Endeavor – Yale Partnership: Network Security Program Interface
Phase 1: Patron Web Service Authentication Requirements
The Orbis 2 system will be providing worldwide web access to patron information considered sensitive by the library and its patrons. The system will also provide web access to patron initiated activities, previously requiring staff intervention. The services must be provided in such a way as to assure patrons of their privacy, and assure the library that only legitimate patrons are being served.
A limited working system for access to patron information, based on the NOTIS Patron Empowerment product is currently in use by the library, and presently provides an acceptable level of privacy and authentication. The new system must meet or exceed the expectations set by the current system. Specifically:
Finally, it is essential that the Orbis 2 authentication system make use of, and interoperate with the infrastructure of authentication services maintained by the university, which extends the features mentioned above to multiple secure computer services in a common way.
The library authentication system must work with the standard form of identification supported by the university, if provided. This form is designated the "netid". Where the standard form of identification is not available (as with temporary patrons), a single additional form of identification, administered by the library must be supported.
The model used by the current library authentication system, and extended by the university authentication infrastructure is the "trusted third party" with secure access to university supplied authentication information.
The university maintains a central database, which contains identification information about university students, faculty, and staff, and a trusted service, designated the "Central Authentication Service," (CAS: http://www.yale.edu/tp/auth/ ) which provides secure access to that information.
In order to made use of the CAS, a potential user or service must have web access, and support the https protocol. Information is passed between the user’s browser, the web service, and the CAS server in the "POST" form of https requests..
The library system must also support direct entry of library patron identification without use of the CAS. This is necessary for patrons, such as visiting scholars, who do not have an institutional identifier. The library will generate, and supply to those patrons, barcode numbers that do not, in themselves represent sensitive information. Patrons with such library generated identification will use the standard Voyager sign in process, which will, however, be encrypted to prevent snooping.
It is likely that as other institutions develop their own authentication schemes, and as various public authentication services come into existence, it will be possible or necessary to include them in the preceding process. Therefore, although a single authentication service is described, the implementation should make it possible for each patron, or patron class to be authenticated by a different service. This will also entail the ability to initiate secure sessions with more than one authenticator.
Relative to the existing Voyager interface for web security, it is possible to list some changes that will be required to implement the preceding process:
Return to Orbis2 Implementation Site