****Apologies for cross-posting****
Dear Colleagues,
Several weeks ago I posted a message to various mailing lists asking how
institutions in the UK (particularly HE academic libraries) who are
offering remote access to electronic resources are authenticating users
remotely, particularly for resources that can not be authenticated via
ATHENS. I am particularly interested in those that are using IP
authentication via a proxy server.
(see Jiscmail archives 6th June 2001)
Thank you for all those people who responded to my enquiry, and please
accept my apologies if I was not able to respond to you individually.
9 institutions responded to my request.
6 of those institutions were interested in the survey results.
2 institutions offered information about trials they had undertaken.
The other institution was ATHENS / EDUSERV.
From the responses I received I understand that (even if the response
didn't come directly from the particular institution but via another
institution) that:
Institutions Trialing / Using EZ Proxy:
*Middlesex University (trialing)
*University of Hertfordshire
*South Bank University
*London Business School (using since Autumn 2000)
Other products:
*Warwick (have been using a proxy server for sometime - no details)
*University of Kent at Canterbury using Ultra Access
*Anglia Polytechnic University (Rivermead Library) - Testing Apache and Squid
*Chester College of HE (Intranet based proxy)
Particular comments:
*Open University
They had posted a similar survey at the end of 2000. 11 libraries had
responded, but all but one wanted the results of the survey as they were
thinking of doing something similar.
*EZ Proxy
Well supported, modest cost, clear development/enhancements strategy, good
logging facilities that use web log standard formats. The only slight
downside was a documentated problem with its port numbers used for proxying
sessions with different hosts. This will mean problems for users from
inside organisations deploying firewalls that block HTTP requests if not on
standard port 80 for example. However, there is a stable EZP beta that a
number of sites are using which works around this issue rather well. It
does require a DNS entry "tweak" that has to be accepted by organisational
network admins, but this is not usually a problem in practice.
It does not require the user to reconfigure their browser. It is also well
established in the US and the feedback is very positive. Firewalls do not
seem to be a general problem.
NESLI licences explicitly allow for this kind of use, and most vendors
would be used to proxy users in the US.
*Athens
They have been able to adapt Athens to meet similar needs of other
organisations. For example we have a single password sign-on gateway which
has been implemented specifically for the
NHS-NET user community and another variation of this approach which has
been running very successfully at an Australian University for over 2
years. This gateway was specifically implemented to enable all their
overseas students to access both on-site and off-site (e.g publisher
hosted) subscription services. We are also developing a portal version of
the Athens technology that will allow single sign-on in a portal
environment. This will be available later this year.
*Intranet based proxy
Our I.T. department have set-up IP authentication via proxy server for
electronic databases and journals. Basically users can login to our
intranet from anywhere in the world and are then able to access IP
protected resources.
By and large it works e.g. Catchword, InfoTrac, Science Direct, C.U.P.,
O.U.P. and Blackwell's Synergy. However, some resources e.g. Webspirs
require an additional login and password
for distance access. This is manageable because we all use the same login
and password, which are displayed next to the resource link on the intranet.
Athens resources via proxy server can be more difficult. Most are okay e.g.
Ingenta, PsycInfo, BEI/Eric - students just click on the resource link on
the intranet and login using their Athens Personal Account. However, Web of
Science will not work via proxy. We display the mimas web address and they
have to go directly to that url, by-passing the intranet and proxy-server.
*Apache
It worked well enough, until the website threw you a redirect, at which
point it all went very
wrong.
*Squid
Squid was more complex to get running, but it worked perfectly after some
head scratching over the Config file. It handled all the journals and usual
stuff exactly as if you were logging in via the university network.
Squid uses an external program to get it's authentication. Squid itself has
the mechanisms to say yes or no, and that's about it. You call an external
program ( whichever one you wish ) to do the verification bit. If you want
to use IP find an IP auth program. Compile it and point squid at it. In
theory it's as simple as that. Our initial test service worked via both a
Local and Remote .htpasswd file.
I hope that this information is useful,
Kind Regards
Sally Chambers
Sally Chambers
Electronic Library Project Officer
University of London Library
Senate House
Malet Street
London, WC1E 7HU
Telephone (020) 7862 8482
Email [log in to unmask]
|