and that¹s still the big problem. Right, that's exactly what Nathan's original post suggested. Are we reading the same original post? But yes, this infrastructure is the real issue, whether is uses OpenID or Shibboleth, or something else. But it ought to use _some_ universal single sign-on method. I suggested that the OCLC Registry would be the logical house for this infrastructure, as its' already 75% of the way there. I think OCLC Registry is the... um, I've lost my metaphor. The thing that will wag the dog's tail. But you still need a way for individuals to log in. I suppose it could just be an OCLC-provided account. If OCLC implements OpenID for their Registry, after adding a feature for _individual_ registrations (individuals expressiong associations with the institutional registrations already there), then that's the way to wag the, um, dog. Jonathan Jeremy Frumkin wrote: On 3/26/07 6:35 AM, Jonathan Rochkind [EMAIL PROTECTED] wrote: Jeremy Frumkin wrote: Ok, so this is a good example for where I¹m failing to see the advantage to OpenID over the current local authentication provided by a university / library. As Nathan explains, to identify your link resolver(s) to a particular database (or 'source') you are using. How can a foreign third party (vended or free) database use your local authentication login? Instead, what they use currently is IP address. Which is broken in several ways anyone who has worked with IP-address-as-identity, common for authentication in our current environments, has realized. IP address is not identity. Several people (with different institutional affiliation/licenses held/link resolvers used) may share an IP address, and one person may have several IP addresses. IP address to people is a many to many mapping, and thus is horribly broken for identification and authentication, and leads to all sorts of problems many of us must continually try to work around, not very succesfully. --- Right, except OpenID isn¹t going to do this; there needs to be an infrastructure in place where OpenID (or some other standard persistent identifying system) can sit on top of, and that¹s still the big problem. Now, maybe the tail will wag the dog, and OpenID will lead to efforts to build underlying trust infrastructure, but at the moment, that infrastructure does not exist. The easiest way to implement that infrastructure probably would be for every institution that might adopt OpenID to also become an OpenID provider, but then, unless there is a standard mechanism for linking one OpenID to another in a secure manner, we¹re back at having multiple OpenIDs depending on our context. I completely agree that IP-based authentication is not the long-term answer; maybe there is a path, however, to applying OpenID over our current IP-based auth / proxy servers in a manner that does add user-side value. As Nathan stated in an earlier email, the one big advantage OpenID has right now is that it is easy to start playing with, and maybe that¹s enough to start the wagging. -- jaf === Jeremy Frumkin The Gray Chair for Innovative Library Services 121 The Valley Library, Oregon State University Corvallis OR 97331-4501 [EMAIL PROTECTED] 541.737.9928 541.737.3453 (Fax) 541.230.4483 (Cell) === Without ambition one starts nothing. Without work one finishes nothing. - Emerson -- Jonathan Rochkind Sr. Programmer/Analyst The Sheridan Libraries Johns Hopkins University 410.516.8886 rochkind (at) jhu.edu
Re: [CODE4LIB] Using OpenID in libraries
I haven't seen this mentioned yet, but it seems to me that another possible application of OpenID might be to uniquely digital identifier for authors. In other words, the OpenID could serve as a basis for a sort of open access authority control service (in addition to the obvious single sign-on purpose) Harrison On 3/22/07, William Denton [EMAIL PROTECTED] wrote: I hadn't been too clear on OpenID but a week or two ago I listened to a recording of a talk about that explained it well. I can't find it again, unfortunately, but you can take my word for it that it was pretty good. Is OpenID being used in libraries? It struck me that it could work well for library systems that share resources: two systems that are part of the same consortium or provincial/state system; two neighbouring public systems that let people from one borrow at the other; academic