Re: [CODE4LIB] Using OpenID in libraries

2007-04-16 Thread Taco Ekkel

AquaBrowser Library will support OpenID for logging into your library stuff.
Going beyond that, Jeremy touches a good point on trust. Since AquaBrowser
is cross-datasource (ILSes, DBs, etc - both indexed and federated) we are
considering hooking into auth systems under water, by allowing users to
couple trust information (LDAP, library card pins, along those lines) to
their openid-based account. A question for us is how (or whether!) to make
that latter part an open infrastructure to others, by including some way to
guarantee user consent per individual action. Anyone interested I can give a
url to give it a whirl when it's hitting alpha-ish state.


--
Taco Ekkel
Director of Development
Medialab Solutions B.V.

AquaBrowser Library - Search, Discover, Refine

Modemstraat 2B / 1033 RW / Amsterdam / +31(0)20 635 3190 /
www.aquabrowser.com


On 3/23/07, William Denton <[EMAIL PROTECTED]> wrote:


I hadn't been too clear on OpenID but a week or two ago I listened to a
recording of a talk about that explained it well.  I can't find it again,
unfortunately, but you can take my word for it that it was pretty good.

Is OpenID being used in libraries?  It struck me that it could work well
for library systems that share resources: two systems that are part of the
same consortium or provincial/state system; two neighbouring public
systems that let people from one borrow at the other; academic libraries
that want to make it easy for visiting profs and grad students to get
temporary access to online resources; etc.

Say I live in Lower Mowat but one day I'm in Upper Mowat, in the next
municipality (or county, or whatever) over, visiting my tailor.  The two
library systems are separate but share their resources.  I pop into the
library to update my Twittering friends on my inseam measurement.  I don't
actually have an account at the Upper Mowat Library, but I log in to one
of their computers using my Lower Mowat-supplied OpenID identifier, and
the Upper Mowat system recognizes where I'm from and gives me access to
everything.

Bill
--
William Denton, Toronto : miskatonic.org : frbr.org : openfrbr.org



Re: [CODE4LIB] Using OpenID in libraries

2007-03-26 Thread Art Rhyno
>Back in January on NGC4LIB I proposed doing this, a universal ID system
to
>use when browsing, using the FOAF structure.  I got back answers that
told
>me they were not getting the concept.  This discussion on OpenID is very
>interesting and I hope this can be made to work.

Hi Steven,

Tim Berners-Lee [1], among others, have brought up FOAF
(Friend-Of-A-Friend) in connection to OpenID as a way to establish trust
networks. You could argue that the attributes support in shibboleth could
accomplish the same thing, but the difference might be that people like
Sir Tim are seeing some synergy in OpenID and FOAF whereas shibboleth
doesn't seem to capture the attention of the mainstream web folks. Not
that FOAF is without its own detractors, but here's a variation of a
syntax I have seen for indicating trust, in this case, in Ed Summers' Ruby
knowledge (the syntax is a little dated but you get the idea). Extend this
to indicate, for example, a fondness for the music of Howlin' Wolf, or
some other kind of preference information, and creating systems that
respond dynamically to user background and preferences might be possible :

http://www.w3.org/1999/02/22-rdf-syntax-ns#";
xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#";
xmlns:foaf="http://xmlns.com/foaf/0.1/";
xmlns:trust="http://www.perceive.net/schemas/20020725/trust#";>



http://dmoz.org/Computers/Programming/Languages/Ruby/"; />





OpenID implementations may already have a little plumbing for this kind of
thing with "personas" but it still comes back to how much a service is
willing to accept from a particular OpenID provider.  I would be curious
whether the above kind of syntax could fit into the Yadis system used by
OpenID because I am very unclear how FOAF and OpenID could/should
intersect. There is also talk about OpenID support being built into
browsers, things would get really interesting if the web browser started
to broadcast an OpenID to web services.

art
---
1. http://dig.csail.mit.edu/breadcrumbs/node/170


Re: [CODE4LIB] Using OpenID in libraries

2007-03-26 Thread S Perkins

Back in January on NGC4LIB I proposed doing this, a universal ID system to
use when browsing, using the FOAF structure.  I got back answers that told
me they were not getting the concept.  This discussion on OpenID is very
interesting and I hope this can be made to work.

Steven C. Perkins



On 3/26/07, Jonathan Rochkind <[EMAIL PROTECTED]> wrote:


>Right, except OpenID isn¹t going to do this; there needs to be an
> infrastructure in place where OpenID (or some other standard persistent
> identifying system) can sit on top of, and that¹s still the big problem.

Right, that's exactly what Nathan's original post suggested. Are we
reading the same original post?

But yes, this infrastructure is the real issue, whether is uses OpenID
or Shibboleth, or something else. But it ought to use _some_ "universal
single sign-on" method.

I suggested that the OCLC Registry would be the logical house for this
infrastructure, as its' already 75% of the way there. I think OCLC
Registry is the... um, I've lost my metaphor. The thing that will wag
the dog's tail. But you still need a way for individuals to log in. I
suppose it could just be an OCLC-provided account. If OCLC implements
OpenID for their Registry, after adding a feature for _individual_
registrations (individuals expressiong associations with the
institutional registrations already there), then that's the way to wag
the, um, dog.

Jonathan

Jeremy Frumkin wrote:
> On 3/26/07 6:35 AM, "Jonathan Rochkind" <[EMAIL PROTECTED]> wrote:
>
>
>> Jeremy Frumkin wrote:
>>
 Ok, so this is a good example for where I¹m failing to see the
advantage to
 OpenID over the current local authentication provided by a university
/
 library.

