Hi Folks! The problem: Many proprietary research databases have donated free access to select Wikipedia editors (Credo Reference, HighBeam Research, JSTOR). Managing separate account distribution for each service doesn't scale well. The idea: Centralize access to these separate resources behind a single secure (firewalled) gateway, to which accounts would be given to a limited number of approved users. After logging in to this single gateway, users would be able to enter any of the multiple participating research databases without needing to log in to each one separately. The question: What are the basic technical specifications for setting up such a system. What are open source options, ideally? What language would be ideal? What is required to host such a system? Can you suggest a sketch of the basic steps necessary to implement such an idea? Any advice, from basics to details would be greatly appreciated. Thanks so much! Ocaasi http://enwp.org/User:Ocaasi
You could always create an OpenVPN gateway that provides access. Many edu institutions have the same setup to access those resources.
DJ
On Mon, Jul 23, 2012 at 6:21 PM, Ocaasi Ocaasi wikiocaasi@yahoo.com wrote:
Hi Folks! The problem: Many proprietary research databases have donated free access to select Wikipedia editors (Credo Reference, HighBeam Research, JSTOR). Managing separate account distribution for each service doesn't scale well. The idea: Centralize access to these separate resources behind a single secure (firewalled) gateway, to which accounts would be given to a limited number of approved users. After logging in to this single gateway, users would be able to enter any of the multiple participating research databases without needing to log in to each one separately. The question: What are the basic technical specifications for setting up such a system. What are open source options, ideally? What language would be ideal? What is required to host such a system? Can you suggest a sketch of the basic steps necessary to implement such an idea? Any advice, from basics to details would be greatly appreciated. Thanks so much! Ocaasi http://enwp.org/User:Ocaasi _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Thanks for the tip!
I'm trying to understand the differences between:
*phpMyAdmin *SAML *OpenID *OpenVPN
Could you give me a quick insight into how they differ, strengths/weaknesses, etc.?
More details for The Wikipedia Library concept are at http://enwp.org/WP:TWL
Cheers! Jake Orlowitz Wikipedia editor: Ocaasi http://enwp.org/User:Ocaasi wikiocaasi@yahoo.com 484-380-3940
________________________________ From: Derk-Jan Hartman d.j.hartman+wmf_ml@gmail.com To: Ocaasi Ocaasi wikiocaasi@yahoo.com; Wikimedia developers wikitech-l@lists.wikimedia.org Sent: Wednesday, July 25, 2012 4:26 AM Subject: Re: [Wikitech-l] Creating a centralized access point for propriety databases/resources
You could always create an OpenVPN gateway that provides access. Many edu institutions have the same setup to access those resources.
DJ
On Mon, Jul 23, 2012 at 6:21 PM, Ocaasi Ocaasi wikiocaasi@yahoo.com wrote:
Hi Folks!
The problem: Many proprietary research databases have donated free access to select Wikipedia editors (Credo Reference, HighBeam Research, JSTOR). Managing separate account distribution for each service doesn't scale well. The idea: Centralize access to these separate resources behind a single secure (firewalled) gateway, to which accounts would be given to a limited number of approved users. After logging in to this single gateway, users would be able to enter any of the multiple participating research databases without needing to log in to each one separately. The question: What are the basic technical specifications for setting up such a system. What are open source options, ideally? What language would be ideal? What is required to host such a system? Can you suggest a sketch of the basic steps necessary to implement such an idea? Any advice, from basics to details would be greatly appreciated. Thanks so much! Ocaasi http://enwp.org/User:Ocaasi _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
I can cover some of thse:
*phpMyAdmin
This is an open source database manager for MySQL databases - it won't work for what you want.
*SAML *OpenID
From the page you link it looks like you know about these two; i.e. they
act as sign in gateways.
OpenID is more "indie", SAML is more "enterprise" - otherwise there are not major differences in what they can achieve.
The major bar to entry is getting the providers to add the ability to sign in using one of these methods.
I'd personally recommend selecting OpenID as it could then be used for a wider variety of logins around the web.
AFAIK resources like Athens (i.e. similar to what you appear to want) tend to use SAML.
*OpenVPN
VPN means setting up access to a pre-authorised network - which then means you can access the restricted resource. I don't think it fits your use case.
Tom
I'm trying to understand the differences between:
*phpMyAdmin *SAML *OpenID *OpenVPN
You should only consider SAML and OpenID. More exactly, you should really only consider SAML, since the resources you are trying to connect to only support SAML, and not OpenID. We can use OpenID for proxied access to resources that don't support SAML, but it's very likely nearly all of the resources we're trying to access support SAML.