libraries that want to make it easy for visiting profs and grad students to get temporary access to online resources; etc. Say I live in Lower Mowat but one day I'm in Upper Mowat, in the next municipality (or county, or whatever) over, visiting my tailor. The two library systems are separate but share their resources. I pop into the library to update my Twittering friends on my inseam measurement. I don't actually have an account at the Upper Mowat Library, but I log in to one of their computers using my Lower Mowat-supplied OpenID identifier, and the Upper Mowat system recognizes where I'm from and gives me access to everything. Bill -- William Denton, Toronto : miskatonic.org : frbr.org : openfrbr.org -- Harrison Dekker Coordinator of Data Services Doe/Moffitt Libraries, UC Berkeley
Re: [CODE4LIB] Using OpenID in libraries
On Mar 23, 2007, at 1:21 AM, Alexander Johannesen wrote: I suspect most of our patrons are in the latter category, but hey, we're going to implement OpenID cross-system soon so at least we're trying. :) I think experimentation and research are needed in the application of openid in libraries...so it's good to hear you are trying. Please consider publishing your findings if you haven't already. //Ed
Re: [CODE4LIB] Using OpenID in libraries
i can see many library administrators being skeptical about openid... at my library we're actively looking at shibboleth. i don't know enough about either one yet to speak intelligently about them, but..doesn't shibboleth operate similarly to openid? cheers, susan Susan Teague Rector Library Information Systems Web Applications Manager VCU Libraries 804-828-0032 [EMAIL PROTECTED] Jeremy Frumkin wrote: While OpenID has potential within certain contexts, I have difficulty seeing it being quickly adopted by libraries, universities, or other entities that need to relate real identities to an OpenID. OpenID doesn¹t do trust; it explicitly says it is not a trust system. For libraries to adopt OpenID, they need to somehow link OpenID to a trust system. It isn¹t clear to me that there is enough added value to libraries at this point to adopt OpenID of course, I¹d be glad to buy someone a beer if they provide a use case to convince me otherwise ;-) -- jaf On 3/22/07 8:37 PM, Ross Singer [EMAIL PROTECTED] wrote: On 3/22/07, Don McMorris [EMAIL PROTECTED] wrote: Ryan's message (I guess seeing academia) made me think of Athens, which made me further think Hey, Subscription Databases are just ITCHING for OpenID!. I mean, come on... The methods we have for database authentication aren't working well... Well, naturally, academia has thought of this and overengineered it to death: http://shibboleth.internet2.edu/ which is why it's taken 7years so far and there is still very few implementations. -Ross. === Jeremy Frumkin The Gray Chair for Innovative Library Services 121 The Valley Library, Oregon State University Corvallis OR 97331-4501 [EMAIL PROTECTED] 541.737.9928 541.737.3453 (Fax) 541.230.4483 (Cell) === Without ambition one starts nothing. Without work one finishes nothing. - Emerson
Re: [CODE4LIB] Using OpenID in libraries
Ross! You're not supposed to actually _say_ it! - David On 22-Mar-07, at 23:37 , Ross Singer wrote: On 3/22/07, Don McMorris [EMAIL PROTECTED] wrote: Ryan's message (I guess seeing academia) made me think of Athens, which made me further think Hey, Subscription Databases are just ITCHING for OpenID!. I mean, come on... The methods we have for database authentication aren't working well... Well, naturally, academia has thought of this and overengineered it to death: http://shibboleth.internet2.edu/ which is why it's taken 7years so far and there is still very few implementations. -Ross. -- David J. Fiander Digital Services Librarian
Re: [CODE4LIB] Using OpenID in libraries
My rule about Shibboleth is that it takes twice as long to implement as you planned, even if you take this rule into account. That was funny when we were in the second year of a one-year implentation timetable. Now that we're in the fifth year Thomas Dowling [EMAIL PROTECTED] On 3/23/2007 7:12 AM, David J. Fiander wrote: Ross! You're not supposed to actually _say_ it! - David On 22-Mar-07, at 23:37 , Ross Singer wrote: ...http://shibboleth.internet2.edu/ which is why it's taken 7years so far and there is still very few implementations.
