A proxy service for the library

One of the features of the yet to be released OpenAthensLA 2.2 version is likely to be a proxy module. This would extend the range of OpenAthens across the 3 main types of remote electronic resource with which the library has to deal.

  1. Services only available through an Athens account: e.g. WARC;
  2. Services available via membership of the UK Access Management Federation: e.g. the British Library’s Archival Sound Recordings. [Login using the library’s test authentication mechanism];
  3. Services available via IP address only: e.g. BCIS Online.

The proxy would serve only those selected services, it is not intended to filter every request made in the Library. Rather, library-run services like the web site, catalogue and openURL resolver could be configured with URLs that point to the proxy service. Anyone clicking on the URL would be presented with an authentication request (if they were not already logged in). The test would ask for the same username and password as either staff or students use to log into their email or blackboard.

The URL would have a proxy prefix of something like: ‘http://proxy.library.ac.uk:port/login?url=[remote service url]’. For example:

http://proxy.library.ac.uk:2048/login?url=http://www.example.org/databasename

The benefit to users would be that people off-site would be able to access the same electronic resources as those on campus. All such users would be authenticated against the University’s authentication service. This would increase the security level compared, say, to sharing resource specific usernames and passwords. Three initial areas of concern raise themselves: licenses, workload and digital preservation.

Licenses

The library allows its members access to resources because of the licenses it has signed permitting such access. With the IP address limited resources it is likely that each license would have to be checked to see if making the resource available via a proxy service would be permitted. In many cases the IP address restriction was selected, in the absence of the a username and password mechanism, as the best way of limiting a service to members of the subscribing institution. Access via a proxy is common in the USA and may be expected by some service providers, however some others, like JSTOR may require that we at least notify them that proxying is taking place.

Configuration

Since we are not offering this service at present, there would be an increase in library workload in making it available. Proxy services themselves require some administration (for example where images are served from a different machine on the service provider’s site). Configuring the A-Z and OpenURL Resolver to point efficiently to the proxied resources. Managing a proxy service has been described as an art form. It is hoped that the OpenAthens LA Admin Interface makes this easier to manage, but it is an area in which library staff have, at present, little experience.

Digital Preservation

The library is a member of the UK LOCKSS Alliance and technically, therefore, is already running a proxy service. However, at  present (March 2011), this proxy is not integrated with any of the routes that http requests take, leaving it as an isolated ‘dark archive’. The archive contains material which electronic journal publishers have agreed that libraries could hold ‘just-in-case’ any terminal failure should prevent them from continuing to supply the content themselves. The intention is to integrate this archive with either an institutional proxy service or with an openURL resolver. During late 2010/early 2011 work was done between the suppliers and developers of LOCKSS and the SFX OpenURL Resolver to facilitate this integration. But the library has moved away from using SFX before this work could be tested and adopted. Having the preserved version available to members of Higher Education Institutions in practice, rather then in theory is one of the aims of the JARVIG committee the JISC has set up, in which I am participating.

It would be worth talking with the Eduserv developers of the OpenAthens LA Proxy Service to see if such chaining of proxies is possible. I am guessing that the sample URL above would need to include the LOCKSS Archive with something like:

http://proxy.library.ac.uk:2048/login?url=http://lockss.library.ac.uk/lockss?archivedURL=http://www.example.org/journalname
where http://proxy.library.ac.uk:2048 is the OpenAthens proxy, http://lockss.library.ac.uk is the lockss archive/proxy and http://www.example.org/journalname is the archived journal. The content would still be served from the publisher, unless that publisher where no longer available to respond to the request.

What next?

There is no charge to the library for the extra proxy software as this would be treated as part of the subscription we do pay for the service as a whole. The demand is not likely to be so high as to require more powerful server to operate the proxy. The main effort required is to look over the licenses that we have for each service provider to see if it is possible to offer a proxy service within the existing license limitations.

IP Address limited services

There are a number of other services limited by usernames and passwords. Where the password is only required for off-site users, we could route people via the proxy service to ensure higher security and an easier interface for our users.

About Philip Adams

Senior Assistant Librarian at De Montfort University. I have recently introduced a Single Sign On service for the library's databases and electronic journals. I am interested in digital preservation and the use of data to measure a library's impact. All comments own.
This entry was posted in Authentication, Digital Preservation, Library resources, Proxy services. Bookmark the permalink.