>> As Nathan explains, to identify your link resolver(s) to a particular
>> database (or 'source') you are using.  How can a foreign third party
>> (vended or free) database use your local authentication login? Instead,
>> what they use currently is IP address.
>>
>> Which is broken in several ways anyone who has worked with
>> IP-address-as-identity, common for authentication in our current
>> environments, has realized. IP address is not identity. Several people
>> (with different institutional affiliation/licenses held/link resolvers
>> used) may share an IP address, and one person may have several IP
>> addresses. IP address to people is a many to many mapping, and thus is
>> horribly broken for identification and authentication, and leads to all
>> sorts of problems many of us must continually try to work around, not
>> very succesfully.
>>
>
> ---
>
> Right, except OpenID isn¹t going to do this; there needs to be an
> infrastructure in place where OpenID (or some other standard persistent
> identifying system) can sit on top of, and that¹s still the big problem.
> Now, maybe the tail will wag the dog, and OpenID will lead to efforts to
> build underlying trust infrastructure, but at the moment, that
> infrastructure does not exist. The easiest way to implement that
> infrastructure probably would be for every institution that might adopt
> OpenID to also become an OpenID provider, but then, unless there is a
> standard mechanism for linking one OpenID to another in a secure manner,
> we¹re back at having multiple OpenIDs depending on our context. I
completely
> agree that IP-based authentication is not the long-term answer; maybe
there
> is a path, however, to applying OpenID over our current IP-based auth /
> proxy servers in a manner that does add user-side value. As Nathan
stated in
> an earlier email, the one big advantage OpenID has right now is that it
is
> easy to start playing with, and maybe that¹s enough to start the
wagging.
>
> -- jaf
>
> ===
> Jeremy Frumkin
> The Gray Chair for Innovative Library Services
> 121 The Valley Library, Oregon State University
> Corvallis OR 97331-4501
>
> [EMAIL PROTECTED]
>
> 541.737.9928
> 541.737.3453 (Fax)
> 541.230.4483 (Cell)
> ===
> " Without ambition one starts nothing. Without work one finishes
nothing. "
> - Emerson
>
>

--
Jonathan Rochkind
Sr. Programmer/Analyst
The Sheridan Libraries
Johns Hopkins University
410.516.8886
rochkind (at) jhu.edu



Re: [CODE4LIB] Using OpenID in libraries

2007-03-26 Thread Jonathan Rochkind

Right, except OpenID isn¹t going to do this; there needs to be an
infrastructure in place where OpenID (or some other standard persistent
identifying system) can sit on top of, and that¹s still the big problem.


Right, that's exactly what Nathan's original post suggested. Are we
reading the same original post?

But yes, this infrastructure is the real issue, whether is uses OpenID
or Shibboleth, or something else. But it ought to use _some_ "universal
single sign-on" method.

I suggested that the OCLC Registry would be the logical house for this
infrastructure, as its' already 75% of the way there. I think OCLC
Registry is the... um, I've lost my metaphor. The thing that will wag
the dog's tail. But you still need a way for individuals to log in. I
suppose it could just be an OCLC-provided account. If OCLC implements
OpenID for their Registry, after adding a feature for _individual_
registrations (individuals expressiong associations with the
institutional registrations already there), then that's the way to wag
the, um, dog.

Jonathan

Jeremy Frumkin wrote:

On 3/26/07 6:35 AM, "Jonathan Rochkind" <[EMAIL PROTECTED]> wrote:



Jeremy Frumkin wrote:


Ok, so this is a good example for where I¹m failing to see the advantage to
OpenID over the current local authentication provided by a university /
library.


As Nathan explains, to identify your link resolver(s) to a particular
database (or 'source') you are using.  How can a foreign third party
(vended or free) database use your local authentication login? Instead,
what they use currently is IP address.

Which is broken in several ways anyone who has worked with
IP-address-as-identity, common for authentication in our current
environments, has realized. IP address is not identity. Several people
(with different institutional affiliation/licenses held/link resolvers
used) may share an IP address, and one person may have several IP
addresses. IP address to people is a many to many mapping, and thus is
horribly broken for identification and authentication, and leads to all
sorts of problems many of us must continually try to work around, not
very succesfully.



---

Right, except OpenID isn¹t going to do this; there needs to be an
infrastructure in place where OpenID (or some other standard persistent
identifying system) can sit on top of, and that¹s still the big problem.
Now, maybe the tail will wag the dog, and OpenID will lead to efforts to
build underlying trust infrastructure, but at the moment, that
infrastructure does not exist. The easiest way to implement that
infrastructure probably would be for every institution that might adopt
OpenID to also become an OpenID provider, but then, unless there is a
standard mechanism for linking one OpenID to another in a secure manner,
we¹re back at having multiple OpenIDs depending on our context. I completely
agree that IP-based authentication is not the long-term answer; maybe there
is a path, however, to applying OpenID over our current IP-based auth /
proxy servers in a manner that does add user-side value. As Nathan stated in
an earlier email, the one big advantage OpenID has right now is that it is
easy to start playing with, and maybe that¹s enough to start the wagging.

-- jaf

===
Jeremy Frumkin
The Gray Chair for Innovative Library Services
121 The Valley Library, Oregon State University
Corvallis OR 97331-4501

[EMAIL PROTECTED]

541.737.9928
541.737.3453 (Fax)
541.230.4483 (Cell)
===
" Without ambition one starts nothing. Without work one finishes nothing. "
- Emerson




--
Jonathan Rochkind
Sr. Programmer/Analyst
The Sheridan Libraries
Johns Hopkins University
410.516.8886
rochkind (at) jhu.edu


Re: [CODE4LIB] Using OpenID in libraries

2007-03-26 Thread Nathan Vack

On Mar 26, 2007, at 10:33 AM, Jeremy Frumkin wrote:


The easiest way to implement that infrastructure probably would be
for every institution that might adopt OpenID to also become an
OpenID provider, but then, unless there is a standard mechanism for
linking one OpenID to another in a secure manner, we’re back at
having multiple OpenIDs depending on our context.


This is true. It's even a Good Thing; it's kind of the whole point.
Customers get to say, in essence, "Here's who I say I am. These
providers will vouch for that."

Customers get to choose which providers they want to identify them,
and what data they want to release. It's only natural that I'd have
more than one possible identity, and I don't want them linked
together in some magical way. If I want to tell you about more than
one identity profile, I should do that of my own volition.

Making it really easy to choose my identity is the web browser's job.
That's where Sxipper (and Firefox 3?) comes in.

The big infrastructure we need to build is in deciding what's a
trustworthy identity, and what we're willing to do with that knowledge.

