Post on 07-May-2015
description
transcript
Digital Library
Home
Access: User
Validation, E- Resources
Proxying
and
Federation
Sevilla february
20-21, 2008
Andalusian
Public
Health
System
Virtual Library
Francisco Fernández Ordoñez, francisco.fernandez.ord@juntadeandalucia.esFrancisco Jesús Jordano, franciscoj.jordano@juntadeandalucia.es
1. Goal
To
grant
user
access
to
e-resources
from
everywhere.
2. Initial
stage
•
Andalusian
Public
Health
System
staff: 92.070 professionals
•
The
Health
professionals
we
serve
works
for
15 different
institutions, including
hospitals, primary
care
centers, research
centers, training institutions, etc.
•
Every
Institution
operates
their
own
human resources
department
and
IT systems.
•
Andalusian
Public
Health
System
Institutions:
1.
Servicio Andaluz de Salud (SAS). 83.000 professionals, 29 hospitals
and
1452 primary
care
centers.
2.
Consejería y Delegaciones Provinciales de Salud.
3.
Empresa Pública de Emergencias Sanitarias.
4.
Empresa Pública Hospital Costa del Sol.
5.
Empresa Pública Hospital de Poniente.
6.
Empresa Pública Hospital Alto Guadalquivir.
7.
Empresa Pública Sanitaria Bajo Guadalquivir.
8.
Escuela Andaluza de Salud Pública.
9.
Fundación Progreso y Salud.
10.
Fundación Andaluza para la Integración Social del Enfermo Mental.
11.
Fundación Iavante.
12.
Agencia de Evaluación de Tecnologías Sanitarias de Andalucía.
13.
Agencia de Calidad Sanitaria de Andalucía.
14.
Cabimer.
15.
Bancelan.
3. User
Validation
system
-
requirements
•
Ready
available
for
every
Andalusian
Public
Health
System
staff.
•
Do not
duplicate
existing
LDAP directories, human resources
databases, etc.
•
No software installation
required, the
solution
must
allow
access
just
using
a web
browser
(Firefox, Explorer, Opera, etc).
•
Single Sign-On:
The
ability
of
a single user
to
access
multiple
applications, information
providers, using
a single form
of
authentication, such
as a username/password.
•
Secure: no unauthorized
access, no user
and
password
sharing.
•
Auditing
and
reporting
facilites:
solution
stores
all
web
access
and
identity
logs
in one
location
4. User
Validation
system
-
key
idea
•
BV-SSPA user
validation
system
intends
to
keep
authentication
as an
issue
local to
the
organization
the
user
belongs
to.
•
BV-SSPA trusts and
accept
identity
and
authentication
information
established
by Andalusian
Public
Health
System
Institutions.
•
Delegated
Identity
Administration,
the
solution
have
the
ability
to
delegate
administration
of
identity
information
across
corporate
boundaries.
Federated
Identity
Management
5. User
Validation
system
–
how does
it
works
6. User
Validation
system
–
PAPI software
•
PAPI (Access Point
to
Information
Providers) is
a system
for
providing
access
control to
restricted
information
resources
across
the
Internet.
•
PAPI is
distributed
as free software. There
are implementations
of
the
PAPI components
in Java, Perl
and
PHP.
•
PAPI is
developed, maintained
and
supported
for
RedIRIS Spanish
National
Research
Network (http://www.rediris.es/index.en.html)
•
PAPI is
available
at: http://papi.rediris.es/
e-resources proxying
access management
identity management
3. e-Resources
Proxying
Users
want
access
e-Resources
regardless
of
their
location
•
E-Resources
publishers
usually
offer
several
alternatives
to
control access
to
their
producs.
•
In enviroments
with
a huge
amount
of
users, like
SSPA, the
mos
extended validation
method
is
IP control.•
This
IP control forces
our
users
to
connect
to
e-resources
through
a limited
number
of
computers, avoiding
the
ubiquitous
access
to
information.
INTR
AN
ET
PROVIDER Y
PUBLISHER X
HOME
3. e-Resources
Proxying
What
are the
alternatives?
•
To
resolve
this
problem
there
are diferent
alternatives: VPNs, propietary
products, information
replication, etc.
•
Finally
we
adopted
the
rewriting
proxy
solution
provided
by the
PAPI
system.
•
Some
of
the
features
of
this
solutions
are:
•
Integartion
with
PAPI Single Sign
On
system.
•
No aditional
software
is
needed. The
final user
can access
resources
from
home, a cybercafe, movil
device, etc.
•
This
solution
is
based
on
the
HTTP standard
protocol, so access
is
granted
to
any
browser.
•
PAPI is
a Open Source
solution, we
can adapt
it
to
our
needs, get
updates
from
the
comunity
and
participate
on
it.
3. e-Resources
Proxying
What
is
a rewriting
proxy
(I)?
•
A rewriting
proxy
is
a mediator
between
the
user
and
final resources.
•
Access to
e-resources
won´t
be made directly
to
the
publisher´s
website.
•
This
mediator will
manage
the
e-resource
application
and
will
show to
the
final user
the
result.
•
In addition
this
mediator changes
the
HTML source, and
the
links from
the
original source
are transformed
to
point
to
this
mediator.
•
The
mediator is
accesible regardless
user´s
localization, and
it´s
protected
by PAPI.
3
3. e-Resources
proxying
What
is
a rewriting
proxy
(II)?
•
Users
inside
intranet still
can access
resources
directly.
•
Now
there
is
a point
of
access
to
information
for
SSPA users
outside
intranet.
PUBLISHER X
PROVIDER YINTR
AN
ET
BV-SSPA
HOME
3. e-Resources
Proxying
Providers, publishers, resources
•
Our
goal: give
user
access
to
resources
engage
with
publishers.
•
There
is
another
actor: providers.
•
We
have
to
write
mediators
for
providers
too, and
make
this
providers
transform
HTML for
final publisher
into
their
own
mediators.
6
7
3. e-Resources
Proxying
•
Let´s
see
a demo
thank
you
www.juntadeandalucia.es/salud/bibliotecavirtual