© 2006 Susan L. Perry
EDUCAUSE Review, vol. 41, no. 5 (September/October 2006): 12–13.
Susan L. Perry is Senior Advisor at the Andrew W. Mellon Foundation and Director of Programs for the Council of Library and Information Resources (CLIR). She is Editor of the E-Content department for EDUCAUSE Review. Comments on this article can be sent to the author at [email protected].
University of Washington (UW) Professor Jane Blotz wants to share the Database of Recorded American Music with her Introductory Music class. But how can she do that? New York University (NYU) owns the database, and she fears that even if the UW libraries purchase it, students will have to traverse a frustrating series of passwords just to do their homework.
Fortunately, there is a technology that will help Professor Blotz offer this inter-institutional resource to her students. The technology is Shibboleth. The Shibboleth Web site explains: Shibboleth is an initiative to develop an open, standards-based solution to meet the needs for organizations to exchange information about their users in a secure, and privacy-preserving manner. The initiative is facilitated by Internet2 and a group of leading campus middleware architects from member schools and corporate partners. The organizations that may want to exchange information include higher education, their partners, digital content providers, government agencies, etc. The purpose of the exchange is typically to determine if a person using a web browser (e.g., Internet Explorer, Netscape Navigator, Mozilla) has the permissions to access a resource at a target resource based on information such as being a member of an institution or a particular class. The system is privacy preserving in that it leads with this information, not with an identity, and allows users to determine whether to release additional information about themselves. An open solution means both an open architecture and a functioning, open-source implementation. Standards-based means that the information that is exchanged between organizations can interoperate with that from other solutions.1
But technology is not enough. Professor Blotz also needs a formal trusted community of institutions and content providers—a community in which both UW and NYU participate—to ensure that only the authorized students have access to this music. InCommon can provide this community. The formal trust federation being built to create a common electronic framework to support research and education, InCommon makes sharing protected online resources easier. Using Shibboleth authentication and authorization technology, InCommon enables scaleable, cost-effective, privacy-preserving collaboration among InCommon colleges and universities and publishers of electronic information.2
Participation in InCommon means that trust decisions regarding access to resources can be managed by exchanging information in a standardized format. Using a standard mechanism for exchanging information provides economies of scale by reducing or removing the need to repeat integration work for each new resource. Since access is driven by policies set by the resource being accessed, higher security and more granular control of resources can be supported. Reduced account management overhead is another benefit: researchers, students, and educators can be authenticated and can access resources from the home institution and no longer need separate accounts to access particular resources.
Thus InCommon is—or should be—of special interest to librarians and electronic publishers. But an informal survey, which included those libraries that are already InCommon members, shows that the organization and its benefits are little known or understood. Sharing e-mail messages with several librarians from InCommon member institutions confirmed that they have had few, if any, conversations with their IT colleagues and their electronic content providers about InCommon. A former colleague who directs one of the largest electronic presses in the United States told me that some of the electronic presses are waiting for librarians to ask them to join InCommon before they will take that action on their own. Since this organization will be beneficial not only for faculty and students but also for libraries, IT organizations, and electronic publishers, now is the time for InCommon and its services to become better known.
One of the librarians with whom I corresponded, Lizabeth Wilson, dean of university libraries at the University of Washington, said she does know about InCommon. She also understands its importance for libraries. She wrote: We are looking forward to using the common trust community that InCommon facilitates so we wont have to make one-on-one arrangements with vendors when they start using Shibboleth. InCommon is our university IT division preferred method for authentication federation.
Thomas Hickerson, associate university librarian from the Cornell University Libraries, another InCommon member, also voiced his enthusiasm for the trust community. He believes that the Cornell libraries will use InCommon in at least three ways: providing electronic content from electronic publishers with whom the library contracts for information; allowing for the sharing of services and resources with libraries on other campuses; and facilitating library publication activities in which the libraries themselves will serve as the content providers. He added that although he is enthusiastic about the possibilities, InCommon had not been part of the conversations between the library and the IT department until I asked the question.
In the March/April 2006 issue of EDUCAUSE Review, Tracy Mitrano wrote a Policy@edu column about InCommon.3 Her dream is that InCommon will help build a global university. My dream is that the libraries and the electronic publishers can be key players in providing the information resources that will create a robust and vital global university. But first, more librarians, IT professionals, and electronic content providers need to acquaint themselves with InCommon and consider becoming members. College and university librarians should ask their content providers to become participants in InCommon, and college and university IT departments should include librarians in discussions as they move to implement the services that will allow the establishment of InCommon on their campuses. For the global university and the secure sharing of library resources to become realities, InCommon needs to get on peoples radar screen!
1. What Is Shibboleth? Shibboleth FAQ, http://shibboleth.internet2.edu/faq.html#001.
2. At present, thirty-three universities and publishers are participants of InCommon. For more about the organization, see http://www.incommonfederation.org/.
3. Tracy Mitrano, InCommon: Toward Building a Global University, EDUCAUSE Review, vol. 41, no. 2 (March/April 2006): 74–75, http://www.educause.edu/er/erm06/erm0629.asp.