Cheers,
-Nate


Re: [CODE4LIB] Using OpenID in libraries

2007-03-26 Thread Jeremy Frumkin
On 3/26/07 6:35 AM, "Jonathan Rochkind" <[EMAIL PROTECTED]> wrote:

> Jeremy Frumkin wrote:
>> > Ok, so this is a good example for where I¹m failing to see the advantage to
>> > OpenID over the current local authentication provided by a university /
>> > library.
> As Nathan explains, to identify your link resolver(s) to a particular
> database (or 'source') you are using.  How can a foreign third party
> (vended or free) database use your local authentication login? Instead,
> what they use currently is IP address.
> 
> Which is broken in several ways anyone who has worked with
> IP-address-as-identity, common for authentication in our current
> environments, has realized. IP address is not identity. Several people
> (with different institutional affiliation/licenses held/link resolvers
> used) may share an IP address, and one person may have several IP
> addresses. IP address to people is a many to many mapping, and thus is
> horribly broken for identification and authentication, and leads to all
> sorts of problems many of us must continually try to work around, not
> very succesfully.

---

Right, except OpenID isn¹t going to do this; there needs to be an
infrastructure in place where OpenID (or some other standard persistent
identifying system) can sit on top of, and that¹s still the big problem.
Now, maybe the tail will wag the dog, and OpenID will lead to efforts to
build underlying trust infrastructure, but at the moment, that
infrastructure does not exist. The easiest way to implement that
infrastructure probably would be for every institution that might adopt
OpenID to also become an OpenID provider, but then, unless there is a
standard mechanism for linking one OpenID to another in a secure manner,
we¹re back at having multiple OpenIDs depending on our context. I completely
agree that IP-based authentication is not the long-term answer; maybe there
is a path, however, to applying OpenID over our current IP-based auth /
proxy servers in a manner that does add user-side value. As Nathan stated in
an earlier email, the one big advantage OpenID has right now is that it is
easy to start playing with, and maybe that¹s enough to start the wagging.

-- jaf

===
Jeremy Frumkin
The Gray Chair for Innovative Library Services
121 The Valley Library, Oregon State University
Corvallis OR 97331-4501
 
[EMAIL PROTECTED]
 
541.737.9928
541.737.3453 (Fax)
541.230.4483 (Cell)
===
" Without ambition one starts nothing. Without work one finishes nothing. "
- Emerson


Re: [CODE4LIB] Using OpenID in libraries

2007-03-26 Thread Jonathan Rochkind

Jeremy Frumkin wrote:

Ok, so this is a good example for where I¹m failing to see the advantage to
OpenID over the current local authentication provided by a university /
library.

As Nathan explains, to identify your link resolver(s) to a particular
database (or 'source') you are using.  How can a foreign third party
(vended or free) database use your local authentication login? Instead,
what they use currently is IP address.

Which is broken in several ways anyone who has worked with
IP-address-as-identity, common for authentication in our current
environments, has realized. IP address is not identity. Several people
(with different institutional affiliation/licenses held/link resolvers
used) may share an IP address, and one person may have several IP
addresses. IP address to people is a many to many mapping, and thus is
horribly broken for identification and authentication, and leads to all
sorts of problems many of us must continually try to work around, not
very succesfully.

Jonathan


Why would I need to use OpenID as opposed to my current account
that my library provides me? As I understand the current OpenURL workflow,
OpenURL doesn¹t do anything with authentication / authorization ­ that
happens at the information source or at the institution¹s proxy server.
Again, OpenID doesn¹t say anything about trust; it only speaks to
authenticating that I am the owner of my OpenID URI.

I¹m truly trying to play devil¹s advocate here; I believe that OpenID is a
step in the right direction, and we even have plans for adding OpenID
support in LibraryFind. I¹m really trying to tease out where the added-value
is ­ and how it might best link up to trust systems.

All that being said, I¹m still good for that beer, Nate. :-)

-- jaf


On 3/23/07 9:20 AM, "Nathan Vack" <[EMAIL PROTECTED]> wrote:



On Mar 22, 2007, at 10:51 PM, Jeremy Frumkin wrote:



It isn¹t clear to me that there is enough added value to libraries
at this point to adopt OpenID ­ of course, I¹d be glad to buy
someone a beer if they provide a use case to convince me otherwise ;-)


OK, I'll bite:

* We build a registry mapping OpenID providers to OpenURL resolvers.

* A user comes to our tool for finding licensed material (eg, a
LibraryFind implementation)

* If (by IP, OCLC's link resolver) we know the OpenURL resolver,
rewrite URLs to point at that resolver.

* Otherwise, we punt to an OpenID login form, and look them up in the
OpenID -> Resolver registry, and use that resolver when rewriting links.

Now, anyone whose institution has both has an OpenURL resolver and
provides OpenIDs can use our tool, without making any interaction
with us.

The really nice thing is that (at least for us) the OpenID resolver
handles trust issues, proxying requests if necessary. The resolver
doesn't need to be OpenID-aware -- though it would make for a nicer
experience.

Cheers,
-Nate





===
Jeremy Frumkin
The Gray Chair for Innovative Library Services
121 The Valley Library, Oregon State University
Corvallis OR 97331-4501

[EMAIL PROTECTED]

541.737.9928
541.737.3453 (Fax)
541.230.4483 (Cell)
===
" Without ambition one starts nothing. Without work one finishes nothing. "
- Emerson




--
Jonathan Rochkind
Sr. Programmer/Analyst
The Sheridan Libraries
Johns Hopkins University
410.516.8886
rochkind (at) jhu.edu


Re: [CODE4LIB] Using OpenID in libraries

2007-03-26 Thread Jonathan Rochkind

Nathan Vack wrote:

OK, I'll bite:

* We build a registry mapping OpenID providers to OpenURL resolvers.

Yes, I've been thinking along exactly these lines too.

One logical place for this registry to live is in the already existing
OCLC Registry which already includes institutional link resolver
registration. They just need to add a component for individual OpenID
registration to one of the already existing link resovler registrations.

I tried to explain this to someone at OCLC, but they didn't seem to
understand what I was talking about, or the need. Perhaps I was talking
to the wrong person.

Jonathan




* A user comes to our tool for finding licensed material (eg, a
LibraryFind implementation)

* If (by IP, OCLC's link resolver) we know the OpenURL resolver,
rewrite URLs to point at that resolver.

* Otherwise, we punt to an OpenID login form, and look them up in the
OpenID -> Resolver registry, and use that resolver when rewriting links.

Now, anyone whose institution has both has an OpenURL resolver and
provides OpenIDs can use our tool, without making any interaction
with us.

The really nice thing is that (at least for us) the OpenID resolver
handles trust issues, proxying requests if necessary. The resolver
doesn't need to be OpenID-aware -- though it would make for a nicer
experience.