Re: [CODE4LIB] Using OpenID in libraries
Ah ha! /That's/ the problem with Shibboleth -- every time anyone tries to implement it, they say it incorrectly and are subsequently killed, sending the institution back to square one. -Ross. On 3/23/07, David J. Fiander [EMAIL PROTECTED] wrote: Ross! You're not supposed to actually _say_ it! - David On 22-Mar-07, at 23:37 , Ross Singer wrote: On 3/22/07, Don McMorris [EMAIL PROTECTED] wrote: Ryan's message (I guess seeing academia) made me think of Athens, which made me further think Hey, Subscription Databases are just ITCHING for OpenID!. I mean, come on... The methods we have for database authentication aren't working well... Well, naturally, academia has thought of this and overengineered it to death: http://shibboleth.internet2.edu/ which is why it's taken 7years so far and there is still very few implementations. -Ross. -- David J. Fiander Digital Services Librarian
Re: [CODE4LIB] Using OpenID in libraries
On Mar 22, 2007, at 10:51 PM, Jeremy Frumkin wrote: It isn’t clear to me that there is enough added value to libraries at this point to adopt OpenID – of course, I’d be glad to buy someone a beer if they provide a use case to convince me otherwise ;-) OK, I'll bite: * We build a registry mapping OpenID providers to OpenURL resolvers. * A user comes to our tool for finding licensed material (eg, a LibraryFind implementation) * If (by IP, OCLC's link resolver) we know the OpenURL resolver, rewrite URLs to point at that resolver. * Otherwise, we punt to an OpenID login form, and look them up in the OpenID - Resolver registry, and use that resolver when rewriting links. Now, anyone whose institution has both has an OpenURL resolver and provides OpenIDs can use our tool, without making any interaction with us. The really nice thing is that (at least for us) the OpenID resolver handles trust issues, proxying requests if necessary. The resolver doesn't need to be OpenID-aware -- though it would make for a nicer experience. Cheers, -Nate
Re: [CODE4LIB] Using OpenID in libraries
Ok, so this is a good example for where I¹m failing to see the advantage to OpenID over the current local authentication provided by a university / library. Why would I need to use OpenID as opposed to my current account that my library provides me? As I understand the current OpenURL workflow, OpenURL doesn¹t do anything with authentication / authorization that happens at the information source or at the institution¹s proxy server. Again, OpenID doesn¹t say anything about trust; it only speaks to authenticating that I am the owner of my OpenID URI. I¹m truly trying to play devil¹s advocate here; I believe that OpenID is a step in the right direction, and we even have plans for adding OpenID support in LibraryFind. I¹m really trying to tease out where the added-value is and how it might best link up to trust systems. All that being said, I¹m still good for that beer, Nate. :-) -- jaf On 3/23/07 9:20 AM, Nathan Vack [EMAIL PROTECTED] wrote: On Mar 22, 2007, at 10:51 PM, Jeremy Frumkin wrote: It isn¹t clear to me that there is enough added value to libraries at this point to adopt OpenID of course, I¹d be glad to buy someone a beer if they provide a use case to convince me otherwise ;-) OK, I'll bite: * We build a registry mapping OpenID providers to OpenURL resolvers. * A user comes to our tool for finding licensed material (eg, a LibraryFind implementation) * If (by IP, OCLC's link resolver) we know the OpenURL resolver, rewrite URLs to point at that resolver. * Otherwise, we punt to an OpenID login form, and look them up in the OpenID - Resolver registry, and use that resolver when rewriting links. Now, anyone whose institution has both has an OpenURL resolver and provides OpenIDs can use our tool, without making any interaction with us. The really nice thing is that (at least for us) the OpenID resolver handles trust issues, proxying requests if necessary. The resolver doesn't need to be OpenID-aware -- though it would make for a nicer experience. Cheers, -Nate === Jeremy Frumkin The Gray Chair for Innovative Library Services 121 The Valley Library, Oregon State University Corvallis OR 97331-4501 [EMAIL PROTECTED] 541.737.9928 541.737.3453 (Fax) 541.230.4483 (Cell) === Without ambition one starts nothing. Without work one finishes nothing. - Emerson
Re: [CODE4LIB] Using OpenID in libraries