Ideally we'd integrate central auth with something that supports multiple protocols. SimpleSAMLPHP supports SAML, OpenID, OAuth and a few other protocols. It also can handle the circles of trust that we'd need to create with the libraries/universities.
- Ryan
@ Ryan, If you say SAML is the best approach, then that's what we'll use. OpenID can be a backup for those that are not SAML compatible for some reason.
@ Oren, we want to make it so that the vast majority of the work is done on our end if possible. Ideally, participating resource donors wouldn't have to do anything to their websites at all. That may not be realistic, but it's the direction I'd like to lean. Jake Orlowitz Wikipedia editor: Ocaasi http://enwp.org/User:Ocaasi wikiocaasi@yahoo.com
________________________________ From: Ryan Lane rlane32@gmail.com To: Ocaasi Ocaasi wikiocaasi@yahoo.com; Wikimedia developers wikitech-l@lists.wikimedia.org Cc: Derk-Jan Hartman d.j.hartman+wmf_ml@gmail.com Sent: Wednesday, July 25, 2012 2:04 PM Subject: Re: [Wikitech-l] Creating a centralized access point for propriety databases/resources
I'm trying to understand the differences between:
*phpMyAdmin *SAML *OpenID *OpenVPN
You should only consider SAML and OpenID. More exactly, you should really only consider SAML, since the resources you are trying to connect to only support SAML, and not OpenID. We can use OpenID for proxied access to resources that don't support SAML, but it's very likely nearly all of the resources we're trying to access support SAML.
Ideally we'd integrate central auth with something that supports multiple protocols. SimpleSAMLPHP supports SAML, OpenID, OAuth and a few other protocols. It also can handle the circles of trust that we'd need to create with the libraries/universities.
- Ryan
Hi
This looks similar to something I have been thinking about recently
However I would go about it using openeId. But it would require all the databases sites to support openId. I think that the extensions exists to do this using mediawiki, but WMF projects do not trust/support this method of authentication.
If all parties were to support this standard it would be possible to develop an gadget which could log users into all the sites at once.
Do you know how many users have been granted access to each databases, this would be useful for estimating the importance/impact of this project.
Oren Bochman
-----Original Message----- From: wikitech-l-bounces@lists.wikimedia.org [mailto:wikitech-l-bounces@lists.wikimedia.org] On Behalf Of Ocaasi Ocaasi Sent: Monday, July 23, 2012 6:22 PM To: wikitech-l@lists.wikimedia.org Subject: [Wikitech-l] Creating a centralized access point for propriety databases/resources
Hi Folks! The problem: Many proprietary research databases have donated free access to select Wikipedia editors (Credo Reference, HighBeam Research, JSTOR). Managing separate account distribution for each service doesn't scale well. The idea: Centralize access to these separate resources behind a single secure (firewalled) gateway, to which accounts would be given to a limited number of approved users. After logging in to this single gateway, users would be able to enter any of the multiple participating research databases without needing to log in to each one separately. The question: What are the basic technical specifications for setting up such a system. What are open source options, ideally? What language would be ideal? What is required to host such a system? Can you suggest a sketch of the basic steps necessary to implement such an idea? Any advice, from basics to details would be greatly appreciated. Thanks so much! Ocaasi http://enwp.org/User:Ocaasi _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
We currently have relationships with three separate resource databases.
*HighBeam, 1000 authorized accounts, 700 active (http://enwp.org/WP:HighBeam) *JSTOR, 100 accounts, all active (http://enwp.org/WP:JSTOR) *Credo, 400 accounts, all active (http://enwp.org/WP:CREDO)
No parties have agreed to participate in The Wikipedia Library *yet*, as it's still in the concept stage, but my initial projection is that 1000 editors would have access to it, and 100 additional users per year would be granted. One of the challenges will be getting all the resource providers to agree on that number, but the hope is that once some do, it will create a cascade of adoption.
So we're not looking at *thousands* of users, but more likely several hundreds. Still, given the impact of our most active editors, 1000 of them with access to the library would have significant impact. After all, we can't cannibalize these databases' subscription business by opening the library to ''all'' editors. It must be a carefully selected and limited group.