Cheers,
-Nate



--
Jonathan Rochkind
Sr. Programmer/Analyst
The Sheridan Libraries
Johns Hopkins University
410.516.8886
rochkind (at) jhu.edu


Re: [CODE4LIB] Using OpenID in libraries

2007-03-23 Thread William Denton

On 22 March 2007, William Denton wrote:


I hadn't been too clear on OpenID but a week or two ago I listened to a
recording of a talk about that explained it well.  I can't find it
again, unfortunately, but you can take my word for it that it was pretty
good.


It was Simon Willison at the Future of Web Apps conference in London,
England, in February.  See:

   http://simonwillison.net/2007/Mar/12/slidecast/

Bill
--
William Denton, Toronto : miskatonic.org : frbr.org : openfrbr.org


Re: [CODE4LIB] Using OpenID in libraries

2007-03-23 Thread Paul Miller
> Ultimately, I'd hope to see libraries agree on a set of attributes
> for classifying patrons, building registries of trusted providers,
> and using this as basis for offering services outside our own
> institutions. (There's a "Mashing Up The Library" entrant floating
> around in my mind, with this idea as the basis...)

 :-)

Sounds good!  We're about to announce a closing date for the next round of
judging, so now would be a good time to firm that idea up a bit.

And I'll agree with "yay Sxipper", too! - http://tinyurl.com/2tujyj

Paul

--
Dr Paul Miller
Senior Manager & Technology Evangelist, Talis
w: www.talis.com/   m: +44 (7769) 740083
im: [EMAIL PROTECTED] [AIM, MSN and iChat]
skype: napm1971
--

The very latest from Talis
read the latest news at www.talis.com/news
listen to our podcasts www.talis.com/podcasts
see us at these events www.talis.com/events
join the discussion here www.talis.com/forums
join our developer community www.talis.com/tdn
and read our blogs www.talis.com/blogs


Any views or personal opinions expressed within this email may not be those of 
Talis Information Ltd. The content of this email message and any files that may 
be attached are confidential, and for the usage of the intended recipient only. 
If you are not the intended recipient, then please return this message to the 
sender and delete it. Any use of this e-mail by an unauthorised recipient is 
prohibited.


Talis Information Ltd is a member of the Talis Group of companies and is 
registered in England No 3638278 with its registered office at Knights Court, 
Solihull Parkway, Birmingham Business Park, B37 7YB.


Re: [CODE4LIB] Using OpenID in libraries

2007-03-23 Thread Nathan Vack

On Mar 23, 2007, at 2:41 PM, Jeremy Frumkin wrote:


Ok, so this is a good example for where I’m failing to see the
advantage to
OpenID over the current local authentication provided by a
university /
library. Why would I need to use OpenID as opposed to my current
account
that my library provides me? As I understand the current OpenURL
workflow,
OpenURL doesn’t do anything with authentication / authorization – that
happens at the information source or at the institution’s proxy
server.
Again, OpenID doesn’t say anything about trust; it only speaks to
authenticating that I am the owner of my OpenID URI.


In this case, it'd just be a standard (read: potentially browser-
supported, yay Sxipper) way for me to say "I'm with University X."
The experience is nice, and it's really easy to implement.

Honestly though, for this application, you could do the same with a
pulldown menu, or the Google Scholar "Find Library" trick.

Ultimately, I'd hope to see libraries agree on a set of attributes
for classifying patrons, building registries of trusted providers,
and using this as basis for offering services outside our own
institutions. (There's a "Mashing Up The Library" entrant floating
around in my mind, with this idea as the basis...)

Being the owner of an OpenID URI doesn't say anything about trust,
but it *does* give you enough information to build a trust system, as
you also know who issued the ID. You probably don't care that I'm
'njvack,' but you may well care that the University of Wisconsin
*says* I'm 'njvack' -- if you know, a priori, that we're trustworthy.

But for me, the really attractive part is that one really doesn't
need a lot of external support (*cough* Shibboleth *cough*) to start
playing around.

Cheers,
-Nate


Re: [CODE4LIB] Using OpenID in libraries

2007-03-23 Thread Jeremy Frumkin
Ok, so this is a good example for where I¹m failing to see the advantage to
OpenID over the current local authentication provided by a university /
library. Why would I need to use OpenID as opposed to my current account
that my library provides me? As I understand the current OpenURL workflow,
OpenURL doesn¹t do anything with authentication / authorization ­ that
happens at the information source or at the institution¹s proxy server.
Again, OpenID doesn¹t say anything about trust; it only speaks to
authenticating that I am the owner of my OpenID URI.

I¹m truly trying to play devil¹s advocate here; I believe that OpenID is a
step in the right direction, and we even have plans for adding OpenID
support in LibraryFind. I¹m really trying to tease out where the added-value
is ­ and how it might best link up to trust systems.

All that being said, I¹m still good for that beer, Nate. :-)

-- jaf


On 3/23/07 9:20 AM, "Nathan Vack" <[EMAIL PROTECTED]> wrote:

> On Mar 22, 2007, at 10:51 PM, Jeremy Frumkin wrote:
> 
>> > It isn¹t clear to me that there is enough added value to libraries
>> > at this point to adopt OpenID ­ of course, I¹d be glad to buy
>> > someone a beer if they provide a use case to convince me otherwise ;-)
> 
> OK, I'll bite:
> 
> * We build a registry mapping OpenID providers to OpenURL resolvers.
> 
> * A user comes to our tool for finding licensed material (eg, a
> LibraryFind implementation)
> 
> * If (by IP, OCLC's link resolver) we know the OpenURL resolver,
> rewrite URLs to point at that resolver.
> 
> * Otherwise, we punt to an OpenID login form, and look them up in the
> OpenID -> Resolver registry, and use that resolver when rewriting links.
> 
> Now, anyone whose institution has both has an OpenURL resolver and
> provides OpenIDs can use our tool, without making any interaction
> with us.
> 
> The really nice thing is that (at least for us) the OpenID resolver
> handles trust issues, proxying requests if necessary. The resolver
> doesn't need to be OpenID-aware -- though it would make for a nicer
> experience.
> 
> Cheers,
> -Nate
> 


===
Jeremy Frumkin
The Gray Chair for Innovative Library Services
121 The Valley Library, Oregon State University
Corvallis OR 97331-4501
 
[EMAIL PROTECTED]
 
541.737.9928
541.737.3453 (Fax)
541.230.4483 (Cell)
===
" Without ambition one starts nothing. Without work one finishes nothing. "
- Emerson


Re: [CODE4LIB] Using OpenID in libraries

2007-03-23 Thread Nathan Vack

On Mar 22, 2007, at 10:51 PM, Jeremy Frumkin wrote:


It isn’t clear to me that there is enough added value to libraries
at this point to adopt OpenID – of course, I’d be glad to buy
someone a beer if they provide a use case to convince me otherwise ;-)


OK, I'll bite:

* We build a registry mapping OpenID providers to OpenURL resolvers.

