Digital Library

Home

Access: User

Validation, E- Resources

Proxying

and

Federation

Sevilla february

20-21, 2008

Andalusian

Public

Health

System

Virtual Library

Francisco Fernández Ordoñez, francisco.fernandez.ord@juntadeandalucia.esFrancisco Jesús Jordano, franciscoj.jordano@juntadeandalucia.es

1. Goal

To

grant

user

access

to

e-resources

from

everywhere.

2. Initial

stage

•

Andalusian

Public

Health

System

staff: 92.070 professionals

•

The

Health

professionals

we

serve

works

for

15 different

institutions, including

hospitals, primary

care

centers, research

centers, training institutions, etc.

•

Every

Institution

operates

their

own

human resources

department

and

IT systems.

•

Andalusian

Public

Health

System

Institutions:

1.

Servicio Andaluz de Salud (SAS). 83.000 professionals, 29 hospitals

and

1452 primary

care

centers.

2.

Consejería y Delegaciones Provinciales de Salud.

3.

Empresa Pública de Emergencias Sanitarias.

4.

Empresa Pública Hospital Costa del Sol.

5.

Empresa Pública Hospital de Poniente.

6.

Empresa Pública Hospital Alto Guadalquivir.

7.

Empresa Pública Sanitaria Bajo Guadalquivir.

8.

Escuela Andaluza de Salud Pública.

9.

Fundación Progreso y Salud.

10.

Fundación Andaluza para la Integración Social del Enfermo Mental.

11.

Fundación Iavante.

12.

Agencia de Evaluación de Tecnologías Sanitarias de Andalucía.

13.

Agencia de Calidad Sanitaria de Andalucía.

14.

Cabimer.

15.

Bancelan.

3. User

Validation

system

-

requirements

•

Ready

available

for

every

Andalusian

Public

Health

System

staff.

•

Do not

duplicate

existing

LDAP directories, human resources

databases, etc.

•

No software installation

required, the

solution

must

allow

access

just

using

a web

browser

(Firefox, Explorer, Opera, etc).

•

Single Sign-On:

The

ability

of

a single user

to

access

multiple

applications, information

providers, using

a single form

of

authentication, such

as a username/password.

•

Secure: no unauthorized

access, no user

and

password

sharing.

•

Auditing

and

reporting

facilites:

solution

stores

all

web

access

and

identity

logs

in one

location

4. User

Validation

system

-

key

idea

•

BV-SSPA user

validation

system

intends

to

keep

authentication

as an

issue

local to

the

organization

the

user

belongs

to.

•

BV-SSPA trusts and

accept

identity

and

authentication

information

established

by Andalusian

Public

Health

System

Institutions.

•

Delegated

Identity

Administration,

the

solution

have

the

ability

to

delegate

administration

of

identity

information

across

corporate

boundaries.

Federated

Identity

Management

5. User

Validation

system

–

how does

it

works

6. User

Validation

system

–

PAPI software

•

PAPI (Access Point

to

Information

Providers) is

a system

for

providing

access

control to

restricted

information

resources

across

the

Internet.

•

PAPI is

distributed

as free software. There

are implementations

of

the

PAPI components

in Java, Perl

and

PHP.

•

PAPI is

developed, maintained

and

supported

for

RedIRIS Spanish

National

Research

Network (http://www.rediris.es/index.en.html)

•

PAPI is

available

at: http://papi.rediris.es/

e-resources proxying

access management

identity management

3. e-Resources

Proxying

Users

want

access

e-Resources

regardless

of

their

location

•

E-Resources

publishers

usually

offer

several

alternatives

to

control access

to

their

producs.

•

In enviroments

with

a huge

amount

of

users, like

SSPA, the

mos

extended validation

method

is

IP control.•

This

IP control forces

our

users

to

connect

to

e-resources

through

a limited

number

of

computers, avoiding

the

ubiquitous

access

to

information.

INTR

AN

ET

PROVIDER Y

PUBLISHER X

HOME

3. e-Resources

Proxying

What

are the

alternatives?

•

To

resolve

this

problem

there

are diferent

alternatives: VPNs, propietary

products, information

replication, etc.

•

Finally

we

adopted

the

rewriting

proxy

solution

provided

by the

PAPI

system.

•

Some

of

the

features

of

this

solutions

are:

•

Integartion

with

PAPI Single Sign

On

system.

•

No aditional

software

is

needed. The

final user

can access

resources

from

home, a cybercafe, movil

device, etc.

•

This

solution

is

based

on

the

HTTP standard

protocol, so access

is

granted

to

any

browser.

•

PAPI is

a Open Source

solution, we

can adapt

it

to

our

needs, get

updates

from

the

comunity

and

participate

on

it.

3. e-Resources

Proxying

What

is

a rewriting

proxy

(I)?

•

A rewriting

proxy

is

a mediator

between

the

user

and

final resources.

•

Access to

e-resources

won´t

be made directly

to

the

publisher´s

website.

•

This

mediator will

manage

the

e-resource

application

and

will

show to

the

final user

the

result.

•

In addition

this

mediator changes

the

HTML source, and

the

links from

the

original source

are transformed

to

point

to

this

mediator.

•

The

mediator is

accesible regardless

user´s

localization, and

it´s

protected

by PAPI.

3

3. e-Resources

proxying

What

is

a rewriting

proxy

(II)?

•

Users

inside

intranet still

can access

resources

directly.

•

Now

there

is

a point

of

access

to

information

for

SSPA users

outside

intranet.

PUBLISHER X

PROVIDER YINTR

AN

ET

BV-SSPA

HOME

3. e-Resources

Proxying

Providers, publishers, resources

•

Our

goal: give

user

access

to

resources

engage

with

publishers.

•

There

is

another

actor: providers.

•

We

have

to

write

mediators

for

providers

too, and

make

this

providers

transform

HTML for

final publisher

into

their

own

mediators.

6

7

3. e-Resources

Proxying

•

Let´s

see

a demo

thank

you

www.juntadeandalucia.es/salud/bibliotecavirtual