Article thumbnail
Location of Repository

Federated Access Management for Electronic Resources:A Study of the Application of the Shibboleth System in Research and Higher Education in Taiwan

By 陳麗美 and Li-Mei Chen


[[abstract]]ABSTRACT As of this writing, no academic institution or higher learning in Taiwan has a demonstrable solution for access management for the many diverse and usually proprietary electronic resources they provide for users. Such resources are generally known as full texts of electronic journals and books, electronic databases, e-learning resources, and autonomously established institutional databases among many others. At present, there are five methods to access electronic resources in Taiwan. The first uses a typical IP address. This method has its advantages; however, the restriction cannot meet the increasing need for off-campus access by users. Second, an IP address restriction using a proxy-server is available whereby with the help of an intermediate server. This method is unfortunately technically challenging for users. Third is a Virtual private network (VPN) method which has yet to be fully evaluated. Fourth, a set of shared usernames and passwords, this method is easily compromised and threatens the security of a resource host. Finally, there is separate individual registration for individual resources. Some users might not be willing to reveal their identities to the resource providers or identity theft could happen by this way. In order to solve the electronic access problems mentioned above, Shibboleth has been developed in U.S.A. and the U.K. and has become an emerging solution for access management of electronic resources in a growing number of developed countries. The Shibboleth system is a standard based, open source software package for web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner. In order to implement the Shibboleth system, this study joined a test-bed federation in Australia called MAMS (Meta Access Management System) and set up an identity provider in Academia Sinica. At the same time a publisher, Elsevier, was invited to join MAMS as a resource provider. By joining MAMS federation, and the deployment of an IdP, the author tries to understand how a federated system is operated and how the mechanism of authentication and authorization is used and to what effect as an evaluation of its efficiency and performance. The second important method of this study was to compare the organization structures, technologies and policies adopted by four federations: InCommon (USA), UK Federation, Australian Federation, and SWITCHaai (Switzerland). The practical implementation and the comparison lead to simulate a federation system model in Taiwan for future reference.

Topics: ;存取管理;認證與授權, Shibboleth;Access Management;Authentication and Authorization, [[classification]]3
Year: 2011
OAI identifier:
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • (external link)
  • Suggested articles

    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.