* A user comes to our tool for finding licensed material (eg, a
LibraryFind implementation)

* If (by IP, OCLC's link resolver) we know the OpenURL resolver,
rewrite URLs to point at that resolver.

* Otherwise, we punt to an OpenID login form, and look them up in the
OpenID -> Resolver registry, and use that resolver when rewriting links.

Now, anyone whose institution has both has an OpenURL resolver and
provides OpenIDs can use our tool, without making any interaction
with us.

The really nice thing is that (at least for us) the OpenID resolver
handles trust issues, proxying requests if necessary. The resolver
doesn't need to be OpenID-aware -- though it would make for a nicer
experience.

Cheers,
-Nate


Re: [CODE4LIB] Using OpenID in libraries

2007-03-23 Thread Ross Singer

Ah ha!  /That's/ the problem with Shibboleth -- every time anyone tries to
implement it, they say it incorrectly and are subsequently killed, sending
the institution back to square one.

-Ross.

On 3/23/07, David J. Fiander <[EMAIL PROTECTED]> wrote:


Ross!  You're not supposed to actually _say_ it!

- David

On 22-Mar-07, at 23:37 , Ross Singer wrote:

> On 3/22/07, Don McMorris <[EMAIL PROTECTED]> wrote:
>>
>> Ryan's message (I guess seeing "academia") made me think of Athens,
>> which made me further think "Hey, Subscription Databases are just
>> ITCHING for OpenID!".  I mean, come on... The methods we have for
>> database authentication aren't working well...
>
>
> Well, naturally, academia has thought of this and overengineered it to
> death:
>
> http://shibboleth.internet2.edu/
>
> which is why it's taken 7years so far and there is still very few
> implementations.
>
> -Ross.

--
David J. Fiander
Digital Services Librarian




Re: [CODE4LIB] Using OpenID in libraries

2007-03-23 Thread Thomas Dowling
My rule about Shibboleth is that it takes twice as long to implement as
you planned, even if you take this rule into account.  That was funny
when we were in the second year of a one-year implentation timetable.
Now that we're in the fifth year


Thomas Dowling
[EMAIL PROTECTED]



On 3/23/2007 7:12 AM, David J. Fiander wrote:

> Ross!  You're not supposed to actually _say_ it!
>
> - David
>
> On 22-Mar-07, at 23:37 , Ross Singer wrote:
>
>>
>> ...http://shibboleth.internet2.edu/
>>
>> which is why it's taken 7years so far and there is still very few
>> implementations.
>>


Re: [CODE4LIB] Using OpenID in libraries

2007-03-23 Thread Jeremy Frumkin
I believe Andy Powell wrote up a blog entry on this possibility...

Yep, he did ­ it¹s aat
http://efoundations.typepad.com/efoundations/2007/01/repositories_an.html

-- jaf



On 3/22/07 9:16 PM, "Harrison Dekker" <[EMAIL PROTECTED]> wrote:

> I haven't seen this mentioned yet, but it seems to me that another possible
> application of OpenID might be to uniquely digital identifier for authors.
> In other words, the OpenID could serve as a basis for a sort of open access
> authority control service (in addition to the obvious single sign-on
> purpose)
> 
> Harrison
> 
> On 3/22/07, William Denton <[EMAIL PROTECTED]> wrote:
>> >
>> > I hadn't been too clear on OpenID but a week or two ago I listened to a
>> > recording of a talk about that explained it well.  I can't find it again,
>> > unfortunately, but you can take my word for it that it was pretty good.
>> >
>> > Is OpenID being used in libraries?  It struck me that it could work well
>> > for library systems that share resources: two systems that are part of the
>> > same consortium or provincial/state system; two neighbouring public
>> > systems that let people from one borrow at the other; academic libraries
>> > that want to make it easy for visiting profs and grad students to get
>> > temporary access to online resources; etc.
>> >
>> > Say I live in Lower Mowat but one day I'm in Upper Mowat, in the next
>> > municipality (or county, or whatever) over, visiting my tailor.  The two
>> > library systems are separate but share their resources.  I pop into the
>> > library to update my Twittering friends on my inseam measurement.  I don't
>> > actually have an account at the Upper Mowat Library, but I log in to one
>> > of their computers using my Lower Mowat-supplied OpenID identifier, and
>> > the Upper Mowat system recognizes where I'm from and gives me access to
>> > everything.
>> >
>> > Bill
>> > --
>> > William Denton, Toronto : miskatonic.org : frbr.org : openfrbr.org
>> >
> 
> 
> 
> --
> Harrison Dekker
> Coordinator of Data Services
> Doe/Moffitt Libraries, UC Berkeley
> 


-- jaf

===
Jeremy Frumkin
The Gray Chair for Innovative Library Services
121 The Valley Library, Oregon State University
Corvallis OR 97331-4501
 
[EMAIL PROTECTED]
 
541.737.9928
541.737.3453 (Fax)
541.230.4483 (Cell)
===
" Without ambition one starts nothing. Without work one finishes nothing. "
- Emerson


Re: [CODE4LIB] Using OpenID in libraries

2007-03-23 Thread David J. Fiander

Ross!  You're not supposed to actually _say_ it!

- David

On 22-Mar-07, at 23:37 , Ross Singer wrote:


On 3/22/07, Don McMorris <[EMAIL PROTECTED]> wrote:


Ryan's message (I guess seeing "academia") made me think of Athens,
which made me further think "Hey, Subscription Databases are just
ITCHING for OpenID!".  I mean, come on... The methods we have for
database authentication aren't working well...



Well, naturally, academia has thought of this and overengineered it to
death:

http://shibboleth.internet2.edu/

which is why it's taken 7years so far and there is still very few
implementations.