On Mar 23, 2007, at 2:41 PM, Jeremy Frumkin wrote: Ok, so this is a good example for where I’m failing to see the advantage to OpenID over the current local authentication provided by a university / library. Why would I need to use OpenID as opposed to my current account that my library provides me? As I understand the current OpenURL workflow, OpenURL doesn’t do anything with authentication / authorization – that happens at the information source or at the institution’s proxy server. Again, OpenID doesn’t say anything about trust; it only speaks to authenticating that I am the owner of my OpenID URI. In this case, it'd just be a standard (read: potentially browser- supported, yay Sxipper) way for me to say I'm with University X. The experience is nice, and it's really easy to implement. Honestly though, for this application, you could do the same with a pulldown menu, or the Google Scholar Find Library trick. Ultimately, I'd hope to see libraries agree on a set of attributes for classifying patrons, building registries of trusted providers, and using this as basis for offering services outside our own institutions. (There's a Mashing Up The Library entrant floating around in my mind, with this idea as the basis...) Being the owner of an OpenID URI doesn't say anything about trust, but it *does* give you enough information to build a trust system, as you also know who issued the ID. You probably don't care that I'm 'njvack,' but you may well care that the University of Wisconsin *says* I'm 'njvack' -- if you know, a priori, that we're trustworthy. But for me, the really attractive part is that one really doesn't need a lot of external support (*cough* Shibboleth *cough*) to start playing around. Cheers, -Nate
Re: [CODE4LIB] Using OpenID in libraries
Ultimately, I'd hope to see libraries agree on a set of attributes for classifying patrons, building registries of trusted providers, and using this as basis for offering services outside our own institutions. (There's a Mashing Up The Library entrant floating around in my mind, with this idea as the basis...) :-) Sounds good! We're about to announce a closing date for the next round of judging, so now would be a good time to firm that idea up a bit. And I'll agree with yay Sxipper, too! - http://tinyurl.com/2tujyj Paul -- Dr Paul Miller Senior Manager Technology Evangelist, Talis w: www.talis.com/ m: +44 (7769) 740083 im: [EMAIL PROTECTED] [AIM, MSN and iChat] skype: napm1971 -- The very latest from Talis read the latest news at www.talis.com/news listen to our podcasts www.talis.com/podcasts see us at these events www.talis.com/events join the discussion here www.talis.com/forums join our developer community www.talis.com/tdn and read our blogs www.talis.com/blogs Any views or personal opinions expressed within this email may not be those of Talis Information Ltd. The content of this email message and any files that may be attached are confidential, and for the usage of the intended recipient only. If you are not the intended recipient, then please return this message to the sender and delete it. Any use of this e-mail by an unauthorised recipient is prohibited. Talis Information Ltd is a member of the Talis Group of companies and is registered in England No 3638278 with its registered office at Knights Court, Solihull Parkway, Birmingham Business Park, B37 7YB.
Re: [CODE4LIB] Using OpenID in libraries
On 22 March 2007, William Denton wrote: I hadn't been too clear on OpenID but a week or two ago I listened to a recording of a talk about that explained it well. I can't find it again, unfortunately, but you can take my word for it that it was pretty good. It was Simon Willison at the Future of Web Apps conference in London, England, in February. See: http://simonwillison.net/2007/Mar/12/slidecast/ Bill -- William Denton, Toronto : miskatonic.org : frbr.org : openfrbr.org
Re: [CODE4LIB] Using OpenID in libraries
I haven't seen much in library world outside of some talk/discussion. I did come across one academia that did implement it: http://blog.case.edu/jms18/2007/03/09/openid_server_integrated_with_cas Not sure if it's taken off much otherwise in the academic or public sector. I think quite a few are lucky to get any authentication working well. Ryan On 3/22/07, William Denton [EMAIL PROTECTED] wrote: I hadn't been too clear on OpenID but a week or two ago I listened to a recording of a talk about that explained it well. I can't find it again, unfortunately, but you can take my word for it that it was pretty good. Is OpenID being used in libraries? It struck me that it could work well for library systems that share resources: two systems that are part of the same consortium or provincial/state system; two neighbouring public systems that let people from one borrow at the other; academic libraries that want to make it easy for visiting profs and grad students to get temporary access to online resources; etc. Say I live in Lower Mowat but one day I'm in Upper Mowat, in the next municipality (or county, or whatever) over, visiting my tailor. The two library systems are separate but share their resources. I pop into the library to update my Twittering friends on my inseam measurement. I don't actually have an account at the Upper Mowat Library, but I log in to one of their computers using my Lower Mowat-supplied OpenID identifier, and the Upper Mowat system recognizes where I'm from and gives me access to everything. Bill -- William Denton, Toronto : miskatonic.org : frbr.org : openfrbr.org
