Digital Library Home Access: User Validation, E- Resources Proxying and Federation. Francisco Fernandez et al. 2nd Conference National Digital Libraries of Health (Sevilla, 2008)

1. Digital Library Home Access: User Validation, E-
Resources
Proxying and Federation
Sevilla february 20-21, 2008
Andalusian Public Health System Virtual Library
Francisco Fernández Ordoñez, francisco.fernandez.ord@juntadeandalucia.es
Francisco Jesús Jordano, franciscoj.jordano@juntadeandalucia.es

2. 1. Goal
To grant user access to e-resources from everywhere.

3. 2. Initial stage
• Andalusian Public Health System staff: 92.070 professionals
• The Health professionals we serve works for 15 different institutions, including hospitals, primary care centers, research centers, training
institutions, etc.
• Every Institution operates their own human resources department and IT systems.
• Andalusian Public Health System Institutions:
1. Servicio Andaluz de Salud (SAS). 83.000 professionals, 29 hospitals and 1452 primary care centers.
2. Consejería y Delegaciones Provinciales de Salud.
3. Empresa Pública de Emergencias Sanitarias.
4. Empresa Pública Hospital Costa del Sol.
5. Empresa Pública Hospital de Poniente.
6. Empresa Pública Hospital Alto Guadalquivir.
7. Empresa Pública Sanitaria Bajo Guadalquivir.
8. Escuela Andaluza de Salud Pública.
9. Fundación Progreso y Salud.
10. Fundación Andaluza para la Integración Social del Enfermo Mental.
11. Fundación Iavante.
12. Agencia de Evaluación de Tecnologías Sanitarias de Andalucía.
13. Agencia de Calidad Sanitaria de Andalucía.
14. Cabimer.
15. Bancelan.

4. 3. User Validation system - requirements
• Ready available for every Andalusian Public Health System staff.
• Do not duplicate existing LDAP directories, human resources databases, etc.
• No software installation required, the solution must allow access just using a web browser (Firefox, Explorer,
Opera, etc).
• Single Sign-On: The ability of a single user to access multiple applications, information providers, using a single form
of authentication, such as a username/password.
• Secure: no unauthorized access, no user and password sharing.
• Auditing and reporting facilites: solution stores all web access and identity logs in one location

5. 4. User Validation system - key idea
Federated Identity Management
• BV-SSPA user validation system intends to keep authentication as an issue local to the organization
the user belongs to.
• BV-SSPA trusts and accept identity and authentication information established by Andalusian Public
Health System Institutions.
• Delegated Identity Administration, the solution have the ability to delegate administration of identity
information across corporate boundaries.

6. 5. User Validation system – how does it works

7. 6. User Validation system – PAPI software
• PAPI (Access Point to Information Providers) is a system for providing access control to restricted
information resources across the Internet.
• PAPI is distributed as free software. There are implementations of the PAPI components in Java, Perl and
PHP.
• PAPI is developed, maintained and supported for RedIRIS Spanish National Research Network
(http://www.rediris.es/index.en.html)
• PAPI is available at: http://papi.rediris.es/
identity access e-resources
management management proxying

8. 3. e-Resources Proxying
Users want access e-Resources regardless of their location
• E-Resources publishers usually offer several alternatives to control access to their producs.
• In enviroments with a huge amount of users, like SSPA, the mos extended validation method is IP control.
• This IP control forces our users to connect to e-resources through a limited number of computers, avoiding the ubiquitous access to
information.
PUBLISHER X
INTRANET
HOME
PROVIDER Y

9. 3. e-Resources Proxying
What are the alternatives?
• To resolve this problem there are diferent alternatives: VPNs, propietary products, information replication, etc.
• Finally we adopted the rewriting proxy solution provided by the PAPI system.
• Some of the features of this solutions are:
• Integartion with PAPI Single Sign On system.
• No aditional software is needed. The final user can access resources from home, a cybercafe, movil device, etc.
• This solution is based on the HTTP standard protocol, so access is granted to any browser.
• PAPI is a Open Source solution, we can adapt it to our needs, get updates from the comunity and participate on it.

10. 3. e-Resources Proxying
What is a rewriting proxy (I)?
• A rewriting proxy is a mediator between the user and final resources.
• Access to e-resources won´t be made directly to the publisher´s website.
• This mediator will manage the e-resource application and will show to the final user the result.
• In addition this mediator changes the HTML source, and the links from the original source are transformed to point to this mediator.
• The mediator is accesible regardless user´s localization, and it´s protected by PAPI.
3

11. 3. e-Resources proxying
What is a rewriting proxy (II)?
• Users inside intranet still can access resources directly.
• Now there is a point of access to information for SSPA users outside intranet.
PUBLISHER X
INTRANET
PROVIDER Y
HOME
BV-SSPA

12. 3. e-Resources Proxying
Providers, publishers, resources
• Our goal: give user access to resources engage with publishers.
• There is another actor: providers.
• We have to write mediators for providers too, and make this providers transform HTML for final publisher into their own mediators.
6
7

13. 3. e-Resources Proxying
• Let´s see a demo

14. thank you
www.juntadeandalucia.es/salud/bibliotecavirtual