-Ross.


--
David J. Fiander
Digital Services Librarian


Re: [CODE4LIB] Using OpenID in libraries

2007-03-23 Thread susan rector

i can see many library administrators being skeptical about openid...
at my library we're actively looking at shibboleth. i don't know enough
about either one yet to speak intelligently about them,
but..doesn't shibboleth operate similarly to openid?

cheers,
susan


Susan Teague Rector
Library Information Systems
Web Applications Manager
VCU Libraries
804-828-0032
[EMAIL PROTECTED]


Jeremy Frumkin wrote:

While OpenID has potential within certain contexts, I have difficulty seeing
it being quickly adopted by libraries, universities, or other entities that
need to relate real identities to an OpenID. OpenID doesn¹t do trust; it
explicitly says it is not a trust system. For libraries to adopt OpenID,
they need to somehow link OpenID to a trust system. It isn¹t clear to me
that there is enough added value to libraries at this point to adopt OpenID
­ of course, I¹d be glad to buy someone a beer if they provide a use case to
convince me otherwise ;-)

-- jaf



On 3/22/07 8:37 PM, "Ross Singer" <[EMAIL PROTECTED]> wrote:



On 3/22/07, Don McMorris <[EMAIL PROTECTED]> wrote:


Ryan's message (I guess seeing "academia") made me think of Athens,
which made me further think "Hey, Subscription Databases are just
ITCHING for OpenID!".  I mean, come on... The methods we have for
database authentication aren't working well...


Well, naturally, academia has thought of this and overengineered it to
death:

 http://shibboleth.internet2.edu/

which is why it's taken 7years so far and there is still very few
implementations.

-Ross.






===
Jeremy Frumkin
The Gray Chair for Innovative Library Services
121 The Valley Library, Oregon State University
Corvallis OR 97331-4501

[EMAIL PROTECTED]

541.737.9928
541.737.3453 (Fax)
541.230.4483 (Cell)
===
" Without ambition one starts nothing. Without work one finishes nothing. "
- Emerson



Re: [CODE4LIB] Using OpenID in libraries

2007-03-23 Thread Edward Summers

On Mar 23, 2007, at 1:21 AM, Alexander Johannesen wrote:

I suspect most of our patrons are in the latter category, but hey,
we're going to implement
OpenID cross-system soon so at least we're trying. :)


I think experimentation and research are needed in the application of
openid in libraries...so it's good to hear you are trying. Please
consider publishing your findings if you haven't already.

//Ed


Re: [CODE4LIB] Using OpenID in libraries

2007-03-23 Thread Harrison Dekker

I haven't seen this mentioned yet, but it seems to me that another possible
application of OpenID might be to uniquely digital identifier for authors.
In other words, the OpenID could serve as a basis for a sort of open access
authority control service (in addition to the obvious single sign-on
purpose)

Harrison

On 3/22/07, William Denton <[EMAIL PROTECTED]> wrote:


I hadn't been too clear on OpenID but a week or two ago I listened to a
recording of a talk about that explained it well.  I can't find it again,
unfortunately, but you can take my word for it that it was pretty good.

Is OpenID being used in libraries?  It struck me that it could work well
for library systems that share resources: two systems that are part of the
same consortium or provincial/state system; two neighbouring public
systems that let people from one borrow at the other; academic libraries
that want to make it easy for visiting profs and grad students to get
temporary access to online resources; etc.

Say I live in Lower Mowat but one day I'm in Upper Mowat, in the next
municipality (or county, or whatever) over, visiting my tailor.  The two
library systems are separate but share their resources.  I pop into the
library to update my Twittering friends on my inseam measurement.  I don't
actually have an account at the Upper Mowat Library, but I log in to one
of their computers using my Lower Mowat-supplied OpenID identifier, and
the Upper Mowat system recognizes where I'm from and gives me access to
everything.

Bill
--
William Denton, Toronto : miskatonic.org : frbr.org : openfrbr.org





--
Harrison Dekker
Coordinator of Data Services
Doe/Moffitt Libraries, UC Berkeley


Re: [CODE4LIB] Using OpenID in libraries

2007-03-23 Thread Alexander Johannesen

On 3/23/07, Jeremy Frumkin <[EMAIL PROTECTED]> wrote:

While OpenID has potential within certain contexts, I have difficulty seeing
it being quickly adopted by libraries, universities, or other entities that
need to relate real identities to an OpenID. OpenID doesn¹t do trust; it
explicitly says it is not a trust system. For libraries to adopt OpenID,
they need to somehow link OpenID to a trust system. It isn¹t clear to me
that there is enough added value to libraries at this point to adopt OpenID
­ of course, I¹d be glad to buy someone a beer if they provide a use case to
convince me otherwise ;-)


I can only offer you a beer of agreement; OpenID is fantastic for
geeks who can control their online environment, but hopeless for
normal people. The only trust given in the system is based on the
trust of the ID source, and in many cases that's just as hard to come
by in new shapes as it has been in the past. For *me* OpenID is
fantastic, but for my wife it means nothing. I suspect most of our
patrons are in the latter category, but hey, we're going to implement
OpenID cross-system soon so at least we're trying. :)


Alex
--
---
Project Wrangler, SOA, Information Alchymist, UX, RESTafarian, Topic Maps
-- http://shelter.nu/blog/ 


Re: [CODE4LIB] Using OpenID in libraries

2007-03-22 Thread Jeremy Frumkin
While OpenID has potential within certain contexts, I have difficulty seeing
it being quickly adopted by libraries, universities, or other entities that
need to relate real identities to an OpenID. OpenID doesn¹t do trust; it
explicitly says it is not a trust system. For libraries to adopt OpenID,
they need to somehow link OpenID to a trust system. It isn¹t clear to me
that there is enough added value to libraries at this point to adopt OpenID
­ of course, I¹d be glad to buy someone a beer if they provide a use case to
convince me otherwise ;-)

-- jaf



On 3/22/07 8:37 PM, "Ross Singer" <[EMAIL PROTECTED]> wrote:

> On 3/22/07, Don McMorris <[EMAIL PROTECTED]> wrote:
>> >
>> > Ryan's message (I guess seeing "academia") made me think of Athens,
>> > which made me further think "Hey, Subscription Databases are just
>> > ITCHING for OpenID!".  I mean, come on... The methods we have for
>> > database authentication aren't working well...
> 
> 
> Well, naturally, academia has thought of this and overengineered it to
> death:
> 
>  http://shibboleth.internet2.edu/
> 
> which is why it's taken 7years so far and there is still very few
> implementations.
> 
> -Ross.
> 