Re: [CODE4LIB] Using OpenID in libraries
That would work if both (or all) library systems shared access to the same online resources equally. Or I suppose one could have a system of automatic forwarding/ authentication based on id? That would be cool, but I wonder how hard would it be to implement? Here in Florida, the State Library provides state-wide access to a lot of online resources. Some libraries have more, based on their own subscriptions, but access to the basic level provided by the State Library is free for everyone who has a library card. Not exactly the same idea, but it is an example of an overarching agency providing more or less seamless access. Carol Bean On Mar 22, 2007, at 10:09 PM, William Denton wrote: I hadn't been too clear on OpenID but a week or two ago I listened to a recording of a talk about that explained it well. I can't find it again, unfortunately, but you can take my word for it that it was pretty good. Is OpenID being used in libraries? It struck me that it could work well for library systems that share resources: two systems that are part of the same consortium or provincial/state system; two neighbouring public systems that let people from one borrow at the other; academic libraries that want to make it easy for visiting profs and grad students to get temporary access to online resources; etc. Say I live in Lower Mowat but one day I'm in Upper Mowat, in the next municipality (or county, or whatever) over, visiting my tailor. The two library systems are separate but share their resources. I pop into the library to update my Twittering friends on my inseam measurement. I don't actually have an account at the Upper Mowat Library, but I log in to one of their computers using my Lower Mowat-supplied OpenID identifier, and the Upper Mowat system recognizes where I'm from and gives me access to everything. Bill -- William Denton, Toronto : miskatonic.org : frbr.org : openfrbr.org
Re: [CODE4LIB] Using OpenID in libraries
Bill, I have thought about this (although not in regards to logging library workstations -- that'd be difficult but awesome), especially now that Georgia Tech is implementing lifetime accounts. The project that we are currently trying to pull together (GaTher -- which is sort of a library building/citation management tool, although a bit more sophisticated than that) intends to use OpenID to allow people to invite non-GT people into their GaTher groups. Now that accounts here are permanent, a GT person can use their GT OpenID without fear of losing their identity when they graduate/move on. -Ross. On 3/22/07, William Denton [EMAIL PROTECTED] wrote: I hadn't been too clear on OpenID but a week or two ago I listened to a recording of a talk about that explained it well. I can't find it again, unfortunately, but you can take my word for it that it was pretty good. Is OpenID being used in libraries? It struck me that it could work well for library systems that share resources: two systems that are part of the same consortium or provincial/state system; two neighbouring public systems that let people from one borrow at the other; academic libraries that want to make it easy for visiting profs and grad students to get temporary access to online resources; etc. Say I live in Lower Mowat but one day I'm in Upper Mowat, in the next municipality (or county, or whatever) over, visiting my tailor. The two library systems are separate but share their resources. I pop into the library to update my Twittering friends on my inseam measurement. I don't actually have an account at the Upper Mowat Library, but I log in to one of their computers using my Lower Mowat-supplied OpenID identifier, and the Upper Mowat system recognizes where I'm from and gives me access to everything. Bill -- William Denton, Toronto : miskatonic.org : frbr.org : openfrbr.org
Re: [CODE4LIB] Using OpenID in libraries