-----Original Message----- From: wikitech-l-bounces@lists.wikimedia.org [mailto:wikitech-l-bounces@lists.wikimedia.org] On Behalf Of Ocaasi Ocaasi Sent: Monday, July 23, 2012 6:22 PM To: wikitech-l@lists.wikimedia.org Subject: [Wikitech-l] Creating a centralized access point for propriety databases/resources
Hi Folks! The problem: Many proprietary research databases have donated free access to select Wikipedia editors (Credo Reference, HighBeam Research, JSTOR). Managing separate account distribution for each service doesn't scale well. The idea: Centralize access to these separate resources behind a single secure (firewalled) gateway, to which accounts would be given to a limited number of approved users. After logging in to this single gateway, users would be able to enter any of the multiple participating research databases without needing to log in to each one separately. The question: What are the basic technical specifications for setting up such a system. What are open source options, ideally? What language would be ideal? What is required to host such a system? Can you suggest a sketch of the basic steps necessary to implement such an idea? Any advice, from basics to details would be greatly appreciated. Thanks so much! Ocaasi http://enwp.org/User:Ocaasi _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Ocaasi, please centralize your notes, ideas, and plans regarding this here:
https://www.mediawiki.org/wiki/AcademicAccess
I know Chad Horohoe, Ryan Lane, and Chris Steipp might have things to say about this; per https://www.mediawiki.org/wiki/Wikimedia_Engineering/2012-13_Goals#Activitie... their team aims to work on OAuth and OpenID within the next 11 months, and AcademicAccess is a possible beneficiary of that.
Thanks!
Hi Ocaasi
I agree that tighter work with the database providers is in order. 1000+ accounts for top contributors can make a significant impact on Wikipedia fact checking.
Based on my experience at university (where I taught a lab-class on reference database usage) that there are many more options on how to do this. Most users in universities do not require to log in at all. (they work in context of an IP range that is enabled for databases.) Research libraries also implement floating licenses for databases that have limited access options.
However to implement this it is often necessary to work with a large database aggregators (which solves the tech issues) and the rest is implemented by operations staff of a university.
Oren Bochman
-----Original Message----- From: wikitech-l-bounces@lists.wikimedia.org [mailto:wikitech-l-bounces@lists.wikimedia.org] On Behalf Of Sumana Harihareswara Sent: Wednesday, July 25, 2012 4:16 PM To: Ocaasi Ocaasi; Wikimedia developers Subject: Re: [Wikitech-l] Creating a centralized access point for propriety databases/resources
Ocaasi, please centralize your notes, ideas, and plans regarding this here:
https://www.mediawiki.org/wiki/AcademicAccess
I know Chad Horohoe, Ryan Lane, and Chris Steipp might have things to say about this; per https://www.mediawiki.org/wiki/Wikimedia_Engineering/2012-13_Goals#Activitie s_12 their team aims to work on OAuth and OpenID within the next 11 months, and AcademicAccess is a possible beneficiary of that.
Thanks! -- Sumana Harihareswara Engineering Community Manager Wikimedia Foundation
On 07/25/2012 10:03 AM, Ocaasi Ocaasi wrote:
We currently have relationships with three separate resource databases.
*HighBeam, 1000 authorized accounts, 700 active (http://enwp.org/WP:HighBeam) *JSTOR, 100 accounts, all active (http://enwp.org/WP:JSTOR) *Credo, 400 accounts, all active (http://enwp.org/WP:CREDO)
No parties have agreed to participate in The Wikipedia Library *yet*, as
it's still in the concept stage, but my initial projection is that 1000 editors would have access to it, and 100 additional users per year would be granted. One of the challenges will be getting all the resource providers to agree on that number, but the hope is that once some do, it will create a cascade of adoption.
So we're not looking at *thousands* of users, but more likely several
hundreds. Still, given the impact of our most active editors, 1000 of them with access to the library would have significant impact. After all, we can't cannibalize these databases' subscription business by opening the library to ''all'' editors. It must be a carefully selected and limited group.
-----Original Message----- From: wikitech-l-bounces@lists.wikimedia.org [mailto:wikitech-l-bounces@lists.wikimedia.org] On Behalf Of Ocaasi Ocaasi Sent: Monday, July 23, 2012 6:22 PM To: wikitech-l@lists.wikimedia.org Subject: [Wikitech-l] Creating a centralized access point for propriety databases/resources
Hi Folks! The problem: Many proprietary research databases have donated free access to select Wikipedia editors (Credo Reference, HighBeam Research,
JSTOR).
Managing separate account distribution for each service doesn't scale
well.
The idea: Centralize access to these separate resources behind a single secure (firewalled) gateway, to which accounts would be given to a limited number of approved users. After logging in to this single gateway, users would be able to enter any of the multiple participating research databases without needing to log in to each one
separately.
The question: What are the basic technical specifications for setting up such a system. What are open source options, ideally? What language would be ideal? What is required to host such a system? Can you suggest a sketch of the basic steps necessary to implement such an idea? Any advice, from basics to details would be greatly appreciated. Thanks so much! Ocaasi http://enwp.org/User:Ocaasi _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
_______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
wikitech-l@lists.wikimedia.org