===
Jeremy Frumkin
The Gray Chair for Innovative Library Services
121 The Valley Library, Oregon State University
Corvallis OR 97331-4501
 
[EMAIL PROTECTED]
 
541.737.9928
541.737.3453 (Fax)
541.230.4483 (Cell)
===
" Without ambition one starts nothing. Without work one finishes nothing. "
- Emerson


Re: [CODE4LIB] Using OpenID in libraries

2007-03-22 Thread Ross Singer

On 3/22/07, Don McMorris <[EMAIL PROTECTED]> wrote:


Ryan's message (I guess seeing "academia") made me think of Athens,
which made me further think "Hey, Subscription Databases are just
ITCHING for OpenID!".  I mean, come on... The methods we have for
database authentication aren't working well...



Well, naturally, academia has thought of this and overengineered it to
death:

http://shibboleth.internet2.edu/

which is why it's taken 7years so far and there is still very few
implementations.

-Ross.


Re: [CODE4LIB] Using OpenID in libraries

2007-03-22 Thread David J. Fiander

On 22-Mar-07, at 22:51 , Don McMorris wrote:



Now, if Novelist implemented OpenID, I could simply go straight there
(whether or not I've ever been there), I can just go to the Novelist
web site and enter the OpenID that I've set up with my library.  1
step, 1 set of credentials.  All is good.


Of course, this implies that I need a separate OpenID for ever
institution with which I'm affilliated, which kinda defeats the
purpose of the OpenID, I think.

- David

--
David J. Fiander
Digital Services Librarian


Re: [CODE4LIB] Using OpenID in libraries

2007-03-22 Thread Don McMorris

Ryan's message (I guess seeing "academia") made me think of Athens,
which made me further think "Hey, Subscription Databases are just
ITCHING for OpenID!".  I mean, come on... The methods we have for
database authentication aren't working well...

1) authenticating to a proxy and browsing the database through it:
Extra bandwidth is needed, meaning additional cost
2) HTTP_REFERER: Lots of firewalls are blocking this... not to mention
the need to click about 3+ layers of links and potentially entering a
library card number before using the resource
3) Registering a service-specific user ID in the library or remote via
method 1 or 2: Who wants another username/password?

Here's a scenario: I want to access Novelist.  So, I go to my library
web site.  I disable my firewall so that HTTP_REFERER will be passed
on.  I dig out my library card and enter the number on Ebsco's page.
I'm finally where I want to be...

Now, if Novelist implemented OpenID, I could simply go straight there
(whether or not I've ever been there), I can just go to the Novelist
web site and enter the OpenID that I've set up with my library.  1
step, 1 set of credentials.  All is good.

And, this could potentially be expanded so that if my patron is
delinquent, the database can deny him access!

Now, come on... who doesn't think OpenID would be GREAT for
subscription databases?

On 3/22/07, Ryan Eby <[EMAIL PROTECTED]> wrote:

I haven't seen much in library world outside of some talk/discussion.
I did come across one academia that did implement it:

http://blog.case.edu/jms18/2007/03/09/openid_server_integrated_with_cas

Not sure if it's taken off much otherwise in the academic or public
sector. I think quite a few are lucky to get any authentication
working well.

Ryan

On 3/22/07, William Denton <[EMAIL PROTECTED]> wrote:
> I hadn't been too clear on OpenID but a week or two ago I listened to a
> recording of a talk about that explained it well.  I can't find it again,
> unfortunately, but you can take my word for it that it was pretty good.
>
> Is OpenID being used in libraries?  It struck me that it could work well
> for library systems that share resources: two systems that are part of the
> same consortium or provincial/state system; two neighbouring public
> systems that let people from one borrow at the other; academic libraries
> that want to make it easy for visiting profs and grad students to get
> temporary access to online resources; etc.
>
> Say I live in Lower Mowat but one day I'm in Upper Mowat, in the next
> municipality (or county, or whatever) over, visiting my tailor.  The two
> library systems are separate but share their resources.  I pop into the
> library to update my Twittering friends on my inseam measurement.  I don't
> actually have an account at the Upper Mowat Library, but I log in to one
> of their computers using my Lower Mowat-supplied OpenID identifier, and
> the Upper Mowat system recognizes where I'm from and gives me access to
> everything.
>
> Bill
> --
> William Denton, Toronto : miskatonic.org : frbr.org : openfrbr.org
>



Re: [CODE4LIB] Using OpenID in libraries

2007-03-22 Thread David J. Fiander

On 22-Mar-07, at 22:09 , William Denton wrote:

Say I live in Lower Mowat but one day I'm in Upper Mowat, in the next
municipality (or county, or whatever) over, visiting my tailor.
The two
library systems are separate but share their resources.  I pop into
the
library to update my Twittering friends on my inseam measurement.
I don't
actually have an account at the Upper Mowat Library, but I log in
to one
of their computers using my Lower Mowat-supplied OpenID identifier,
and
the Upper Mowat system recognizes where I'm from and gives me
access to
everything.


Bill, this sounds intriguing.  The hard part of this process will be
federating the patron databases into the OpenID framework.

Right now some ILSs support querying an external LDAP server to
authenticate patrons (III does this for logging in to the opac to
place holds, for example), and some external systems support querying
the patron database to authenticate (certain wireless access points
and internet terminal management systems do this).

So, when I walk in to my library and set up my library account,
instead of them giving me a PIN with which to log in, I give them my
OpenID (they might still give me a PIN, so people without OpenIDs can
use the system, but I'll ignore it).  Then, when I attempt to access
services, I will select the "log in with my OpenID" option, it will
pass off to the OpenID infrastructure, which will return 'aye' or
'nay', and then I'll be in, and the ILS will look up my authenticated
OpenID in the patron database to find out how much money I owe in fines.

It's not clear to me that NCIP comes in to the process, since that's
a different (very heavy) way of passing authentication information
around that I don't think fits well with the OpenID framework, but
that something that I've have to look deeper into.