On 22-Mar-07, at 22:09 , William Denton wrote: Say I live in Lower Mowat but one day I'm in Upper Mowat, in the next municipality (or county, or whatever) over, visiting my tailor. The two library systems are separate but share their resources. I pop into the library to update my Twittering friends on my inseam measurement. I don't actually have an account at the Upper Mowat Library, but I log in to one of their computers using my Lower Mowat-supplied OpenID identifier, and the Upper Mowat system recognizes where I'm from and gives me access to everything. Bill, this sounds intriguing. The hard part of this process will be federating the patron databases into the OpenID framework. Right now some ILSs support querying an external LDAP server to authenticate patrons (III does this for logging in to the opac to place holds, for example), and some external systems support querying the patron database to authenticate (certain wireless access points and internet terminal management systems do this). So, when I walk in to my library and set up my library account, instead of them giving me a PIN with which to log in, I give them my OpenID (they might still give me a PIN, so people without OpenIDs can use the system, but I'll ignore it). Then, when I attempt to access services, I will select the log in with my OpenID option, it will pass off to the OpenID infrastructure, which will return 'aye' or 'nay', and then I'll be in, and the ILS will look up my authenticated OpenID in the patron database to find out how much money I owe in fines. It's not clear to me that NCIP comes in to the process, since that's a different (very heavy) way of passing authentication information around that I don't think fits well with the OpenID framework, but that something that I've have to look deeper into. - David -- David J. Fiander Digital Services Librarian
Re: [CODE4LIB] Using OpenID in libraries
Ryan's message (I guess seeing academia) made me think of Athens, which made me further think Hey, Subscription Databases are just ITCHING for OpenID!. I mean, come on... The methods we have for database authentication aren't working well... 1) authenticating to a proxy and browsing the database through it: Extra bandwidth is needed, meaning additional cost 2) HTTP_REFERER: Lots of firewalls are blocking this... not to mention the need to click about 3+ layers of links and potentially entering a library card number before using the resource 3) Registering a service-specific user ID in the library or remote via method 1 or 2: Who wants another username/password? Here's a scenario: I want to access Novelist. So, I go to my library web site. I disable my firewall so that HTTP_REFERER will be passed on. I dig out my library card and enter the number on Ebsco's page. I'm finally where I want to be... Now, if Novelist implemented OpenID, I could simply go straight there (whether or not I've ever been there), I can just go to the Novelist web site and enter the OpenID that I've set up with my library. 1 step, 1 set of credentials. All is good. And, this could potentially be expanded so that if my patron is delinquent, the database can deny him access! Now, come on... who doesn't think OpenID would be GREAT for subscription databases? On 3/22/07, Ryan Eby [EMAIL PROTECTED] wrote: I haven't seen much in library world outside of some talk/discussion. I did come across one academia that did implement it: http://blog.case.edu/jms18/2007/03/09/openid_server_integrated_with_cas Not sure if it's taken off much otherwise in the academic or public sector. I think quite a few are lucky to get any authentication working well. Ryan On 3/22/07, William Denton [EMAIL PROTECTED] wrote: I hadn't been too clear on OpenID but a week or two ago I listened to a recording of a talk about that explained it well. I can't find it again, unfortunately, but you can take my word for it that it was pretty good. Is OpenID being used in libraries? It struck me that it could work well for library systems that share resources: two systems that are part of the same consortium or provincial/state system; two neighbouring public systems that let people from one borrow at the other; academic libraries that want to make it easy for visiting profs and grad students to get temporary access to online resources; etc. Say I live in Lower Mowat but one day I'm in Upper Mowat, in the next municipality (or county, or whatever) over, visiting my tailor. The two library systems are separate but share their resources. I pop into the library to update my Twittering friends on my inseam measurement. I don't actually have an account at the Upper Mowat Library, but I log in to one of their computers using my Lower Mowat-supplied OpenID identifier, and the Upper Mowat system recognizes where I'm from and gives me access to everything. Bill -- William Denton, Toronto : miskatonic.org : frbr.org : openfrbr.org
Re: [CODE4LIB] Using OpenID in libraries
On 3/22/07, Don McMorris [EMAIL PROTECTED] wrote: Ryan's message (I guess seeing academia) made me think of Athens, which made me further think Hey, Subscription Databases are just ITCHING for OpenID!. I mean, come on... The methods we have for database authentication aren't working well... Well, naturally, academia has thought of this and overengineered it to death: http://shibboleth.internet2.edu/ which is why it's taken 7years so far and there is still very few implementations. -Ross.