- David

--
David J. Fiander
Digital Services Librarian


Re: [CODE4LIB] Using OpenID in libraries

2007-03-22 Thread Ross Singer

Bill,

I have thought about this (although not in regards to logging library
workstations -- that'd be difficult but awesome), especially now that
Georgia Tech is implementing lifetime accounts.  The project that we are
currently trying to pull together (GaTher -- which is sort of a library
building/citation management tool, although a bit more sophisticated than
that) intends to use OpenID to allow people to invite non-GT people into
their GaTher groups.  Now that accounts here are permanent, a GT person can
use their GT OpenID without fear of losing their identity when they
graduate/move on.

-Ross.

On 3/22/07, William Denton <[EMAIL PROTECTED]> wrote:


I hadn't been too clear on OpenID but a week or two ago I listened to a
recording of a talk about that explained it well.  I can't find it again,
unfortunately, but you can take my word for it that it was pretty good.

Is OpenID being used in libraries?  It struck me that it could work well
for library systems that share resources: two systems that are part of the
same consortium or provincial/state system; two neighbouring public
systems that let people from one borrow at the other; academic libraries
that want to make it easy for visiting profs and grad students to get
temporary access to online resources; etc.

Say I live in Lower Mowat but one day I'm in Upper Mowat, in the next
municipality (or county, or whatever) over, visiting my tailor.  The two
library systems are separate but share their resources.  I pop into the
library to update my Twittering friends on my inseam measurement.  I don't
actually have an account at the Upper Mowat Library, but I log in to one
of their computers using my Lower Mowat-supplied OpenID identifier, and
the Upper Mowat system recognizes where I'm from and gives me access to
everything.

Bill
--
William Denton, Toronto : miskatonic.org : frbr.org : openfrbr.org




Re: [CODE4LIB] Using OpenID in libraries

2007-03-22 Thread Carol Bean

That would work if both (or all) library systems shared access to the
same online resources equally.

Or I suppose one could have a system of automatic forwarding/
authentication based on id?  That would be cool, but I wonder how
hard would it be to implement?

Here in Florida, the State Library provides state-wide access to a
lot of online resources.  Some libraries have more, based on their
own subscriptions, but access to the basic level provided by the
State Library is free for everyone who has a library card.  Not
exactly the same idea, but it is an example of an overarching agency
providing more or less seamless access.

Carol Bean

On Mar 22, 2007, at 10:09 PM, William Denton wrote:


I hadn't been too clear on OpenID but a week or two ago I listened
to a
recording of a talk about that explained it well.  I can't find it
again,
unfortunately, but you can take my word for it that it was pretty
good.

Is OpenID being used in libraries?  It struck me that it could work
well
for library systems that share resources: two systems that are part
of the
same consortium or provincial/state system; two neighbouring public
systems that let people from one borrow at the other; academic
libraries
that want to make it easy for visiting profs and grad students to get
temporary access to online resources; etc.

Say I live in Lower Mowat but one day I'm in Upper Mowat, in the next
municipality (or county, or whatever) over, visiting my tailor.
The two
library systems are separate but share their resources.  I pop into
the
library to update my Twittering friends on my inseam measurement.
I don't
actually have an account at the Upper Mowat Library, but I log in
to one
of their computers using my Lower Mowat-supplied OpenID identifier,
and
the Upper Mowat system recognizes where I'm from and gives me
access to
everything.

Bill
--
William Denton, Toronto : miskatonic.org : frbr.org : openfrbr.org


Re: [CODE4LIB] Using OpenID in libraries

2007-03-22 Thread Ryan Eby

I haven't seen much in library world outside of some talk/discussion.
I did come across one academia that did implement it:

http://blog.case.edu/jms18/2007/03/09/openid_server_integrated_with_cas

Not sure if it's taken off much otherwise in the academic or public
sector. I think quite a few are lucky to get any authentication
working well.

Ryan

On 3/22/07, William Denton <[EMAIL PROTECTED]> wrote:

I hadn't been too clear on OpenID but a week or two ago I listened to a
recording of a talk about that explained it well.  I can't find it again,
unfortunately, but you can take my word for it that it was pretty good.

Is OpenID being used in libraries?  It struck me that it could work well
for library systems that share resources: two systems that are part of the
same consortium or provincial/state system; two neighbouring public
systems that let people from one borrow at the other; academic libraries
that want to make it easy for visiting profs and grad students to get
temporary access to online resources; etc.

Say I live in Lower Mowat but one day I'm in Upper Mowat, in the next
municipality (or county, or whatever) over, visiting my tailor.  The two
library systems are separate but share their resources.  I pop into the
library to update my Twittering friends on my inseam measurement.  I don't
actually have an account at the Upper Mowat Library, but I log in to one
of their computers using my Lower Mowat-supplied OpenID identifier, and
the Upper Mowat system recognizes where I'm from and gives me access to
everything.

Bill
--
William Denton, Toronto : miskatonic.org : frbr.org : openfrbr.org



Re: [CODE4LIB] Using OpenID in libraries

2007-03-22 Thread Don McMorris

So far, I haven't heard much about OpenID in libraries.  It will
change, I'm sure.  Once you get past the bureaucracy(sp?),
OpenID+Z39.83(NCIP) will make libraries' pretty much borderless.

Especially now that Evergreen is going to force commercial ILS
vendors' to make their systems worth their cost ;)

--Don

On 3/22/07, William Denton <[EMAIL PROTECTED]> wrote:

I hadn't been too clear on OpenID but a week or two ago I listened to a
recording of a talk about that explained it well.  I can't find it again,
unfortunately, but you can take my word for it that it was pretty good.

Is OpenID being used in libraries?  It struck me that it could work well
for library systems that share resources: two systems that are part of the
same consortium or provincial/state system; two neighbouring public
systems that let people from one borrow at the other; academic libraries
that want to make it easy for visiting profs and grad students to get
temporary access to online resources; etc.

Say I live in Lower Mowat but one day I'm in Upper Mowat, in the next
municipality (or county, or whatever) over, visiting my tailor.  The two
library systems are separate but share their resources.  I pop into the
library to update my Twittering friends on my inseam measurement.  I don't
actually have an account at the Upper Mowat Library, but I log in to one
of their computers using my Lower Mowat-supplied OpenID identifier, and
the Upper Mowat system recognizes where I'm from and gives me access to
everything.

Bill
--
William Denton, Toronto : miskatonic.org : frbr.org : openfrbr.org